---
- name: Install dhcp & dns packages
  dnf:
    name:
      - dhcp-server
      - unbound
    update_cache: no
    state: present

- name: Create custom service folders
  file:
    path: /etc/systemd/system/{{ item }}.service.d
    state: directory
    owner: root
    group: root
    mode: '0755'
  loop:
    - dhcpd
    - unbound

- name: Make services autorestart themselves on failure
  template:
    src: "custom-service-autorestart.j2"
    dest: /etc/systemd/system/{{ item }}.service.d/autorestart.conf
    owner: root
    group: root
    mode: '0644'
  loop:
    - dhcpd
    - unbound
  notify:
    - Restart {{ item }}
    - Reload systemd services

- name: Enable dhcpd and unbound services
  systemd:
    name: "{{ item }}"
    enabled: yes
  loop:
    - dhcpd
    - unbound

- name: Set home as default zone
  shell:
    cmd: firewall-cmd --set-default-zone=home
  register: setdefaultzone
  changed_when: "'Warning: ZONE_ALREADY_SET' not in setdefaultzone.stderr"
  failed_when: "'success' not in setdefaultzone.stdout"

- name: Open ports
  firewalld:
    service: "{{ item }}"
    zone: home
    permanent: yes
    state: enabled
    immediate: yes
  loop:
    - dhcp
    - dns

- name: Copy dhcpd.conf
  template:
    src: dhcpd/dhcpd.conf.j2
    dest: /etc/dhcp/dhcpd.conf
    owner: root
    group: root
    mode: '0644'
  notify:
    - Restart dhcpd

- name: Copy unbound.conf
  template:
    src: unbound/unbound.conf.j2
    dest: /etc/unbound/unbound.conf
    owner: root
    group: unbound
    mode: '0644'
  notify:
    - Restart unbound

- name: Copy unbound resolution files
  template:
    src: "unbound/{{ item }}.j2"
    dest: /etc/unbound/local.d/{{ item }}
    owner: root
    group: unbound
    mode: '0640'
  loop:
    - server.home.conf
    - home-lan.conf
    - lan-name-resolution.conf
    - plug-onion-addresses.conf
  notify:
    - Restart unbound

- name: Check adblock config file
  stat:
    path: /etc/unbound/local.d/ad-servers.conf
  register: adservers_conf

- set_fact:
    adservers_conf_age_in_days: "{{ (lookup('pipe', 'date +%s')|int - adservers_conf.stat.ctime|int) / 86400 }}"
  when:
    - adservers_conf.stat.exists

- name: Download fresh adblock config
  get_url:
    url: 'https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&mimetype=plaintext'
    dest: /etc/unbound/local.d/ad-servers.conf
    owner: root
    group: unbound
    mode: '0644'
  when:
    - not adservers_conf.stat.exists or adservers_conf_age_in_days|int > 30
  notify:
    - Restart unbound

- name: Update /etc/hosts
  template:
    src: hosts.j2
    dest: /etc/hosts
    owner: root
    group: root
    mode: '0644'

- set_fact:
    ethernet: "{{ (ansible_interfaces | reject('search', 'podman') | list | sort)[0] }}"
  when:
    - gateway_internal_interface is not defined

- name: Configure static IP on {{ ethernet | default(gateway_internal_interface) }}
  nmcli:
    conn_name: "{{ ethernet | default(gateway_internal_interface) }}"
    ifname: "{{ ethernet | default(gateway_internal_interface) }}"
    type: ethernet
    state: present
    ip4: "{{ gateway_server_ip }}/24"
    gw4: "{{ actual_gateway_ip }}"
    mtu: 1500
    dns4:
      - "{{ dns_primary }}"
      - "{{ dns_secondary }}"
  notify:
    - Restart NetworkManager