• Add /etc/sudoers (or better /etc/sudoers.d rules at start) (.mlt)
• Setup /etc/resolv.conf as first thing (.mlt)
• Ensure that /etc/hosts doesn’t contain shit
• NFS /home client on sansa https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nfs-mount-on-ubuntu-16-04
• Force copying all missing zones files even when there are no changes on the master
• Turn on ufw firewall (.mlt)
• Fix duplicate zabbix-agent config files on xenial agent v3
• update-notifier-common, update-notifier-common not available on GCE jessie images
• Take MTA changes from upstream tools/unusable
• zabbix-agent GPG key signing on GCE jessie
• Fix zabbix-agent role in general (re-enable API calls)
• Finish tiddlywiki role for new instances
• Move jorah to jessie with systemd services

root@sansa:/etc/zabbix/zabbix_agentd.d# ls -al
total 20
drwxr-xr-x 2 zabbix zabbix 4096 Jan  3 05:32 .
drwxr-xr-x 3 root   root   4096 Jan  3 05:34 ..
-rwxr-xr-x 1 zabbix zabbix  339 Jan  3 05:26 bind.conf
-rwxr-xr-x 1 zabbix zabbix 1540 Jan  3 05:26 mysql.conf
-rw-r--r-- 1 root   root   1531 Dec 21 08:08 userparameter_mysql.conf
root@sansa:/etc/zabbix/zabbix_agentd.d# rm userparameter_mysql.conf
root@sansa:/etc/zabbix/zabbix_agentd.d#

root@sansa:/# ufw enable ; sleep 15 ; ufw disable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

root@sansa:/# ufw status
Status: active
To                         Action      From
--                         ------      ----
53/tcp                     ALLOW       Anywhere
53/udp                     ALLOW       Anywhere
53/tcp (v6)                ALLOW       Anywhere (v6)
53/udp (v6)                ALLOW       Anywhere (v6)

root@sansa:/#