ansible/roles/wireguard/special_client/tasks/main.yml

---

- name: Generate private key
  command: >-
        /bin/sh -c "/usr/bin/wg genkey > {{ wireguard_client_private_key | quote }}"
  args:
    creates: "{{ wireguard_client_private_key }}"
  register: wireguard_private_key
  delegate_to: 127.0.0.1

- name: Generate public key
  command: >-
        /bin/sh -c "< {{ client_public_key | quote }} /usr/bin/wg pubkey > {{ wireguard_client_private_key | quote }}"
  when: wireguard_private_key.changed
  delegate_to: 127.0.0.1

- name: Store public key to backbones
  template:
    src: "peer.cfg"
    dest: "{{ netdev_directory }}/{{ inventory_hostname }}.conf"
    owner: root
    group: root
    mode: "u=rw,g=r,o=r"
  delegate_to: "{{ item }}"
  when: "item != inventory_hostname"
  loop: "{{ groups['wireguard_backbones'] }}"