---

- name: Common tools
  hosts: vpn-host
  gather_facts: false
  remote_user: root
  vars_files:
    - config.cfg    
  
  tasks:
  - name: Wait for port 22 to become available
    local_action: "wait_for port=22 host={{ inventory_hostname }}"

  - name: Updating apt-get
    raw: apt-get update -qq
    
  - name: Install python2.7 for Ansible
    raw: apt-get install -qq -y python2.7
    
  - name: Install tools
    apt: name="{{ item }}" state=latest
    with_items:
      - git
      - screen
      - apparmor-utils
      - uuid-runtime
      - coreutils

  - name: Enable packet forwarding for IPv4
    sysctl: name=net.ipv4.ip_forward value=1

  - name: Do not accept ICMP redirects (prevent MITM attacks)
    sysctl: name=net.ipv4.conf.all.accept_redirects value=0

  - name: Do not send ICMP redirects (we are not a router)
    sysctl: name=net.ipv4.conf.all.send_redirects value=0