configpolicy/roles/hass-dhcp/tasks/main.yml

- name: ensure dnsmasq is installed
  package:
    name: dnsmasq
    state: present
  tags:
  - install

- name: ensure dnsmasq is configured for homeassistant
  template:
    src: homeassistant.dnsmasq.conf.j2
    dest: /etc/dnsmasq.d/homeassistant.conf
    mode: '0644'
  notify:
  - restart dnsmasq

- meta: flush_handlers
- name: ensure homeassistant firewall zone exists
  firewalld:
    zone: homeassistant
    permanent: true
    state: present
  tags:
  - firewall
  notify:
  - reload firewalld
- name: ensure homeassistant firewalld zone is configured
  firewalld:
    zone: homeassistant
    interface: '{{ hass_interface }}'
    permanent: true
    state: enabled
  notify:
  - reload firewalld
  tags:
  - firewall
- meta: flush_handlers
- name: ensure firewall is configured for home assistant services
  firewalld:
    zone: homeassistant
    service: '{{ item }}'
    immediate: yes
    permanent: no
    state: enabled
  loop:
  - dhcp
  - dns
  - http
  - https
  - mdns
  - mqtt-tls
  notify:
  - save firewalld configuration
  tags:
  - firewall