---
# Defining the remote server where the package will be deployed
- name: "Deploy new gateway config"
  hosts: test
  remote_user: root
  become: true
  become_method: ansible.builtin.sudo
  tasks:

    # Network interfaces
    - name: Setup network interfaces (bridge + bat0)
      ansible.builtin.copy:
        src: "{{ server_config_dir }}/interface/freifunk.j2"
        dest: /etc/network/interfaces.d/freifunk
        owner: root
        group: root
        mode: '0644'
      tags: networking
    - name: Pull up new interfaces
      ansible.builtin.command: /usr/sbin/ifup -a
      tags: networking

    # iptables
    - name: Copy iptables rulesv4
      ansible.builtin.copy:
        src: "{{ server_config_dir }}/iptables/rules.v4"
        dest: /etc/iptables/rules.v4
        owner: root
        group: root
        mode: "0644"
      tags: iptables
    - name: Restart iptables-persistent
      ansible.builtin.service:
        name: "netfilter-persistent"
        state: "restarted"
        enabled: true
      tags: iptables

    # dnsmasq
    - name: Setup dnsmasq config w/ IPv4 ranges
      ansible.builtin.template:
        src: "{{ server_config_dir }}/dnsmasq/fflux.j2"
        dest: /etc/dnsmasq.d/fflux
        owner: root
        group: root
        mode: "0644"
      tags: dns
    - name: Make sure dnsmasq is started
      ansible.builtin.service:
        name: "dnsmasq"
        state: "started"
        enabled: "true"
      tags: dns
    - name: Reload dnsmasq
      ansible.builtin.service:
        name: "dnsmasq"
        state: "reloaded"
      tags: dns

    # fastd
    - name: Setup fastd (fflux) config w/ MAC address
      ansible.builtin.template:
        src: "{{ server_config_dir }}/fastd/fastd.conf.j2"
        dest: /etc/fastd/fflux/fastd.conf
        owner: root
        group: root
        mode: "0644"
      tags: fastd
    - name: Copy fastd private key
      ansible.builtin.copy:
        src: "~/keys/{{ inventory_hostname }}.conf"
        dest: /etc/fastd/fflux/secret.conf
        owner: root
        group: root
        mode: "0640"
    - name: List all peers but ourselves
      ansible.builtin.find:
        path: "{{ server_config_dir }}/fastd/peers-gw/"
        excludes: "{{ inventory_hostname }}"
      delegate_to: localhost
      register: peers_to_copy
      tags: fastd
    - name: Copy fastd peers
      ansible.builtin.copy:
        src: "{{ item.path }}"
        dest: /etc/fastd/fflux/peers-gw/
        owner: root
        mode: "0644"
      with_items: "{{ peers_to_copy.files }}"
      tags: fastd
    - name: Make sure global fastd is stopped
      ansible.builtin.service:
        name: "fastd"
        state: "stopped"
        enabled: false
    - name: Start fastd@fflux
      ansible.builtin.service:
        name: "fastd@fflux"
        state: "restarted"
        enabled: true
      tags: fastd

    # respondd
    - name: Configure respondd.service file
      ansible.builtin.lineinfile:
        path: /opt/mesh-announce/respondd.service
        regexp: "^ExecStart="
        line: "ExecStart=/opt/mesh-announce/respondd.py -d /opt/mesh-announce/providers -f /opt/mesh-announce/respondd.conf"
        state: present
      tags: respondd
    - name: Symbolic link for respondd.service
      ansible.builtin.file:
        src: /opt/mesh-announce/respondd.service
        dest: /etc/systemd/system/respondd.service
        owner: root
        group: root
        state: link
        force: true
      tags: config
    - name: Reload systemd daemon
      ansible.builtin.systemd_service:
        daemon_reload: true
      tags: respondd
    - name: Re-Start + Enable respondd
      ansible.builtin.service:
        name: respondd
        state: "restarted"
        enabled: true
      tags: respondd