machine_setup/ansible/roles/network/tasks/freebsd.yaml

# MANUAL: I had to run `sudo service local_unbound setup`
- name: Install configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  when: network_rc is defined
  loop:
    - src: "{{ network_rc }}"
      dest: /etc/rc.conf.d/network

- name: Install configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  when: routing_rc is defined
  loop:
    - src: "{{ routing_rc }}"
      dest: /etc/rc.conf.d/routing

- name: Install configuration
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0644
    owner: root
    group: wheel
  when: rtsold_rc is defined
  loop:
    - src: "{{ rtsold_rc }}"
      dest: /etc/rc.conf.d/rtsold

- name: Configure sysctls
  sysctl:
    name: "{{ item.name }}"
    value: "{{ item.value }}"
    state: present
    reload: false
    sysctl_file: "/etc/sysctl.conf.local"
  loop:
    - name: net.inet6.ip6.use_tempaddr # Enable privacy addresses
      value: "1"
    - name: net.inet6.ip6.prefer_tempaddr # Prefer privacy addresses
      value: "1"

- name: Install service configuration
  copy:
    src: "files/{{ item }}_rc.conf"
    dest: "/etc/rc.conf.d/{{ item }}"
    mode: 0644
    owner: root
    group: wheel
  loop:
    - local_unbound

- name: Prefer ipv6
  when: prefer_ipv6
  blockinfile:
    path: "/etc/rc.conf.d/ip6addrctl"
    marker: "# {mark} ANSIBLE MANAGED BLOCK"
    create: true
    mode: 0600
    owner: root
    group: wheel
    block: |
      ip6addrctl_policy="ipv6_prefer"      

- name: Don't Prefer ipv6
  when: not prefer_ipv6
  file:
    path: "/etc/rc.conf.d/ip6addrctl"
    state: absent

- name: Install scripts
  copy:
    src: "files/{{ item.src }}"
    dest: "{{ item.dest }}"
    mode: 0755
    owner: root
    group: wheel
  loop:
    - src: next_hop_freebsd.bash
      dest: /usr/local/bin/next_hop