---
- name: Configure /etc/default/nfs-common for NFSv4-only
  ansible.builtin.lineinfile:
    path: /etc/default/nfs-common
    regexp: '^(# *)?{{ item.key }}=.*'
    line: '{{ item.key }}={{ item.val }}'
  loop:
    - { key: NEED_STATD,  val: '"no"'  }
    - { key: NEED_IDMAPD,  val: '"yes"' }
  become: true
  notify: Reload nfs service

- name: Configure /etc/default/nfs-kernel-server for NFSv4-only
  ansible.builtin.lineinfile:
    path: /etc/default/nfs-kernel-server
    regexp: '^(# *)?{{ item.key }}=.*'
    line: '{{ item.key }}={{ item.val }}'
    create: true      # in case the file or the var is missing
  loop:
    - { key: RPCNFSDOPTS,  val: '"--no-nfs-version 2 --no-nfs-version 3"'           }
    - { key: RPCMOUNTDOPTS,  val: '"--manage-gids --no-nfs-version 2 --no-nfs-version 3"' }
  become: true
  notify: Reload nfs service

  # This _can_ be used on very modern kernels, but disables
  # the rpcbind fallback if nfsdctl lockd configuration fails.
  # Debian 13 still requires this so it is disabled by default
- name: Mask rpcbind units (not needed for NFSv4)
  ansible.builtin.systemd:
    name: "{{ item }}"
    masked: true
    state: stopped
  loop:
    - rpcbind.service
    - rpcbind.socket
  become: true
  when: "nfs_v4_disable_rpcbind_fallback"

- name: Unmask rpcbind units to keep as fallback
  ansible.builtin.systemd:
    name: "{{ item }}"
    masked: false
    state: started
  loop:
    - rpcbind.socket
    - rpcbind.service
  become: true
  when: "not nfs_v4_disable_rpcbind_fallback"