---
# The home-server project produces a multi-purpose setup using Ansible.
# Copyright © 2018 Y. Gablin, under the GPL-3.0-or-later license.
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.

- name: initialize the ddclient software
  include_role:
    name: ddclient.inc

- name: prepare to override systemd settings
  file:
    path: '/etc/systemd/system/ddclient@henet.service.d'
    state: directory
    mode: 0755

- name: systemd settings for he.net
  copy:
    content: |
      [Service]
      CapabilityBoundingSet=CAP_AUDIT_WRITE CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_SYS_CHROOT
      PrivateTmp=yes
      PrivateDevices=yes
      ProtectSystem=yes
      ProtectHome=yes
      NoNewPrivileges=yes
    dest: '/etc/systemd/system/ddclient@henet.service.d/secure-{{nickname}}.conf'
    mode: 0644
  notify:
    - restart ddclient@henet.service

- name: ddclient settings for he.net
  copy:
    content: |
      use=web
      web=http://checkip.dns.he.net/
      server=dyn.dns.he.net
      login=your_login
      password=your_password
      postscript=/etc/ddclient/henet_post.sh
      example.org
    dest: /etc/ddclient/henet.conf
    mode: 0644
  notify:
    - restart ddclient@henet.service

- name: post-update script for he.net
  copy:
    content: |
      #!/bin/bash
      # $1: new IP address
      if [ -f /etc/conf.d/iodined ]; then
        sed -i "s/^IODINE_EXT_IP=.*/IODINE_EXT_IP='$1'/" /etc/conf.d/iodined
        etc_stop_local 'IP update on dns.he.net'
        systemctl restart iodined.service
      fi
    dest: /etc/ddclient/henet_post.sh
    mode: 0755
  notify:
    - restart ddclient@henet.service

- name: enable ddclient@henet.service
  systemd:
    daemon_reload: true
    name: ddclient@henet.service
    enabled: true

### LOCAL COMMIT ⇒ ###
- name: commit local changes
  include_role: name=etckeeper.inc allow_duplicates=true tasks_from=local.yml
  vars:
    msg: ddclient@henet
### ⇐ LOCAL COMMIT ###
- meta: flush_handlers