---

# We must enable IP forwarding for hosts that advertise routes or are exit nodes
# https://tailscale.com/kb/1104/enable-ip-forwarding
# https://docs.ansible.com/ansible/latest/collections/ansible/posix/sysctl_module.html
# https://tailscale.com/kb/1019/subnets

# rename the ugly "item.value" of the outer loop to something more workable
- name: Rename value var from outer loop
  ansible.builtin.set_fact:
    tsnet: "{{ item.value }}"

- name: Enable IPv4 forwarding for hosts that advertise routes or exit nodes
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present
    reload: yes
    sysctl_set: yes
  loop: "{{ tsnet }}"
  loop_control:
    loop_var: tshost
  when:
    - inventory_hostname == tshost.host
    - >
      tshost.args.find("advertise-routes") != -1 or
      tshost.args.find("advertise-exit-node") != -1

- name: Enable IPv6 forwarding for hosts that advertise routes or exit nodes
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    state: present
    reload: yes
    sysctl_set: yes
  loop: "{{ tsnet }}"
  loop_control:
    loop_var: tshost
  when:
    - inventory_hostname == tshost.host
    - >
      tshost.args.find("advertise-routes") != -1 or
      tshost.args.find("advertise-exit-node") != -1