---

# XXX: YES, this is ugly as fuck.
- name: set IP suffix (main)
  set_fact:
    router_hard_ip_suffix: 240
  when: "'backup' not in ansible_hostname"

- name: set IP suffix (backup)
  set_fact:
    router_hard_ip_suffix: 140
  when: "'backup' in ansible_hostname"

- name: Enable IPv4 packet forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: true

- name: Enable IPv6 packet forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_set: true

- name: Configure /etc/network/interfaces for routeur-aurore*
  template:
    src: interfaces-aurore
    dest: /etc/network/interfaces
    mode: 0644
  when: "'routeur-aurore' in ansible_hostname"

- name: Install ipset
  apt:
    name: ipset
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Install aurore-firewall (re2o-service)
  import_role:
    name: re2o_service
  vars:
    service_repo: https://gitea.auro.re/Aurore/aurore-firewall.git
    service_name: aurore-firewall
    service_version: aurore
    service_config:
      hostname: re2o.auro.re
      username: service-user
      password: "{{ vault_serviceuser_passwd }}"
  notify: run aurore-firewall

- name: Configure aurore-firewall for local router
  template:
    src: firewall_config.py
    dest: /var/local/re2o-services/aurore-firewall/firewall_config.py
    mode: 0644
  notify: run aurore-firewall
  when: "'routeur-aurore' not in ansible_hostname"

- name: Configure aurore-firewall for routeur-aurore*
  template:
    src: firewall_config_aurore.py
    dest: /var/local/re2o-services/aurore-firewall/firewall_config.py
    mode: 0644
  notify: run aurore-firewall
  when: "'routeur-aurore' in ansible_hostname"

- name: Install keepalived
  apt:
    name: keepalived
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: configure keepalived for local router
  template:
    src: keepalived.conf
    dest: /etc/keepalived/keepalived.conf
    mode: 0644
  notify: restart keepalived
  when: "'routeur-aurore' not in ansible_hostname"

- name: configure keepalived for routeur-aurore*
  template:
    src: keepalived-aurore.conf
    dest: /etc/keepalived/keepalived.conf
    mode: 0644
  notify: restart keepalived
  when: "'routeur-aurore' in ansible_hostname"

- name: Configure cron
  template:
    src: cron.d/re2o-services
    dest: /etc/cron.d/re2o-services
    mode: 0644