---
# Copyright 2017, Rackspace US, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

- name: Gather variables for each operating system
  include_vars: "{{ lookup('first_found', params) }}"
  vars:
    params:
      files:
        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_version'] | lower }}.yml"
        - "{{ ansible_facts['distribution'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
        - "{{ ansible_facts['os_family'] | lower }}-{{ ansible_facts['distribution_major_version'] | lower }}.yml"
        - "{{ ansible_facts['distribution'] | lower }}.yml"
        - "{{ ansible_facts['os_family'] | lower }}.yml"
      paths:
        - "{{ role_path }}/vars"
      skip: true  # skip if no files are found
  tags:
    - always

- name: Install required repos and packages
  when:
    - systemd_networkd_distro_packages | length > 0
  block:
    # Copy all factored-in GPG keys.
    # KeyID 2F86D6A1 from https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-8
    - name: If a keyfile is provided, copy the gpg keyfile to the key location
      copy:
        src: "{{ item.keyfile }}"
        dest: "{{ item.key }}"
        mode: '0644'
      with_items: "{{ systemd_networkd_package_repos_keys | selectattr('keyfile', 'defined') | list }}"
      when:
        - ansible_facts['os_family'] | lower == 'redhat'

    - name: Ensure GPG keys have the correct SELinux contexts applied
      command: restorecon -Rv /etc/pki/rpm-gpg/
      # TODO(evrardjp): Be more idempotent
      changed_when: false
      when:
        - ansible_facts['os_family'] | lower == 'redhat'

    # Handle gpg keys manually
    - name: Install gpg keys
      rpm_key:
        key: "{{ key.key }}"
        validate_certs: "{{ key.validate_certs | default(omit) }}"
        state: "{{ key.state | default('present') }}"
      with_items: "{{ systemd_networkd_package_repos_keys }}"
      loop_control:
        loop_var: key
      register: _add_yum_keys
      until: _add_yum_keys  is success
      retries: 5
      delay: 2
      when:
        - ansible_facts['os_family'] | lower == 'redhat'

    # NOTE(jrosser) this repo is configured with the path to the first gpg key provided
    - name: Install the EPEL repository
      yum_repository:
        name: epel-networkd
        baseurl: "{{ systemd_networkd_epel_mirror ~ '/' ~ ansible_facts['distribution_major_version'] ~ '/Everything/' ~ ansible_facts['architecture'] }}"
        description: 'Extra Packages for Enterprise Linux $releasever - $basearch'
        gpgkey: "file://{{ systemd_networkd_package_repos_keys[0].key }}"
        gpgcheck: yes
        enabled: yes
        state: present
        includepkgs: 'systemd-networkd'
      when:
        - ansible_facts['os_family'] | lower == 'redhat'
      register: install_epel_repo
      until: install_epel_repo  is success
      retries: 5
      delay: 2

    - name: Install networkd distro packages
      package:
        name: "{{ systemd_networkd_distro_packages }}"
        state: "present"
        update_cache: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary('yes', omit) }}"
        cache_valid_time: "{{ (ansible_facts['pkg_mgr'] == 'apt') | ternary(600, omit) }}"
        enablerepo: "{{ systemd_networkd_enablerepo | default(omit) }}"
      register: install_packages
      until: install_packages is success
      retries: 3
      delay: 2

- name: Create systemd-networkd directory
  file:
    path: "/etc/systemd/network"
    state: directory
    mode: "0755"
  tags:
    - systemd-networkd

- name: Create systemd-resolved config
  template:
    src: "systemd-resolved.conf.j2"
    dest: "/etc/systemd/resolved.conf"
    owner: "root"
    group: "root"
    mode: "0644"
  when:
    - systemd_resolved | length > 0
  notify:
    - Restart systemd-resolved
  tags:
    - systemd-resolved

- name: Find prefixed netdev and network files
  find:
    paths: "/etc/systemd/network"
    patterns: "*{{ systemd_networkd_prefix }}*.netdev,*{{ systemd_networkd_prefix }}*.network"
  register: networkd_files
  when:
    - systemd_interface_cleanup | bool
  tags:
    - systemd-networkd

- name: Remove prefixed network files
  file:
    path: "{{ item.path }}"
    state: absent
  with_items: "{{ networkd_files.files }}"
  when:
    - systemd_interface_cleanup | bool
  notify:
    - Restart systemd-networkd
  tags:
    - systemd-networkd

- name: Create systemd-networkd network device(s)
  template:
    src: "systemd-netdev.j2"
    dest: "/etc/systemd/network/{{ item.1.filename }}.netdev"
    owner: "root"
    group: "root"
    mode: "0644"
  with_indexed_items: "{{ _systemd_netdevs_named }}"
  notify:
    - Restart systemd-networkd
  tags:
    - systemd-networkd

- name: Create systemd-networkd network link(s)
  openstack.config_template.config_template:
    src: "systemd-link.j2"
    dest: "/etc/systemd/network/{{ item.1.filename }}.link"
    owner: "root"
    group: "root"
    mode: "0644"
    config_overrides: "{{ item.1.link_config_overrides | default(systemd_link_config_overrides) }}"
    config_type: "ini"
  with_indexed_items: "{{ _systemd_networks_named }}"
  notify:
    - Update initramfs
    - Restart systemd-networkd
  tags:
    - systemd-networkd

- name: Create systemd-networkd network network(s)
  openstack.config_template.config_template:
    src: "systemd-network.j2"
    dest: "/etc/systemd/network/{{ item.1.filename }}.network"
    owner: "root"
    group: "root"
    mode: "0644"
    config_overrides: "{{ item.1.config_overrides | default({}) }}"
    config_type: "ini"
  with_indexed_items: "{{ _systemd_networks_named }}"
  notify:
    - Restart systemd-networkd
  tags:
    - systemd-networkd

- name: Create systemd-networkd extra config folder
  ansible.builtin.file:
    path: "/etc/systemd/network/{{ item }}.network.d"
    owner: "root"
    group: "root"
    mode: "0755"
    state: directory
  loop: "{{ _systemd_networks_named | selectattr('static_routes', 'defined') | map(attribute='filename') }}"

- name: Place systemd-networkd network routes
  ansible.builtin.template:
    src: systemd-network-routes.j2
    dest: "/etc/systemd/network/{{ item['filename'] }}.network.d/routes.conf"
    owner: "root"
    group: "root"
    mode: "0644"
  loop: "{{ _systemd_networks_named | selectattr('static_routes', 'defined') }}"

- name: Enable and start systemd-networkd
  systemd:
    name: "systemd-networkd"
    enabled: "yes"
    state: started
  async: 45
  poll: 0
  when:
    - systemd_run_networkd | bool
  tags:
    - systemd-networkd

- name: Restart systemd_networkd prior to applying sysctl changes
  meta: flush_handlers

- name: Add IP Forward for interface
  sysctl:
    name: "net.ipv4.conf.{{ item.1.interface }}.forwarding"
    value: 1
    sysctl_set: yes
    state: present
    reload: yes
  with_indexed_items: "{{ _systemd_networks_named }}"
  when:
    - (ansible_facts['os_family'] | lower) == 'redhat'
    - item.1.ipforward | default(false) | bool