iiab/roles/network/tasks/enable_services.yml

- name: Disable dhcpd service
  service:
    name: dhcpd
    enabled: no
  when: (dhcpd_install or dhcpd_installed is defined) and not dhcpd_enabled

# service is restarted with NM dispatcher.d script
- name: Enable dhcpd service
  service:
    name: dhcpd
    enabled: yes
  when: dhcpd_install and dhcpd_enabled

- name: Install /etc/sysconfig/dhcpd, /etc/dhcpd-iiab.conf from templates
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  with_items:
   - { src: 'dhcp/dhcpd-env.j2', dest: '/etc/sysconfig/dhcpd', mode: '0644' }
   - { src: 'dhcp/dhcpd-iiab.conf.j2', dest: '/etc/dhcpd-iiab.conf', mode: '0644' }
  when: dhcpd_install and dhcpd_enabled

- name: Install /etc/named-iiab.conf and two *.zone.db files into /var/named-iiab
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: root
    mode: "{{ item.mode }}"
  with_items:
   - { src: 'named/named-iiab.conf.j2', dest: '/etc/named-iiab.conf', mode: '0644' }
   - { src: 'named/school.local.zone.db', dest: '/var/named-iiab/', mode: '0644' }
   - { src: 'named/school.internal.zone.db', dest: '/var/named-iiab/', mode: '0644' }
  when: named_install and named_enabled

- name: Enable named service ({{ dns_service }}) if named_enabled
  systemd:
    name: "{{ dns_service }}"
    enabled: yes
  when: named_install and named_enabled

- name: Disable named service ({{ dns_service }}) if not named_enabled
  systemd:
    name: "{{ dns_service }}"
    enabled: no
  when: (named_install or named_installed is defined) and not named_enabled

- name: Install /etc/dnsmasq.d/iiab.conf from template, when dnsmasq_enabled and isn't Appliance
  template:
    src: network/dnsmasq.conf.j2
    dest: /etc/dnsmasq.d/iiab.conf
  when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance")

- name: Install /etc/hosts.dnsmasq from template for /etc/dnsmasq.d/iiab.conf (instead of using /etc/hosts)
  template:
    src: network/hosts-dnsmasq.j2
    dest: /etc/hosts.dnsmasq
  when: dnsmasq_install and dnsmasq_enabled and (iiab_network_mode != "Appliance")

## Another way to skin the cat
##- name: Check if systemd service networkd-dispatcher is enabled
##  systemd:
##    name: networkd-dispatcher
##    state: reloaded
##  register: systemd_out
##
## Yet Another
## command: systemctl show networkd-dispatcher | grep ^UnitFileState=
## would yield "UnitFileState=enabled"
##
#- name: Check if systemd service networkd-dispatcher is enabled
#  command: systemctl is-enabled networkd-dispatcher
#  register: nd_enabled
#  ignore_errors: True
#
#- debug:
#    var: nd_enabled

- name: Check if /etc/networkd-dispatcher/routable.d exists
  stat:
    path: /etc/networkd-dispatcher/routable.d
  register: nd_dir

#- debug:
#    var: nd_dir

#- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and networkd-dispatcher is enabled, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04)
- name: To restart dnsmasq whenever br0 comes up, install /etc/networkd-dispatcher/routable.d/dnsmasq.sh from template (if isn't Appliance, and directory /etc/networkd-dispatcher/routable.d exists, i.e. OS's like Ubuntu 18.04)
  template:
    src: roles/network/templates/network/dnsmasq.sh.j2
    dest: /etc/networkd-dispatcher/routable.d/dnsmasq.sh
    mode: 0755
    owner: root
    group: root
  when: dnsmasq_install and dnsmasq_enabled and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance")
  #when: dnsmasq_install and dnsmasq_enabled and nd_enabled is defined and nd_enabled.stdout == "enabled" and nd_dir.stat.exists and nd_dir.stat.isdir and (iiab_network_mode != "Appliance")
  #when: dnsmasq_install and dnsmasq_enabled and systemd_out.status.UnitFileState == "enabled" and networkd_dir.stat.exists and networkd_dir.stat.isdir and (iiab_network_mode != "Appliance")
  #when: dnsmasq_enabled and dnsmasq_install and (iiab_network_mode != "Appliance") and (not is_rpi) and (not is_ubuntu_16)

- name: Remove /etc/dnsmasq.d/iiab.conf, when not dnsmasq_enabled or is Appliance
  file:
    path: /etc/dnsmasq.d/iiab.conf
    state: absent
  when: (not dnsmasq_enabled) or (iiab_network_mode == "Appliance")

- name: Enable iiab-dnsmasq systemd service, if dnsmasq_enabled
  systemd:
    name: iiab-dnsmasq
    enabled: yes
  when: dnsmasq_install and dnsmasq_enabled

- name: Disable iiab-dnsmasq, if not dnsmasq_enabled
  systemd:
    name: iiab-dnsmasq
    enabled: no
  when: dnsmasq_install and not dnsmasq_enabled

- name: Enable DansGuardian systemd service, if dansguardian_enabled
  systemd:
    name: dansguardian
    enabled: yes
  when: dansguardian_install and dansguardian_enabled

- name: Disable DansGuardian, if not dansguardian_enabled
  systemd:
    name: dansguardian
    enabled: no
  when: (dansguardian_install or dansguardian_installed is defined) and not dansguardian_enabled

- name: Mandate 'HTTPCACHE_ON=True' in {{ iiab_env_file }}, if squid_enabled
  lineinfile:
    path: "{{ iiab_env_file }}"
    regexp: '^HTTPCACHE_ON=*'
    line: 'HTTPCACHE_ON=True'
    state: present
  when: squid_install and squid_enabled

- name: Enable Squid systemd service ({{ proxy }}) if squid_enabled
  systemd:
    name: "{{ proxy }}"
    enabled: yes
  when: squid_install and squid_enabled

- name: Install /etc/{{ proxy }}/squid-iiab.conf from template, owned by {{ proxy_user }}:{{ proxy_user }}
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: "{{ item.owner }}"
    group: "{{ item.group }}"
    mode: "{{ item.mode }}"
  with_items:
    - src: squid/squid-iiab.conf.j2
      dest: "/etc/{{ proxy }}/squid-iiab.conf"
      owner: "{{ proxy_user }}"
      group: "{{ proxy_user }}"
      mode: 0644
  when: squid_install and squid_enabled

- name: Point to Squid config file from startup file, if squid_enabled (debuntu)
  lineinfile:
    regexp: '^CONFIG'
    line: "CONFIG=/etc/{{ proxy }}/squid-iiab.conf"
    path: "/etc/init.d/{{ proxy }}"
  when: squid_install and squid_enabled and is_debuntu

- name: Disable Squid service, if not squid_enabled
  systemd:
    name: "{{ proxy }}"
    enabled: no
  when: (squid_install or squid_installed is defined) and not squid_enabled

- name: Revert to 'HTTPCACHE_ON=False' if not squid_enabled
  lineinfile:
    dest: "{{ iiab_env_file }}"
    regexp: '^HTTPCACHE_ON=*'
    line: 'HTTPCACHE_ON=False'
    state: present
  when: squid_install and not squid_enabled

- name: Enable Wondershaper service, if wondershaper_enabled
  systemd:
    name: wondershaper
    enabled: yes
  when: wondershaper_install and wondershaper_enabled

- name: Disable Wondershaper service, if not wondershaper_enabled
  systemd:
    name: wondershaper
    enabled: no
  when: (wondershaper_install or wondershaper_installed is defined) and not wondershaper_enabled

# check-LAN should be iptables.yml remove later
- name: Install clean copy of /usr/bin/iiab-gen-iptables from template
  template:
    src: gateway/iiab-gen-iptables
    dest: /usr/bin/iiab-gen-iptables
    owner: root
    group: root
    mode: 0755

- name: Add 'squid' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: squid
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: enabled
      value: "{{ squid_enabled }}"

- name: Add 'dansguardian' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: dansguardian
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: enabled
      value: "{{ dansguardian_enabled }}"

- name: Add 'wondershaper' variable values to {{ iiab_ini_file }}
  ini_file:
    path: "{{ iiab_ini_file }}"
    section: wondershaper
    option: "{{ item.option }}"
    value: "{{ item.value | string }}"
  with_items:
    - option: enabled
      value: "{{ wondershaper_enabled }}"