---
- name: create services template dir
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}"
    state: directory
    recurse: yes

- name: copy template config files
  template:
    src: Bastillefile.j2
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/Bastillefile"

- name: create config path
  file:
    path: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"
    state: directory
    recurse: yes

- name: copy config file
  copy:
    src: sshd_config
    dest: "/usr/local/bastille/templates/services/{{ role_name }}/etc/ssh/"

# - name: create data/home dataset
#   community.general.zfs:
#     name: zroot/home
#     state: present
#     extra_zfs_properties:
#       mountpoint: /data/home


- name: create jail
  shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
  args:
    creates: /usr/local/bastille/jails/{{ role_name }}

- name: start jail
  # https://github.com/BastilleBSD/bastille/issues/342
  shell: bastille start {{ role_name }} || true

# FIXME: fails, /etc/resolv.conf in jail is wrong, no working nameserver in there or outgoing dns forbidden
- name: template jail
  shell: "bastille template {{ role_name }} services/{{ role_name }}"

- name: Create users
  loop: "{{ users }}"
  ansible.builtin.user:
    name: "{{ item.name }}"
    shell: "{{ item.shell }}"
    groups: "{{ item.groups }}"
    rootdir: "{{ item.rootdir }}"