- name: Install conntrack-tools
  package:
    name: conntrack-tools

# Ensure the module is loaded before setting sysctl values.
- name: Autoload nf_conntrack
  lineinfile:
    dest: /etc/modules-load.d/netfilter.conf
    line: nf_conntrack
    create: yes

# Set required sysctl values.
- name: Set sysctl values for conntrackd
  copy:
    dest: /etc/sysctl.d/
    src: conntrackd.conf

- name: Set up conntrackd
  template:
    dest: /etc/conntrackd/conntrackd.conf
    src: conntrackd.conf.j2
    mode: 0644
  notify: restart conntrackd

- name: Run conntrackd in default VRF
  lineinfile:
    dest: /etc/conf.d/conntrackd
    line: 'vrf="default"'
    regexp: '^vrf='
  notify: restart conntrackd

- name: Enable conntrackd
  service:
    name: conntrackd
    enabled: yes
    state: started