---
- name: Ensure base config is deployment on all hosts
  hosts: all
  roles:
    - base_config

- name: Ensure nftables configuration
  hosts: resolv-dns
  tasks:
    - name: deploy nftables config
      ansible.builtin.copy:
        src: "resources/{{ inventory_hostname }}/files/nftables.conf"
        dest: /etc/nftables.conf
        owner: root
        group: root
        mode: "0644"
      notify: Restart nftables service
      become: true
      
  handlers:
    - name: Restart nftables service
      ansible.builtin.service:
        name: nftables
        state: restarted
      become: true

- name: Deploy DHCP server
  hosts: dhcp
  tasks:
    - name: deploy kea dhcp server config
      ansible.builtin.copy:
        src: resources/dhcp/files/kea-dhcp4.conf
        dest: /etc/kea/kea-dhcp4.conf
        owner: root
        group: root
        mode: "0644"
      notify: Restart Kea DHCP 4 server
      
  handlers:
    - name: Restart Kea DHCP 4 server
      ansible.builtin.service:
        name: kea-dhcp4-server
        state: restarted

- name: Deploy Unbound DNS
  hosts: resolv-dns
  become: true
  tasks:
    - name: deploy unbound server config
      ansible.builtin.copy:
        src: "resources/resolv-dns/files/unbound.conf.d/{{ item }}"
        dest: "/etc/unbound/unbound.conf.d/{{ item }}"
        owner: root
        group: root
        mode: "0644"
      notify: Restart Unbound
      loop:
        - local-data.conf
        - noc.conf
      
  handlers:
    - name: Restart Unbound
      ansible.builtin.service:
        name: unbound
        state: restarted