---
- name: Test for cmdline path
  ansible.builtin.stat:
    path: /boot/firmware/cmdline.txt
  register: boot_cmdline_path
  failed_when: false
  changed_when: false

- name: Set cmdline path based on Debian version and command result
  ansible.builtin.set_fact:
    cmdline_path: >-
      {{
        (
          boot_cmdline_path.stat.exists and
          ansible_facts.lsb.description | default('') is match('Debian.*(?!(bookworm|sid))')
        ) | ternary(
          '/boot/firmware/cmdline.txt',
          '/boot/cmdline.txt'
        )
      }}

- name: Activating cgroup support
  ansible.builtin.lineinfile:
    path: "{{ cmdline_path }}"
    regexp: ^((?!.*\bcgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory\b).*)$
    line: \1 cgroup_enable=cpuset cgroup_memory=1 cgroup_enable=memory
    backrefs: true
  notify: reboot

- name: Install iptables
  ansible.builtin.apt:
    name: iptables
    state: present

- name: Flush iptables before changing to iptables-legacy
  ansible.builtin.iptables:
    flush: true

- name: Changing to iptables-legacy
  community.general.alternatives:
    path: /usr/sbin/iptables-legacy
    name: iptables
  register: ip4_legacy

- name: Changing to ip6tables-legacy
  community.general.alternatives:
    path: /usr/sbin/ip6tables-legacy
    name: ip6tables
  register: ip6_legacy