---
- name: Install or update consul
  become: true
  apt:
    name: consul
    state: latest
    update_cache: yes
  when: ansible_check_mode == false

- name: Add consul user
  become: true
  user:
    name: consul
    system: yes
    shell: /bin/false

- name: Create consul directories
  become: true
  file:
    path: "{{ item }}"
    state: directory
    owner: consul
    group: consul
  with_items:
    - /etc/consul.d
    - /opt/consul

- include_tasks: configure.yml

- name: Enable and start consul
  become: true
  systemd:
    name: consul
    enabled: yes
    state: started
  when: ansible_check_mode == false

- name: Ensure systemd-resolved config directory exists
  become: true
  file:
    path: /etc/systemd/resolved.conf.d
    state: directory

- name: Configure Consul DNS in systemd-resolved
  become: true
  copy:
    dest: /etc/systemd/resolved.conf.d/consul.conf
    content: |
      [Resolve]
      DNS=127.0.0.1:8600
      DNSSEC=false
      Domains=~consul node.consul service.consul

- name: Configure Docker to use systemd-resolved
  become: true
  copy:
    dest: /etc/systemd/resolved.conf.d/docker.conf
    content: |
      [Resolve]
      DNSStubListener=yes
      DNSStubListenerExtra=172.17.0.1

- name: Configure Docker to use systemd-resolved
  become: true
  copy:
    dest: /etc/docker/daemon.json
    content: |
      {
        "dns": ["172.17.0.1"]
      }

- name: Restart docker daemon
  become: true
  systemd:
    name: docker
    enabled: yes
    state: restarted
  when: ansible_check_mode == false

# this is to stop bind9 and pdns from conflicting with systemd-resolved
- name: Remove bind9 and pdns
  become: true
  ansible.builtin.apt:
    name:
      - bind9
      - pdns-backend-bind
      - pdns-recursor
      - pdns-server
    state: absent
    purge: true
  when: ansible_os_family == "Debian"

- name: Restart systemd-resolved
  become: true
  systemd:
    name: systemd-resolved
    enabled: yes
    state: restarted
  when: ansible_check_mode == false