- name: Ensure wg-tools installed locally
  hosts: localhost
  become: yes
  tasks:
    - name: install wireguard-tools
      apt:
        name: wireguard-tools
- name: Setup Wireguard server
  hosts: wg_server
  become: yes
  tasks:
    - name: Install wireguard
      apt:
        name:
          - wireguard
          - wireguard-tools
        state: present
      when: ansible_facts['os_family'] == "Debian"
    - name: generate public keys
      shell: "echo \"{{ hostvars[item].wg_key }}\" | wg pubkey"
      register: pubkeys
      delegate_to: localhost
      changed_when: false
      with_items: "{{ groups['wg_clients'] | list }}"
    - name: Generate Server wg-config
      template:
        src: wg_server.j2
        dest: "/etc/wireguard/{{ wg_interface }}.conf"
      notify: read wg config
#    - name: Gemerate debian-specific interface-config
#      template:
#        src: debian_interface.j2
#        dest: "/etc/network/interfaces.d/{{ wg_interface }}"
#      when: ansible_facts['os_family'] == "Debian"
#      notify: reload interface
    - name: Start and enable wg-quick service
      service:
        name: "wg-quick@{{ wg_interface }}"
        state: started
        enabled: true
    - name: enable IP forwarding
      lineinfile:
        path: /etc/sysctl.conf
        regexp: "{{ item }}"
        line: "{{ item }}=1"
      with_items:
        - net.ipv4.ip_forward
        - net.ipv6.conf.all.forwarding
      notify: reload sysconfig
  handlers:
    - name: read wg config
      service:
        name: "wg-quick@{{ wg_interface }}"
        state: restarted
    #      shell: "wg syncconf {{ wg_interface }} <(wg-quick strip {{ wg_interface }})"
#      command: "wg setconf {{ wg_interface }} /etc/wireguard/{{ wg_interface }}.conf"
#    - name: reload interface
#      shell: "ifdown {{ wg_interface }}; ifup {{ wg_interface }}"
    - name: reload sysconfig
      command: sysctl -p /etc/sysctl.conf
- name: Generate client configs
  hosts: localhost
  tasks:
    - name: Ensure cient conf directory exists
      file:
        path: wg_clients
        state: directory
    - name: generate server pubkey
      shell: "echo \"{{ hostvars[groups['wg_server'][0]].wg_key }}\" | wg pubkey"
      register: server_pubkey
      changed_when: false
    - name: generate client config
      template:
        src: wg_client.j2
        dest: "wg_clients/wg_{{ item }}.conf"
      with_items: "{{ groups['wg_clients'] | list }}"