- name: ensure dnsmasq is installed
  package:
    name: dnsmasq
    state: present
  tags:
  - install

- name: ensure dnsmasq is configured for homeassistant
  template:
    src: homeassistant.dnsmasq.conf.j2
    dest: /etc/dnsmasq.d/homeassistant.conf
    mode: '0644'
  notify:
  - restart dnsmasq

- name: ensure dnsmasq systemd unit drop-in directory exists
  file:
    path: /etc/systemd/system/dnsmasq.service.d
    mode: u=rwx,go=rx
    owner: root
    group: root
    state: directory
  tags:
  - systemd
- name: ensure dnsmasq starts after network is up
  copy:
    src: after-network.conf
    dest: /etc/systemd/system/dnsmasq.service.d/after-network.conf
    mode: u=rw,go=r
    owner: root
    group: root
  tags:
  - systemd

- meta: flush_handlers
- name: ensure homeassistant firewall zone exists
  firewalld:
    zone: homeassistant
    permanent: true
    state: present
  tags:
  - firewall
  notify:
  - reload firewalld
- name: ensure homeassistant firewalld zone is configured
  firewalld:
    zone: homeassistant
    interface: '{{ hass_interface }}'
    permanent: true
    state: enabled
  notify:
  - reload firewalld
  tags:
  - firewall
- meta: flush_handlers
- name: ensure firewall is configured for home assistant services
  firewalld:
    zone: homeassistant
    service: '{{ item }}'
    immediate: yes
    permanent: no
    state: enabled
  loop:
  - dhcp
  - dns
  - http
  - https
  - mdns
  - mqtt-tls
  notify:
  - save firewalld configuration
  tags:
  - firewall