---
- name: "post-up nftables scripts"
  ansible.builtin.template:
    src: "./{{ item }}"
    dest: "/usr/local/sbin/{{ item }}"
    mode: 0755
  loop:
    - "post-up-br0-inet.nft"
    - "post-up-br0-ipv4.nft"
    - "post-up-br0-ipv6.nft"
  register: vpn_bridge_post_up_nft

- name: "configure interface"
  ansible.builtin.template:
    src: "./br0"
    dest: "/etc/network/interfaces.d/br0"
    mode: 0644
    validate: >
      bash -c
      'if ! diff %s /etc/network/interfaces.d/br0 && ip link show dev br0 ;
       then
           ifdown br0 ;
       fi'
  register: vpn_bridge_intf

- name: "restart interface"
  ansible.builtin.shell: |
    if ip link show dev br0
    then
        ifdown br0 && ifup br0
    else
        ifup br0
    fi
  when:
    vpn_bridge_post_up_nft.changed or
    vpn_bridge_intf.changed

- name: "pre-down nftables scripts"
  ansible.builtin.copy:
    src: "./{{ item }}"
    dest: "/usr/local/sbin/{{ item }}"
    mode: 0755
  loop:
    - "pre-down-br0-inet.nft"
    - "pre-down-br0-ipv4.nft"
    - "pre-down-br0-ipv6.nft"