---
- name: install bastille
  pkgng:
    name: bastille

- name: enable bastille
  community.general.sysrc:
    name: bastille_enable
    value: "YES"

- name: add bastille devfs rule
  blockinfile:
    path: /etc/devfs.rules
    marker: "<!-- {mark} ANSIBLE MANAGED vnet -->"
    create: yes
    block: |
      [bastille_vnet=13]
      add path 'bpf*' unhide

- name: enable zfs for bastille
  community.general.sysrc:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    path: /usr/local/etc/bastille/bastille.conf
  loop:
    - { name: "bastille_zfs_enable", value: "YES" }
    - { name: "bastille_zfs_zpool", value: "zroot" }

- name: bootstrap {{ release }} release
  shell: "bastille bootstrap {{ release }}"
  args:
    creates: "/usr/local/bastille/releases/{{ release }}"

- name: configure bootstrap to use latest pkgs
  replace:
    path: "/usr/local/bastille/releases/{{ release }}/etc/pkg/FreeBSD.conf"
    regexp: '^(.*)quarterly(.*)$'
    replace: '\1latest\2'

- name: determine ipv6 address
  shell: ifconfig {{ netif.primary }} inet6 | awk '{ if (/2a01/) { print $2 }}'
  register: primaryip

- name: setup bastille.conf
  template:
    src: bastille.conf.j2
    dest: /usr/local/etc/bastille/bastille.conf

# - name: update bootstrap
#   shell: "bastille update {{ release }}"