---
- name: generate initial icvpn_ipv4_peers.conf
  shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkbgp -4 -f bird -x mwu -d ebgp_icvpn -s /home/admin/clones/icvpn-meta > /etc/bird/icvpn_ipv4_peers.conf
  args:
    chdir: /home/admin/clones/icvpn-scripts
    creates: /etc/bird/icvpn_ipv4_peers.conf
  notify: reload systemd unit bird

- name: generate initial icvpn_ipv6_peers.conf
  shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkbgp -6 -f bird -x mwu -d ebgp_icvpn -s /home/admin/clones/icvpn-meta > /etc/bird/icvpn_ipv6_peers.conf
  args:
    chdir: /home/admin/clones/icvpn-scripts
    creates: /etc/bird/icvpn_ipv6_peers.conf
  notify: reload systemd unit bird6

- name: generate initial icvpn_ipv4_roa.conf
  shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkroa -4 -f bird -x mwu -m 20 -s /home/admin/clones/icvpn-meta > /etc/bird/icvpn_ipv4_roa.conf
  args:
    chdir: /home/admin/clones/icvpn-scripts
    creates: /etc/bird/icvpn_ipv4_roa.conf
  notify: reload systemd unit bird

- name: generate initial icvpn_ipv6_roa.conf
  shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkroa -6 -f bird -x mwu -m 64 -s /home/admin/clones/icvpn-meta > /etc/bird/icvpn_ipv6_roa.conf
  args:
    chdir: /home/admin/clones/icvpn-scripts
    creates: /etc/bird/icvpn_ipv6_roa.conf
  notify: reload systemd unit bird6

- name: write icvpn_ipv4.conf
  template:
    src: icvpn_ipv4.conf.j2
    dest: /etc/bird/icvpn_ipv4.conf
    mode: 0640
    owner: bird
    group: bird
  notify: reload systemd unit bird

- name: write icvpn_ipv6.conf
  template:
    src: icvpn_ipv6.conf.j2
    dest: /etc/bird/icvpn_ipv6.conf
    mode: 0640
    owner: bird
    group: bird
  notify: reload systemd unit bird6

- name: set file attributes for ipv4 roa and peer config
  file:
    path: "{{ item }}"
    mode: 0640
    owner: admin
    group: bird
  notify: reload systemd unit bird
  loop:
    - /etc/bird/icvpn_ipv4_peers.conf
    - /etc/bird/icvpn_ipv4_roa.conf

- name: set file attributes for ipv6 roa and peer config
  file:
    path: "{{ item }}"
    mode: 0640
    owner: admin
    group: bird
  notify: reload systemd unit bird6
  loop:
    - /etc/bird/icvpn_ipv6_peers.conf
    - /etc/bird/icvpn_ipv6_roa.conf

- name: write systemd unit icvpn-tinc-bgp-update.service
  template:
    src: icvpn-tinc-bgp-update.service.j2
    dest: /etc/systemd/system/icvpn-tinc-bgp-update.service
    owner: root
    group: root
    mode: 0644
  notify: reload systemd

- name: write systemd timer icvpn-tinc-bgp-update.timer
  template:
    src: icvpn-tinc-bgp-update.timer.j2
    dest: /etc/systemd/system/icvpn-tinc-bgp-update.timer
    owner: root
    group: root
    mode: 0644
  notify: reload systemd

- name: configure systemd unit/timer icvpn-tinc-bgp-update
  systemd:
    name: icvpn-tinc-bgp-update.timer
    enabled: yes
    state: started