r/hass-dhcp: Clean up DHCP/DNS service

The production deployment of *dnsmasq* for Home Assistant has deviated
from how the *hass-dhcp* role configures it.  Bringing the role back in
sync with how things really are.

roles/hass-dhcp/tasks/main.yml

@@ -12,3 +12,43 @@
     mode: '0644'
   notify:
   - restart dnsmasq
+
+- meta: flush_handlers
+- name: ensure homeassistant firewall zone exists
+  firewalld:
+    zone: homeassistant
+    permanent: true
+    state: present
+  tags:
+  - firewall
+  notify:
+  - reload firewalld
+- name: ensure homeassistant firewalld zone is configured
+  firewalld:
+    zone: homeassistant
+    interface: '{{ hass_interface }}'
+    permanent: true
+    state: enabled
+  notify:
+  - reload firewalld
+  tags:
+  - firewall
+- meta: flush_handlers
+- name: ensure firewall is configured for home assistant services
+  firewalld:
+    zone: homeassistant
+    service: '{{ item }}'
+    immediate: yes
+    permanent: no
+    state: enabled
+  loop:
+  - dhcp
+  - dns
+  - http
+  - https
+  - mdns
+  - mqtt-tls
+  notify:
+  - save firewalld configuration
+  tags:
+  - firewall