---
- name: "Create vpns user"
  ansible.builtin.user:
    name: _vpn
    create_home: no
    comment: Project VPN user
    state: present
    shell: /sbin/nologin
  notify: restart_notification

- name: "Create root directory of vpn services"
  ansible.builtin.file:
    path: /var/reactance/
    state: directory
    owner: _vpn
    group: _vpn
    mode:  0755

- name: "templating out ip forwarding rules in sysctl.conf"
  ansible.builtin.blockinfile:
    path: /etc/sysctl.conf
    create: true
    backup: true
    marker: "### REACTANCE - IP Forwarding - {mark} ###"
    insertafter: "EOF"
    block: |
      net.inet.ip.forwarding=1
      net.inet6.ip6.forwarding=1

- name: "templating out sysctl.conf"
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: '0644'
  notify: syslogd_restart
  loop:
    - src: syslog.conf.j2
      dest: /etc/syslog.conf
    - src: newsyslog.conf.j2
      dest: /etc/newsyslog.conf
    

# openbsd_pkg cant be run parallely otherwise there could be package locks and pipeline would fail
- name: "install necessary utils"
  community.general.openbsd_pkg:
    name:
      - unzip--
      - curl--
      - rsync--
      - jq--
    state: present
  when: inventory_hostname in (groups['vless']|default([]) + groups['vmess']|default([]) + groups['trojan']|default([]) + groups['all_vpns']|default([]))

- name: "tune unbound performance"
  community.general.openbsd_pkg:
    name: ripgrep
    state: present
  when: not disable_dns|default(False)