- name: import internal tld resolver vars if internal nameserver is present
  include_vars:
    file: internal.yml
  when: services.internal_ns is defined


- name: import ipv6 disable snippet
  include_vars:
    file: disable_ipv6.yml
    hash_behaviour: merge
  when: blocky_disable_ipv6 | d(false) == true


- name: import tls support
  include_vars:
    file: tls.yml
    hash_behaviour: merge
  when: host_tls and blocky_enable_dot


- name: set blocky_cfg
  set_fact:
    blocky_cfg: "{{ blocky_default_config | d({}) | combine(blocky_config | d({}), recursive=true) }}"


- name: install dependencies
  include_tasks: tasks/install_packages.yml
  vars:
    package:
      - libcap
      - libc6-compat


- name: create user and group
  include_tasks: tasks/create_user.yml
  vars:
    user:
      name: "{{ blocky_user }}"
      group: "{{ blocky_group }}"
      dir: "{{ blocky_dir }}"
      notify: restart blocky


- name: create directories
  file:
    path: "{{ item }}"
    state: directory
    mode: 0755
    owner: "{{ blocky_user }}"
    group: "{{ blocky_group }}"
  notify: restart blocky
  loop:
    - "{{ blocky_conf_dir }}"
    - "{{ blocky_dir }}"


- name: get and extract latest version of blocky
  include_tasks: tasks/get_lastversion.yml
  vars:
    package:
      name: 0xERR0R/blocky
      location: github
      assets: yes
      asset_filter: 'Linux_x86_64.tar.gz$'
      file: "{{ blocky_dir }}/last_version"
      extract: "{{ blocky_dir }}"
      user: "{{ blocky_user }}"
      group: "{{ blocky_group }}"
      notify: restart blocky


- name: template config file
  template:
    src: blocky.j2
    dest: "{{ blocky_conf_file }}"
    force: yes
    mode: 0400
    owner: "{{ blocky_user }}"
    group: "{{ blocky_group }}"
    lstrip_blocks: yes
  notify: restart blocky


- name: template init script
  template:
    src: init.j2
    dest: /etc/init.d/blocky
    force: yes
    mode: "+x"
  notify: restart blocky


- name: ensure blocky binary has executable bit set
  file:
    path: "{{ blocky_dir }}/blocky"
    mode: "+x"


- name: add cap_net_bind_service to blocky executable
  community.general.capabilities:
    path: "{{ blocky_dir }}/blocky"
    capability: cap_net_bind_service+ep
  changed_when: no


- name: install and configure nginx
  include_role:
    name: nginx
  vars:
    nginx:
      servers:
        - conf: nginx_server
      certs: "{{ host_tls }}"
      external_tld: "{{ host_tld }}"


- block:
    - name: get certificate file type
      stat:
        path: /etc/nginx/tls/ecc384.crt
      register: stat


    - name: copy nginx ecc384 certificate to blocky dir
      copy:
        src: "/etc/nginx/tls/{{ item.src }}"
        dest: "{{ item.dest }}"
        force: yes
        mode: 0400
        owner: "{{ blocky_user }}"
        group: "{{ blocky_group }}"
        remote_src: yes
      loop:
        - src: ecc384.crt
          dest: "{{ blocky_tls_ecc384_cert }}"
        - src: ecc384.key
          dest: "{{ blocky_tls_ecc384_key }}"
      when: not (stat.stat.islnk is defined and stat.stat.islnk)


    - name: create symlinks
      file:
        path: "{{ item.dest }}"
        src: "/etc/nginx/tls/{{ item.src }}"
        state: link
        force: yes
      loop:
        - src: ecc384.crt
          dest: "{{ blocky_tls_ecc384_cert }}"
        - src: ecc384.key
          dest: "{{ blocky_tls_ecc384_key }}"
      when: stat.stat.islnk is defined and stat.stat.islnk

  when: host_tls and blocky_enable_dot


- name: add directories to backup plan
  include_role:
    name: backup
  vars:
    function: add
    backup_items:
      - "{{ blocky_conf_dir }}"


- name: add prometheus metric target
  include_role:
    name: prometheus
  vars:
    function: add_target
    target:
      name: blocky
      scheme: "{{ host_protocol }}"
  when: host_metrics


- name: flush handlers
  meta: flush_handlers


- name: enable and start blocky
  service:
    name: blocky
    enabled: yes
    state: started