- name: detect default public interface
  set_fact:
    public_interface: "{{ ansible_default_ipv4.interface }}"

- name: get gateway info from ip route
  shell: ip route get 1.1.1.1 | grep -oP 'via \K[\d.]+' | head -n1
  register: detected_gateway
  changed_when: false

- name: set public gateway fact
  set_fact:
    public_gateway: "{{ detected_gateway.stdout }}"

- name: deploy /etc/network/interfaces
  template:
    src: interfaces.j2
    dest: /etc/network/interfaces
    owner: root
    group: root
    mode: '0644'

- name: set pveproxy config
  copy:
    src: files/pveproxy
    dest: /etc/default/pveproxy
    mode: '0644'

- name: deploy /etc/iptables/rules.v4
  template:
    src: rules.v4.j2
    dest: /etc/iptables/rules.v4
    owner: root
    group: root
    mode: '0644'

- name: enable ipv4 forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present
    reload: yes

- name: restart pveproxy
  systemd:
    name: pveproxy
    state: restarted
    enabled: true
  when: ansible_service_mgr == 'systemd'

- name: restart networking
  systemd:
    name: networking
    state: restarted
    enabled: true
  when: ansible_service_mgr == 'systemd'