- name: Install packages for wireguard
  ansible.builtin.apt:
    update_cache: yes
    pkg:
      - qrencode
      - wireguard
      - wireguard-tools

- name: Wireguard server config
  ansible.builtin.template:
    src: wireguard-server.conf
    dest: /etc/wireguard/wg0.conf
    mode: "0600"
    backup: yes
  become: true
  register: wireguard_conf

- name: Enable wireguard
  ansible.builtin.service:
    name: wg-quick@wg0
    enabled: true
  become: true

- name: Restart wireguard
  ansible.builtin.service:
    name: wg-quick@wg0
    state: restarted
  when: wireguard_conf.changed
  become: true

- name: Create wireguard client directory
  ansible.builtin.file:
    path: "/home/{{ users.0.username }}/wireguard-clients"
    state: directory
    owner: "{{ users.0.username }}"
    mode: 0700

- name: Wireguard client configuration
  ansible.builtin.template:
    src: wireguard-client.conf
    dest: "/home/{{ users.0.username }}/wireguard-clients/{{ item.key }}.conf"
    owner: "{{ users.0.username }}"
    mode: 0600
  loop: "{{ wireguard.clients|dict2items }}"
  loop_control:
    label: "{{ item.key }}"

- name: Enable p2p communication
  ansible.builtin.sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    sysctl_set: yes
    state: present
    reload: yes
    sysctl_file: /etc/sysctl.d/99-sysctl.conf
  become: true