# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---

- name: "wicd.yml"
  debug:
    verbosity: 1
    msg: "proxy wicd.yml "

- name: "/etc/dhcp/dhcpd.conf"
  blockinfile:
    dest: /etc/dhcp/dhcpd.conf
    marker: "# {mark} ANSIBLE MANAGED BLOCK privacy"
    create: yes
    block: |
      default-lease-time 36000;
      ipv4only;
      randomise_hwaddr;
      #? whitelist 10.16.238.1;
      logfile /var/log/dhcpd.log;
      nohook resolv.conf;

# stop dhclient from overwriting resolv.conf
# with scripts in /lib/dhcpcd/dhcpcd-hooks/
# FixMe: /etc/dhcp/dhcp-client.conf?

# dnscrypt is not a system service
- name: "service disable not {{PROXY_DNS_PROXY}}"
  service:
    enabled: '{{ "yes" if PROXY_DNS_PROXY == "{{ item }}" else "no" }}'
    state: '{{ "started" if PROXY_DNS_PROXY == "{{ item }}" else "stopped" }}'
    name: "{{ item }}"
  with_items:
    # leave 'dnsmasq' running
    # maybe shutting dnsmasq shuts NetworkManager?
    - "{{PROXY_DNS_PROXY}}"
    # "dnscrypt" is not a system service
  ignore_errors: true
  when:
    - ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS

- name: "service disable not {{PROXY_DNS_NETMAN}}"
  service:
    enabled: '{{ "yes" if PROXY_DNS_NETMAN == "{{ item }}" else "no" }}'
    state: '{{ "started" if PROXY_DNS_NETMAN == "{{ item }}" else "stopped" }}'
    name: "{{ item }}"
  with_items: "{{ PROXY_DNS_NETMAN_ALL }}"
  ignore_errors: true
  when:
    - ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS

- name: "/etc/dhcpcd.conf {{ansible_distribution}}"
  blockinfile:
    dest: "{{ item }}"
    marker: "# {mark} ANSIBLE MANAGED BLOCK proxy"
    create: true
    block: |
      # we route dns queries through tor
      # we will configure ntp generically
      nohook resolv.conf,ntp.conf
  # with_first_found:
  with_items:
    - /etc/dhcpcd.conf
  when:
    - "'run_dnsmasq' in PROXY_FEATURES"

- name: "/etc/resolvconf.conf"
  lineinfile:
    dest: /etc/resolvconf.conf
    create: true
    regexp: "{{ item.name }}"
    line: "{{ item.val }}"
  with_items:
    - { name: "^#*resolvconf=.*", val: "resolvconf=no" }
    - { name: "^#*name_servers=.*", val: "name_servers=127.0.0.1" }
    - { name: "^#*resolv_conf.*", val: "resolv_conf=/etc/resolv.conf" }
  when:
    - ansible_distribution == 'Gentoo'
    - "'run_dnsmasq' in PROXY_FEATURES"

# /etc/resolvconf/update.d/ for Ubuntu

# /etc/resolvconf/update.d/dnsmasq for Debian
- name: "/etc/resolvconf/update.d/dnsmasq"
  shell: |
    [ -f /etc/resolvconf/update.d/dnsmasq ] || exit 0
    chmod 644  /etc/resolvconf/update.d/dnsmasq
    mv /etc/resolvconf/update.d/dnsmasq /etc/resolvconf/update.d/.dnsmasq
  when:
    - PROXY_DNS_PROXY != ""