- name: install packages
  apt:
    name: ['iptables', 'ifupdown']
    state: present

- name: ensure resolved is stopped and disabled
  service:
    name: systemd-resolved
    enabled: false
    state: stopped

- name: write config for lan interface
  copy:
    content: |
      auto {{ dhcp_interface }}
      allow-hotplug {{ dhcp_interface }}
      iface {{ dhcp_interface }} inet static
        address {{ server_ip }}
        netmask {{ server_netmask }}
    dest: "/etc/network/interfaces.d/{{ dhcp_interface }}"
    owner: root
    group: root
    mode: 0644
  register: lan_iface_cfg

- name: setup lan interface
  shell: |
    ifdown --force {{ dhcp_interface }} || true
    ifup {{ dhcp_interface }}
  when: lan_iface_cfg.changed

- name: enable permantent masquerading
  copy:
    content: |
      *nat
      :PREROUTING ACCEPT [0:0]
      :INPUT ACCEPT [0:0]
      :POSTROUTING ACCEPT [0:0]
      :OUTPUT ACCEPT [0:0]
      -A POSTROUTING -o {{wan_interface}} -j MASQUERADE
      COMMIT
    dest: /etc/network/iptables.up.rules
  register: iptables_up_rules

- name: apply iptables rules
  iptables:
    table: nat
    chain: POSTROUTING
    out_interface: "{{ wan_interface }}"
    jump: MASQUERADE

- name: enable ip forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: yes
    state: present
    reload: yes