---
- name: Setup NAT
  ansible.builtin.iptables:
    chain: POSTROUTING
    table: nat
    source: "{{ internal_network }}"
    jump: MASQUERADE
  register: iptables

- name: Enable kernel panic reboots
  ansible.posix.sysctl:
    name: kernel.panic
    value: '1'

- name: Enable IPv4 forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: true

- name: Enable IPv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_set: true

- name: Create Routing Table 42
  ansible.builtin.lineinfile:
    path: /etc/iproute2/rt_tables
    line: 42 ffrl
    create: yes

- name: Generate NDPPD Config
  ansible.builtin.template:
    src: ndppd.conf.j2
    dest: /etc/ndppd.conf
    owner: root
    group: root
    mode: 755

- name: Install all Packages for VPN Servers
  ansible.builtin.apt: 
    name: 
      - libndp0
      - libndp-tools
      - ndppd
      - iptables-persistent
    state: latest
    update_cache: yes

- name: Find all Netplan Files without of the freifunk file 
  find:
    paths: /etc/netplan/
    file_type: file
    excludes: 
      - "01-freifunk.yaml"
  register: found_files

- name: Delete files
  file:
    path: "{{ item.path }}"
    state: absent
  with_items: "{{ found_files['files'] }}"

- name: Copy Netplan Template for Internal Network
  ansible.builtin.template:
    src: netplan.j2
    dest: /etc/netplan/01-freifunk.yaml
    owner: root
    group: root
    mode: 755
  register: netplan_config

- name: saveip6tables
  ansible.builtin.shell: ip6tables-save > /etc/iptables/rules.v6
  when: iptables.changed

- name: saveip4tables
  ansible.builtin.shell: iptables-save > /etc/iptables/rules.v4
  when: iptables.changed
  
- name: Apply Netplan
  ansible.builtin.shell: netplan apply
  when: netplan_config.changed

- name: Enable Proxy_NDP on interface ens19
  ansible.posix.sysctl:
    name: net.ipv6.conf.ens19.proxy_ndp
    value: '1'
    sysctl_set: true