- name: setup network
  gather_facts: no
  hosts: "{{target}}"
  become: "{{become_var}}"
  tasks:

  # todo - reboot handler or rc.inet1 restart or just warning to avoid unwanted reboot?
  # todo - enable full-blown node_id to ip conversion,
  #        here just a limited /24 hack
  - name: rc.inet1
    ansible.builtin.copy:
      content: |
        #!/bin/bash

        # CONFIGURED BY ANSIBLE

        [[ $1 = stop ]] && exit 0

        echo rc.inet1 PATH is $PATH

        ifconfig lo up

        brctl addbr xenbr0
        brctl addif xenbr0 eth0

        ifconfig xenbr0 {{cidr}} up
        ifconfig eth0 up

        route add default gw {{gw}}

        brctl addbr br0
        brctl addif br0 eth1
        ifconfig br0 10.3.3.{{node_id}}/24 up
        ifconfig eth1 up

        brctl addbr guestbr0
        ifconfig guestbr0 10.1.0.{{node_id}}/16 up

        sysctl -w net.ipv4.ip_forward=1

        echo -n nftables ...
        nft -f /etc/nftables.conf && echo done || echo FAIL
      dest: /etc/rc.d/rc.inet1
      mode: "0755"
    notify: reboot node warning

  - name: enable NAT
    template:
      src: nftables.conf
      dest: /etc/nftables.conf
      mode: "0644"

  handlers:

    - name: reboot node warning
      debug:
        msg: "===== EVENTUALLY REBOOT NODE {{inventory_hostname_short}} ====="