tasks/main.yml

---
- name: Configure external interface
  template: src=etc/hostname.ext dest=/etc/hostname.{{ ext_if }} owner=root group=wheel mode=0640
  notify:
    - netstart

- name: Configure internal interface
  template: src=etc/hostname.int dest=/etc/hostname.{{ int_if }} owner=root group=wheel mode=0640
  notify:
    - netstart

- name: Configure hostname
  template: src=etc/myname dest=/etc/myname owner=root group=wheel mode=0644
  notify:
    - netstart

- name: Configure firewall
  template: src=etc/pf.conf dest=/etc/pf.conf owner=root group=wheel mode=0600
  notify:
    - pf

- name: Configure dhcpd
  template: src=etc/dhcpd.conf dest=/etc/dhcpd.conf owner=root group=wheel mode=0644
  notify:
    - dhcpd

- name: Configure ntpd
  template: src=etc/ntpd.conf dest=/etc/ntpd.conf owner=root group=wheel mode=0644
  notify:
    - ntpd

- name: Copy common config
  copy: src={{ item }} dest=/{{ item }} owner=root group=wheel mode=0644
  with_items:
    - etc/pkg.conf
    - etc/rc.securelevel
    - etc/sysctl.conf

- name: Create rc.conf.local.d
  file: path=/etc/rc.conf.local.d state=directory owner=root group=wheel mode=0644

- name: Enable base services
  template: src=etc/rc.conf.local dest=/etc/rc.conf.local.d/00-base owner=root group=wheel mode=0644
  notify:
    - rc.conf.local
    - unbound
    - nsd
    - dhcpd

- name: Build unbound keys
  command: unbound-control-setup creates=/var/unbound/etc/unbound_server.pem
  notify:
    - unbound

- name: Configure unbound
  template: src=var/unbound/etc/unbound.conf dest=/var/unbound/etc/unbound.conf owner=root group=wheel mode=0644
  notify:
    - unbound

- name: Build nsd keys
  command: nsd-control-setup creates=/var/nsd/etc/nsd_server.pem
  notify:
    - nsd

- name: Configure nsd
  template: src=var/nsd/etc/nsd.conf dest=/var/nsd/etc/nsd.conf owner=root group=_nsd mode=0640
  notify:
    - nsd

- name: Copy nsd zone file
  template: src=var/nsd/zones/default.zone dest=/var/nsd/zones/{{ domain }} owner=root group=wheel mode=0644
  notify:
    - nsd

- name: Configure nsd reverse zone
  template: src=var/nsd/zones/default.rDNS dest=/var/nsd/zones/{{ gw_network | regex_replace('^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$','\\3.\\2.\\1')}}.in-addr.arpa owner=root group=wheel mode=0644
  notify:
    - nsd

- name: Configure resolv.conf
  template: src=etc/resolv.conf dest=/etc/resolv.conf owner=root group=wheel mode=0644