---
- name: create services template dir
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}"
    state: directory
    recurse: yes

- name: copy template config files
  copy:
    src: Bastillefile
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/"

- name: create config path
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
    state: directory
    recurse: yes

- name: copy config file
  copy:
    src: sshd_config
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"

- name: create data/home dataset
  community.general.zfs:
    name: zroot/home
    state: present
    extra_zfs_properties:
      mountpoint: /data/home

- name: determine ipv6 address
  shell: ifconfig vtnet0 inet6 | awk '{ if (/2a01/) { sub(/::.$/, "::2", $2); print $2 }}'
  register: jailip
      
- name: create jail
  shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
  args:
    creates: /usr/local/bastille/jails/{{ role_name }}

- name: start jail
  # https://github.com/BastilleBSD/bastille/issues/342
  shell: bastille start {{ role_name }} || true

# FIXME: fails, /etc/resolv.conf in jail is wrong, no working nameserver in there or outgoing dns forbidden
- name: template jail
  shell: "bastille template {{ role_name }} services/{{ role_name }}"