---
- name: Load the tcp_bbr kernel module
  modprobe:
    name: tcp_bbr

- name: Persist the tcp_bbr module to configuration
  copy:
    dest: /etc/modules-load.d/local-network.conf
    content: tcp_bbr

- name: Set network-related sysctl options
  sysctl:
    sysctl_file: /etc/sysctl.d/local-network.conf
    sysctl_set: yes
    name: "{{ item.key }}"
    value: "{{ item.value }}"

  with_dict:
    # CoDel (controlled delay) with Fair Queuing as the default queue scheduler
    #  mitigates bufferbloat and helps share bandwidth equitably across flows.
    net.core.default_qdisc: fq_codel

    # BBR is currently the best TCP congestion control algorithm.
    # C.f. https://queue.acm.org/detail.cfm?id=3022184
    net.ipv4.tcp_congestion_control: bbr

    # Disable Selective Acknowledgement (SACK)
    # Workaround CVE-2019-11477, CVE-2019-11478, CVE-2019-11479
    # See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
    net.ipv4.tcp_sack: 0

  loop_control:
    label: "{{ item.key }}"