---
- name: Include wireguard media defaults
  ansible.builtin.include_vars:
    file: vars/wireguard-media.yml

- name: Create Wireguard directories
  become: true
  ansible.builtin.file:
    path: "{{ item }}"
    owner: root
    group: systemd-network
    mode: "0750"
    state: directory
    recurse: true
  loop:
    - "{{ vpn_config_dir }}"
    - "{{ wireguard_media_defaults.private_key_path | dirname }}"
    - "{{ wireguard_media_defaults.public_key_path | dirname }}"
  notify:
    - Restart systemd-networkd
    - Restart systemd-resolved

- name: Copy Wireguard credentials
  become: true
  ansible.builtin.copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: systemd-network
    mode: "0640"
  loop:
    - dest: "{{ wireguard_media_defaults.public_key_path }}"
      src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub"

    - dest: "{{ wireguard_media_defaults.private_key_path }}"
      src: "files/wireguard-media/{{ ansible_hostname }}/fudiggity.key"
  notify:
    - Restart systemd-networkd
    - Restart systemd-resolved

- name: Copy Wireguard preshared keys
  become: true
  ansible.builtin.copy:
    src: "{{ item.preshared_key_source_path }}"
    dest: "{{ item.preshared_key_path }}"
    owner: root
    group: systemd-network
    mode: "0640"
  loop: "{{ wireguard_media_defaults.peers }}"
  notify:
    - Restart systemd-networkd
    - Restart systemd-resolved

- name: Setup network configuration
  become: true
  ansible.builtin.template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
    owner: root
    group: systemd-network
    mode: "0640"
  loop:
    - src: "templates/{{ ansible_hostname }}/network/wg1.network.j2"
      dest: "/etc/systemd/network/40-wg1.network"

    - src: "templates/{{ ansible_hostname }}/network/wg1.netdev.j2"
      dest: "/etc/systemd/network/40-wg1.netdev"
  notify:
    - Restart systemd-networkd
    - Restart systemd-resolved
  vars:
    wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}"