---
- name: "create interface directory hierarchy"
  ansible.builtin.file:
    path: "{{ system_etc_root_directory }}/network/interfaces/{{ item }}"
    state: "directory"
    mode: 0755
  loop:
    - "br0"
    - "br0/ifup.d"
    - "br0/ifdown.d"
    - "br0/nftables"

- name: "nftables up script"
  ansible.builtin.template:
    src: "./nftables/up.nft"
    dest: "{{ system_etc_root_directory }}/network/interfaces/br0/nftables/up.nft"
    mode: 0644
  register: vpn_bridge_nftables_up

- name: "interface up scripts"
  ansible.builtin.template:
    src: "./ifupdown.d/{{ item }}"
    dest: "{{ system_etc_root_directory }}/network/interfaces/br0/ifup.d/{{ item }}"
    mode: 0755
  loop:
    - "00-interface"
    - "10-nftables"
    - "20-routes"
  register: vpn_bridge_interface_up

- name: "configure interface"
  ansible.builtin.copy:
    src: "./br0"
    dest: "/etc/network/interfaces.d/br0"
    mode: 0644
  register: vpn_bridge_interface_file

- name: "restart interface"
  ansible.builtin.shell: |
    if ip link show dev br0
    then
        ifdown br0 && ifup br0
    else
        ifup br0
    fi
  when:
    vpn_bridge_nftables_up.changed or
    vpn_bridge_interface_up.changed or
    vpn_bridge_interface_file.changed

- name: "nftables down script"
  ansible.builtin.template:
    src: "./nftables/down.nft"
    dest: "{{ system_etc_root_directory }}/network/interfaces/br0/nftables/down.nft"
    mode: 0644

- name: "interface down scripts"
  ansible.builtin.template:
    src: "./ifupdown.d/{{ item }}"
    dest: "{{ system_etc_root_directory }}/network/interfaces/br0/ifdown.d/{{ item }}"
    mode: 0755
  loop:
    - "00-interface"
    - "10-nftables"
    - "20-routes"