---

- name: Enable IPv4 packet forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: yes

- name: Enable IPv6 packet forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_set: yes

- name: Install aurore-firewall (re2o-service)
  import_role:
    name: re2o-service
  vars:
    service_repo: https://gitlab.federez.net/aurore/aurore-firewall.git
    service_name: aurore-firewall
    service_version: aurore
    service_config:
      hostname: re2o.auro.re
      username: service-user
      password: "{{ vault_serviceuser_passwd }}"
  notify: run aurore-firewall

- name: Configure aurore-firewall
  template:
    src: firewall_config.py
    dest: /var/local/re2o-services/aurore-firewall/firewall_config.py
    mode: 0644
  notify: run aurore-firewall

- name: Install keepalived
  apt:
    name: keepalived
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Configure keepalived
  template:
    src: keepalived.conf
    dest: /etc/keepalived/keepalived.conf
    mode: 0644
  notify: restart keepalived


- name: Configure cron
  template:
    src: cron.d/re2o-services
    dest: /etc/cron.d/re2o-services
    mode: 0644