---

- name: Install Evolix public repositry
  ansible.builtin.include_role:
    name: evolix/apt
    tasks_from: evolix_public.yml
  tags:
    - vrrpd

- name: Install vrrpd packages
  ansible.builtin.apt:
    name: vrrpd=1.0-2.evolix
    allow_unauthenticated: yes
    state: present
  tags:
    - vrrpd

- name: install custom switch script
  ansible.builtin.copy:
    src: vrrp_switch.sh
    dest: /etc/vrrpd/vrrp_switch
    mode: "0700"
    owner: "root"
    group: "root"
    force: "{{ vrrp_force_update_switch_script | bool | ternary('yes','no') }}"

- name: Adjust sysctl config (except rp_filter)
  ansible.posix.sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    sysctl_file: /etc/sysctl.d/vrrpd.conf
    sysctl_set: yes
    state: present
  loop:
    - { name: 'net.ipv4.conf.all.arp_ignore', value: 1 }
    - { name: 'net.ipv4.conf.all.arp_announce', value: 2 }
    - { name: 'net.ipv4.ip_nonlocal_bind', value: 1 }
  tags:
    - vrrpd

- name: look if rp_filter is managed by minifirewall
  ansible.builtin.command:
    cmd: grep "SYSCTL_RP_FILTER=" /etc/default/minifirewall
  failed_when: False
  changed_when: False
  check_mode: no
  register: grep_sysctl_rp_filter_minifirewall

- name: Configure SYSCTL_RP_FILTER in minifirewall
  ansible.builtin.lineinfile:
    dest: "/etc/default/minifirewall"
    line: "SYSCTL_RP_FILTER='0'"
    regexp: "SYSCTL_RP_FILTER=('|\").*('|\")"
    create: no
  when: grep_sysctl_rp_filter_minifirewall.rc == 0

- name: Adjust sysctl config (only rp_filter)
  ansible.posix.sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    sysctl_file: /etc/sysctl.d/vrrpd.conf
    sysctl_set: yes
    state: present
  loop:
    - { name: 'net.ipv4.conf.default.rp_filter', value: 0 }
    - { name: 'net.ipv4.conf.all.rp_filter', value: 0 }
  when: grep_sysctl_rp_filter_minifirewall.rc != 0
  tags:
    - vrrpd

- name: Create VRRP address
  ansible.builtin.include: ip.yml
  loop: "{{ vrrp_addresses }}"
  loop_control:
    loop_var: "vrrp_address"