---
pkgs:
  apparmor:
    - "{{ ansible_os_family == 'Debian' }}"
  apt-transport-https:
    - "{{ ansible_os_family == 'Debian' }}"
  aufs-tools:
    - "{{ ansible_os_family == 'Debian' }}"
    - "{{ ansible_distribution_major_version == '10' }}"
    - "{{ 'k8s_cluster' in group_names }}"
  bash-completion: []
  conntrack:
    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
    - "{{ ansible_distribution != 'openEuler' }}"
    - "{{ 'k8s_cluster' in group_names }}"
  conntrack-tools:
    - "{{ ansible_os_family == 'Suse' or ansible_distribution in ['Amazon', 'openEuler'] }}"
    - "{{ 'k8s_cluster' in group_names }}"
  container-selinux:
    - "{{ ansible_os_family == 'RedHat' }}"
    - "{{ 'k8s_cluster' in group_names }}"
  curl: []
  device-mapper:
    - "{{ ansible_os_family == 'Suse' or ansible_distribution == 'openEuler' }}"
    - "{{ 'k8s_cluster' in group_names }}"
  device-mapper-libs:
    - "{{ ansible_os_family == 'RedHat' }}"
    - "{{ ansible_distribution != 'openEuler' }}"
  e2fsprogs: []
  ebtables: []
  gnupg:
    - "{{ ansible_distribution == 'Debian' }}"
    - "{{ ansible_distribution_major_version in ['11', '12'] }}"
    - "{{ 'k8s_cluster' in group_names }}"
  ipset:
    - "{{ kube_proxy_mode != 'ipvs' }}"
    - "{{ 'k8s_cluster' in group_names }}"
  iptables:
    - "{{ ansible_os_family in ['Debian', 'RedHat'] }}"
  ipvsadm:
    - "{{ kube_proxy_mode == 'ipvs' }}"
    - "{{ 'k8s_cluster' in group_names }}"
  libseccomp:
    - "{{ ansible_os_family == 'RedHat' }}"
  libseccomp2:
    - "{{ ansible_os_family in ['Debian', 'Suse'] }}"
    - "{{ 'k8s_cluster' in group_names }}"
  libselinux-python:  # TODO: Handle rehat_family + major < 8
    - "{{ ansible_distribution == 'Amazon' }}"
  libselinux-python3:
    - "{{ ansible_distribution == 'Fedora' }}"
  mergerfs:
    - "{{ ansible_distribution == 'Debian' }}"
    - "{{ ansible_distribution_major_version == '12' }}"
  nftables:
    - "{{ kube_proxy_mode == 'nftables' }}"
    - "{{ 'k8s_cluster' in group_names }}"
  nss:
    - "{{ ansible_os_family == 'RedHat' }}"
  openssl: []
  python-apt:
    - "{{ ansible_os_family == 'Debian' }}"
    - "{{ ansible_distribution_major_version == '10' }}"
  python3-apt:
    - "{{ ansible_os_family == 'Debian' }}"
    - "{{ ansible_distribution_major_version != '10' }}"
  python3-libselinux:
    - "{{ ansible_distribution in ['RedHat', 'CentOS'] }}"
  rsync: []
  socat: []
  software-properties-common:
    - "{{ ansible_os_family == 'Debian' }}"
  tar: []
  unzip: []
  xfsprogs: []

coredns_server_by_mode:
  coredns: "{{ [skydns_server] }}"
  coredns_dual: "{{ [skydns_server, skydns_server_secondary] }}"
  manual: "{{ manual_dns_server.split(',') }}"
  none: []
coredns_server: "{{ upstream_dns_servers if dns_early else coredns_server_by_mode[dns_mode] }}"

_nameserverentries:
  late:
    - "{{ nodelocaldns_ip if enable_nodelocaldns else coredns_server }}"
  early:
    - "{{ nameservers }}"
    - "{{ cloud_resolver }}"
    - "{{ configured_nameservers if not disable_host_nameservers else [] }}"
nameserverentries: "{{ ((_nameserverentries['late'] if not dns_early else []) + _nameserverentries['early']) | flatten | unique }}"
dhclient_supersede:
  domain-name-servers: "{{ ([nameservers, cloud_resolver] | flatten | unique) if dns_early else nameserverentries }}"
  domain-name: "{{ [dns_domain] }}"
  domain-search: "{{ default_searchdomains + searchdomains }}"
configured_nameservers: "{{ (resolvconf_slurp.content | b64decode | regex_findall('^nameserver\\s*(\\S*)', multiline=True) | ansible.utils.ipaddr)
                            if resolvconf_stat.stat.exists else [] }}"