- name: Install packages
  package:
    name:
    - dnsmasq
    - bind-tools
    - krb5
    - py3-pexpect

- name: Configure kerberos
  template:
    dest: /etc/krb5.conf
    src: krb5.conf.j2

- name: Init kerberos keytab
  expect:
    command: ktutil
    responses:
      '.*:':
      - 'add_entry -password -p {{ password.ldap_user }} -k 1 -e aes256-cts-hmac-sha1-96'
      - '{{ password.ldap_pass }}'
      - 'write_kt /etc/krb5.keytab'
      - 'exit'
  args:
    creates: /etc/krb5.keytab

- name: Copy DNS updater script
  template:
    dest: "/usr/local/bin/dns-update"
    src: "dns-update.j2"
    mode: 0700

- name: Configure dnsmasq
  template:
    dest: '/etc/dnsmasq.d/{{ item }}'
    src: '{{ item }}.j2'
  loop:
  - 00-options.conf
  - 10-ranges.conf
  notify: restart dnsmasq

- name: Configure nftables
  template:
    dest: '/etc/nftables.d/dnsmasq.nft'
    src: 'dnsmasq.nft.j2'
  notify: reload nftables

# TODO netboot config