---
- name: create network bridges
  when: "'bridges' in vm_host.network"
  block:
    - name: generate bridge interface config
      loop: "{{ vm_host.network.bridges | default({}) | dict2items }}"
      loop_control:
        label: "{{ item.key }}"
      copy:
        dest: "/etc/network/interfaces.d/br-{{ item.key }}"
        content: |
          auto br-{{ item.key }}
          {% if 'prefix' in item.value %}
          iface br-{{ item.key }} inet static
            address {{ item.value.prefix | ipaddr('address') }}
            netmask {{ item.value.prefix | ipaddr('netmask') }}
          {%   if 'gateway' in item.value %}
            gateway {{ item.value.gateway }}
          {%   endif %}
          {% else %}
          iface br-{{ item.key }} inet manual
          {% endif %}
          {% if 'interfaces' in item.value and (item.value.interfaces | length) > 0 %}
            bridge_ports {{ item.value.interfaces | join(' ') }}
          {% else %}
            bridge_ports none
          {% endif %}
            bridge_stp off
            bridge_waitport 0
            bridge_fd 0
            up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/accept_ra
            up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
            up modprobe br_netfilter
            up /sbin/sysctl net.bridge.bridge-nf-call-iptables=0
            up /sbin/sysctl net.bridge.bridge-nf-call-ip6tables=0
            up /sbin/sysctl net.bridge.bridge-nf-call-arptables=0
          {% if 'prefix' in item.value %}
          {%   if 'nat' in item.value and item.value.nat %}
            up echo 1 > /proc/sys/net/ipv4/conf/$IFACE/forwarding
            up echo 1 > /proc/sys/net/ipv4/conf/{{ ansible_default_ipv4.interface }}/forwarding
            up /sbin/iptables -t nat -A POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ item.value.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
          {%   endif %}
          {%   if 'overlay' in item.value %}
          {%     for dest, offset in (item.value.overlay.offsets | dictsort(by='value')) %}
            up /bin/ip route add {{ (item.value.overlay.prefix | ipaddr(offset)).split('/')[0] }}/32 via {{ (item.value.prefix | ipaddr(item.value.offsets[dest])).split('/')[0] }}  # {{ dest }}
          {%     endfor %}
            up /bin/ip route add unreachable {{ item.value.overlay.prefix }}
            down /sbin/ip route del {{ item.value.overlay.prefix }}
          {%   endif %}
          {%   if 'nat' in item.value and item.value.nat %}
            down /sbin/iptables -t nat -D POSTROUTING -o {{ ansible_default_ipv4.interface }} -s {{ item.value.prefix | ipaddr('network/prefix') }} -j SNAT --to {{ ansible_default_ipv4.address }}
          {%   endif %}
          {% endif %}
          {% if 'prefix6' in item.value %}

          iface br-{{ item.key }} inet6 static
            address {{ item.value.prefix6 }}
          {%   if 'gateway6' in item.value %}
            gateway {{ item.value.gateway6 }}
          {%   endif %}
          {% endif %}
      register: vmhost_bridge_config

    ## We don't try to be to clever here: aka don't call ifdown before ifup because
    ## if there are VMs running they would end up with a broken network
    - name: bring up bridge interfaces
      loop: "{{ vmhost_bridge_config.results }}"
      loop_control:
        label: "br-{{ item.item.key }}"
      when: item is changed
      command: "/sbin/ifup br-{{ item.item.key }}"
      failed_when: false