---
- name: configure systemd unit fastd@
  systemd:
    name: "fastd@{{ item.0.id }}VPN-{{ item.1.mtu }}"
    enabled: yes
  with_subelements:
    - "{{ meshes }}"
    - fastd.nodes.instances

- name: create fastd directories
  file:
    path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}"
    state: directory
    mode: 0755
  with_subelements:
    - "{{ meshes }}"
    - fastd.nodes.instances

- name: create fastd peer mesh directories
  file:
    path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers"
    state: directory
    mode: 0755
    owner: admin
    group: admin
  with_subelements:
    - "{{ meshes }}"
    - fastd.nodes.instances

- name: create fastd peer mesh directories for ffbin
  file:
    path: "/etc/fastd/mzVPN-{{ item }}/peers_bingen"
    state: directory
    mode: 0755
    owner: admin
    group: admin
  with_items:
    - 1406
    - 1312

- name: clone fastd peer mesh repos
  git:
    repo: "{{ item.1.peers.repo }}"
    dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peers"
    version: "{{ item.1.peers.version }}"
    update: no
  with_subelements:
    - "{{ meshes }}"
    - fastd.nodes.instances
  become: false

- name: clone fastd peer mesh repo for ffbin
  git:
    repo: https://github.com/freifunk-bingen/peers-ffbin.git
    dest: "/etc/fastd/mzVPN-{{ item }}/peers_bingen"
    version: master
    update: no
  with_items:
    - 1406
    - 1312
  become: false

- name: template fastd mesh config
  template:
    src: fastd-mesh.conf.j2
    dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/fastd.conf"
  notify: restart fastd mesh instances
  with_subelements:
    - "{{ meshes }}"
    - fastd.nodes.instances

- name: write fastd mesh secret
  template:
    src: fastd-secret.conf.j2
    dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/secret.conf"
  notify: restart fastd mesh instances
  with_subelements:
    - "{{ meshes }}"
    - fastd.nodes.instances

- name: copy peer_limit.conf if not exist
  copy:
    src: peer_limit.conf
    dest: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf"
    owner: admin
    group: admin
    mode: 0640
    force: no
  notify: restart fastd mesh instances
  with_subelements:
    - "{{ meshes }}"
    - fastd.nodes.instances

- name: set file attributes for peer_limit.conf
  file:
    path: "/etc/fastd/{{ item.0.id }}VPN-{{ item.1.mtu }}/peer_limit.conf"
    mode: 0640
    owner: admin
    group: admin
  notify: restart fastd mesh instances
  with_subelements:
    - "{{ meshes }}"
    - fastd.nodes.instances

- name: write systemd unit fastd-sync-meshkeys.service
  template:
    src: fastd-sync-meshkeys.service.j2
    dest: /etc/systemd/system/fastd-sync-meshkeys.service
    owner: root
    group: root
    mode: 0644
  notify: reload systemd

- name: write systemd timer fastd-sync-meshkeys.timer
  template:
    src: fastd-sync-meshkeys.timer.j2
    dest: /etc/systemd/system/fastd-sync-meshkeys.timer
    owner: root
    group: root
    mode: 0644
  notify: reload systemd

- name: write systemd unit fastd-peer-limit-update.service
  template:
    src: fastd-peer-limit-update.service.j2
    dest: /etc/systemd/system/fastd-peer-limit-update.service
    owner: root
    group: root
    mode: 0644
  notify: reload systemd

- name: write systemd timer fastd-peer-limit-update.timer
  template:
    src: fastd-peer-limit-update.timer.j2
    dest: /etc/systemd/system/fastd-peer-limit-update.timer
    owner: root
    group: root
    mode: 0644
  notify: reload systemd

- name: configure systemd timers for fastd-mesh instance
  systemd:
    name: "{{ item }}.timer"
    enabled: yes
    state: started
  with_items:
    - fastd-sync-meshkeys
    - fastd-peer-limit-update