---
- name: Install ipset and iptables
  ansible.builtin.apt:
    name:
      - ipset
      - iptables
    state: present

- name: Create geoblock config directory
  ansible.builtin.file:
    path: "{{ geoblock_zone_path | dirname }}"
    state: directory
    owner: root
    group: root
    mode: "0755"

- name: Deploy geoblock update script
  ansible.builtin.template:
    src: geoblock-update.sh.j2
    dest: "{{ geoblock_script_path }}"
    owner: root
    group: root
    mode: "0755"
  notify: reload geoblock

- name: Deploy geoblock systemd service
  ansible.builtin.template:
    src: geoblock.service.j2
    dest: /etc/systemd/system/geoblock.service
    owner: root
    group: root
    mode: "0644"

- name: Run initial geoblock load
  ansible.builtin.command:
    cmd: "{{ geoblock_script_path }}"
    creates: "{{ geoblock_zone_path }}"

- name: Enable geoblock service for boot
  ansible.builtin.systemd:
    name: geoblock
    daemon_reload: yes
    enabled: yes

- name: Configure daily cron for geoblock refresh
  ansible.builtin.cron:
    name: "geoblock-refresh"
    hour: "{{ geoblock_cron_hour }}"
    minute: "{{ geoblock_cron_minute }}"
    job: "{{ geoblock_script_path }}"
    user: root