servers/roles/firewall/tasks/main.yml

- name: Update package cache
  package:
    update_cache: yes

- name: Install packages
  package:
    name: bash,bonding,iproute2
    state: latest

- name: Set up custom interfaces
  template:
    dest: /etc/network/interfaces.d/firewall.intf
    src: firewall.intf.j2
    mode: 0644
  notify: enable interfaces

- name: Set up sysctls
  template:
    dest: /etc/sysctl.d/firewall.conf
    src: sysctl.conf.j2

- name: Run SSH in management VRF
  lineinfile:
    path: /etc/conf.d/sshd
    regexp: "#* *vrf="
    line: "vrf=\"mgmt\""
  notify: reboot

- name: Set up FRR
  import_tasks: frr.yml

- name: Set up wireguard
  import_tasks: wireguard.yml

- name: Set up nftables
  import_tasks: nftables.yml

# causes issues in normal operation
# the conntrack tables seem to get synced incorrectly
#- name: Set up conntrackd
#  import_tasks: conntrackd.yml

- name: Set up configuration channel
  import_tasks: config.yml