---
- name: ensure packages are installed
  become: true
  ansible.builtin.package:
    name:
      - dnsmasq
      - wget
    state: present
  register: install

- name: stop dnsmasq (to prevent accidental DHCP-Server after installation)
  become: true
  ansible.builtin.service:
    name: dnsmasq
    state: stopped
  when: install.changed

- name: ensure group exists
  become: true
  ansible.builtin.group:
    name: "{{ dnsmasq_user_group }}"
    state: present
  when:
    - dnsmasq_user_group is defined

- name: ensure user exists
  become: true
  ansible.builtin.user:
    name: "{{ dnsmasq_user }}"
    group: "{{ dnsmasq_user_group }}"
    ansible.builtin.shell: /usr/sbin/nologin
    create_home: false
  when:
    - dnsmasq_user_group is defined
    - dnsmasq_user is defined

- name: ensure needed directories exists
  become: true
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: "{{ dnsmasq_user }}"
    group: "{{ dnsmasq_user_group }}"
  loop:
    - /etc/dnsmasq.d
    - /etc/dnsmasq.d/blocklists

- name: clear default directories
  become: true
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - /etc/dnsmasq.d/README

- name: template logrotate config
  become: true
  ansible.builtin.template:
    src: logrotate.j2
    dest: /etc/logrotate.d/dnsmasq
    owner: root
    group: root