---
# One-time initialisation playbook for the dlink OpenWrt AP.
#
# Run this while your PC is directly connected to a dlink LAN port
# (factory IP 192.168.1.1, no MikroTik in the picture yet).
#
# Applies the same network and firewall config as the main openwrt role,
# then reloads network in the background. Skips wireless (requires Vault).
#
# After this playbook finishes the device is no longer reachable at 192.168.1.1.
# Plug the WAN port into MikroTik ether3 and use playbooks/openwrt.yml for all
# further configuration.

- name: dlink — one-time network initialisation
  hosts: openwrt
  gather_facts: false
  vars:
    ansible_host: "192.168.1.1"
    ansible_user: root
    # Role defaults are not loaded when importing role task files directly.
    # These must mirror roles/openwrt/defaults/main.yml.
    openwrt_mgmt_ip: 192.168.255.11
    openwrt_mgmt_prefix: 24
    openwrt_mgmt_gateway: 192.168.255.10
    openwrt_dns_servers:
      - 192.168.0.1

  tasks:
    - name: Verify connectivity
      community.openwrt.ping:

    # import_tasks (static) is used instead of include_tasks (dynamic) so that
    # handler names referenced via notify in the imported files are silently
    # ignored rather than causing an error — no handlers are defined in this
    # play, and the explicit nohup reload below replaces them for the init case.
    - name: Network configuration
      ansible.builtin.import_tasks: ../roles/openwrt/tasks/network.yml

    - name: Firewall configuration
      ansible.builtin.import_tasks: ../roles/openwrt/tasks/firewall.yml

    - name: Reload network in background (device will drop off 192.168.1.1)
      community.openwrt.nohup:
        command: /etc/init.d/network reload
      ignore_unreachable: true