---

- name: Format and mount the libvirt disk if it is not root
  when:
    - hypervisor.device is defined
    - hypervisor.device not in (ansible_mounts | json_query('[?mount == `/var/lib/libvirt`].device'))
  ansible.builtin.include_tasks:
    file: libvirt_drive_mount.yaml

- name: Install libvirt packages (Archlinux)
  when: ansible_distribution == 'Archlinux'
  community.general.pacman:
    name: "{{ libvirt_packages['Archlinux'] }}"
    state: present
    update_cache: true

- name: Add user to libvirt group
  ansible.builtin.user:
    name: "{{ ansible_user }}"
    groups:
      - libvirt
      - libvirt-qemu
    append: true

- name: Load br_netfilter kernel module so sysctl flags can be set
  community.general.modprobe:
    name: br_netfilter
    state: present

- name: Set required sysctl flags for bridging
  ansible.posix.sysctl:
    name: "{{ item.name }}"
    reload: true
    state: present
    sysctl_file: /etc/sysctl.d/bridge.conf
    sysctl_set: true
    value: "{{ item.value }}"
  loop:
    - name: net.ipv4.ip_forward
      value: 1
    - name: net.bridge.bridge-nf-call-iptables
      value: 0
    - name: net.bridge.bridge-nf-call-ip6tables
      value: 0
    - name: net.bridge.bridge-nf-call-arptables
      value: 0

- name: Add bridge(s) to qemu_bridge_helper
  when: qemu_bridges is defined
  ansible.builtin.lineinfile:
    path: /etc/qemu/bridge.conf
    line: "{{ item }}"
    state: present
    backup: false
    insertafter: EOF
  loop: "{{ qemu_bridges | default(['virbr0']) }}"

- name: Start and enable libvirt service
  ansible.builtin.service:
    name: libvirtd.service
    state: started
    enabled: true

- name: Stop the default libvirt network
  community.libvirt.virt_net:
    name: default
    state: inactive

- name: Remove default libvirt network
  community.libvirt.virt_net:
    name: default
    state: absent

- name: Remove the default libvirt storage pool
  community.libvirt.virt_pool:
    name: default
    state: deleted

- name: Create standard libvirt storage directories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: libvirt-qemu
    group: libvirt-qemu
    mode: '0775'
  loop:
    - /var/lib/libvirt/isos/
    - /var/lib/libvirt/nvram/

- name: Get libvirt storage pool facts
  community.libvirt.virt_pool:
    command: facts

- name: Define the standard libvirt storage pools # TODO add when condition against existing pools
  community.libvirt.virt_pool:
    name: "{{ item.name }}"
    command: define
    xml: "{{ lookup('template', 'dir_libvirt_pool.xml.j2') }}"
  loop:
    - name: isos
      path: /var/lib/libvirt/isos/
    - name: nvram
      path: /var/lib/libvirt/nvram/

- name: Create the standard libvirt storage pools
  community.libvirt.virt_pool:
    name: "{{ item }}"
    command: build
  loop:
    - isos
    - nvram

- name: Start the standard libvirt storage pools
  community.libvirt.virt_pool:
    name: "{{ item }}"
    state: active
    autostart: true
  loop:
    - isos
    - nvram

- name: Setup additional libvirt storage (dir)
  when: hypervisor.storage == 'dir'
  ansible.builtin.include_tasks:
    file: libvirt_dir.yaml

- name: Setup additional libvirt storage (zfs)
  when: hypervisor.storage == 'zfs'
  ansible.builtin.include_tasks:
    file: libvirt_zfs.yaml

# - name: Enroll libvirtd TLS certificate

# - name: Configure libvirtd TLS listener

# - name: Open libvirtd TLS firewall ports