---

- name: Install wireguard using apt
  apt:
    name:
      - wireguard
    state: present

- name: Create wireguard configuration environment directories
  file:
    state: directory
    path: "{{ item }}"
    owner: root
    group: root
    mode: "u=rwx,g=rx,o=rx"
  loop:
    - "{{ global_wireguard_configuration_environment_directory }}"
    - "{{ global_wireguard_configuration_environment_directory }}/peers"

- name: Upload makefile to wireguard configuration environment
  template:
    src: wireguard.makefile
    dest: "{{ global_wireguard_configuration_environment_directory }}/makefile"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"

- name: Create link in ssh configuration environment
  file:
    state: link
    src: "{{ global_wireguard_configuration_directory }}"
    dest: "{{ global_wireguard_configuration_link }}"

- name: Create wireguard key directory
  file:
    state: directory
    path: "{{ wireguard_key_directory }}"
    owner: root
    group: root
    mode: "u=rwx,g=,o="

- name: Generate key pair
  command: >-
    /bin/sh -c "wg genkey
    | tee {{ wireguard_private_key | quote }}
    | wg pubkey > {{ wireguard_public_key | quote }}"
  args:
    chdir: "{{ wireguard_key_directory }}"
    creates: "{{ wireguard_public_key }}"

- name: Download wireguard public key
  fetch:
    src: "{{ wireguard_public_key }}"
    dest: "{{ global_wireguard_public_directory }}/{{ inventory_hostname }}"
    fail_on_missing: yes
    flat: yes
    validate_checksum: yes

- name: Store peer configuration locally
  template:
    src: "peer.cfg"
    dest: "{{ global_wireguard_peers_directory }}/{{ inventory_hostname }}"
    owner: "{{ local_user }}"
    group: "{{ local_user }}"
    mode: "u=rw,g=r,o="
  delegate_to: localhost

- name: Store main config
  template:
    src: "wireguard.cfg"
    dest: "{{ global_wireguard_configuration_environment_directory }}/main.cfg"
    owner: root
    group: root
    mode: "u=rw,g=,o="
  notify:
    - reassemble wireguard config

- name: Add control scripts
  template:
    src: "{{ item }}.sh"
    dest: "{{ global_wireguard_configuration_directory }}/{{ item }}.sh"
    owner: root
    group: root
    mode: "u=rwx,g=r,o=r"
    validate: "{{ global_validate_shell_script }}"
  notify:
    - reload wireguard interface
  loop:
    - up
    - down

- name: Configure WireGuard on boot
  template:
    src: wireguard.service
    dest: "{{ global_systemd_configuration_directory }}/wireguard.service"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  notify:
    - reload systemd