- name: ensure outside-address dhcpcd hook is installed
  copy:
    src=outside-address.dhcpcd-hook
    dest=/usr/libexec/dhcpcd-hooks/10-outside-address
    mode=0444
  notify: rebind dhcp leases
- meta: flush_handlers

- name: ensure ipv4 forwarding is enabled
  sysctl:
    name=net.ipv4.conf.all.forwarding
    value=1
    sysctl_file=/etc/sysctl.d/ip-forwarding.conf
    state=present
- name: ensure ipv6 forwarding is enabled
  sysctl:
    name=net.ipv6.conf.all.forwarding
    value=1
    sysctl_file=/etc/sysctl.d/ip-forwarding.conf
    state=present

- name: ensure ipv4 nat rules are configured
  copy:
    src=ipv4-nat.nft
    dest=/etc/nftables/ruleset.d/10_ipv4-nat.nft
    mode=0644
  notify: reload nftables
- name: ensure port forwards are configured
  template:
    src=port-forwards.nft.j2
    dest=/etc/nftables/ruleset.d/70_port-forwards.nft
    mode=0644
  notify: reload nftables
- name: ensure ip masquerading is configured
  template:
    src=masquerade.nft.j2
    dest=/etc/nftables/ruleset.d/90_masquerade.nft
    mode=0644
  notify: reload nftables