- name: create wireguard directories
  become: true
  file:
    path: '{{ item | dirname }}'
    owner: root
    group: systemd-network
    mode: '0644'
    state: directory
  loop:
    - '{{ vpn_private_key_path }}'
    - '{{ vpn_public_key_path }}'

- name: copy wireguard credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - {
        dest: '{{ vpn_public_key_path }}',
        src: 'files/{{ platform }}/wireguard/{{ platform }}.pub',
      }
    - {
        dest: '{{ vpn_private_key_path }}',
        src: 'files/{{ platform }}/wireguard/{{ platform }}.key',
      }

- name: copy wireguard preshared keys
  become: true
  copy:
    src: '{{ item.preshared_key_source_path }}'
    dest: '{{ item.preshared_key_path }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop: '{{ vpn_peers }}'

- name: setup desktop network configuration
  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - {
        src: 'templates/desktop/network/enp.network.j2',
        dest: '/etc/systemd/network/20-wired.network',
      }
    - {
        src: 'templates/desktop/network/vmbr0.network.j2',
        dest: '/etc/systemd/network/30-vmbr0.network',
      }
    - {
        src: 'templates/desktop/network/vmbr0.netdev.j2',
        dest: '/etc/systemd/network/30-vmbr0.netdev',
      }
    - {
        src: 'templates/desktop/network/wg0.network.j2',
        dest: '/etc/systemd/network/40-wg0.network',
      }
    - {
        src: 'templates/desktop/network/wg0.netdev.j2',
        dest: '/etc/systemd/network/40-wg0.netdev',
      }
  when: platform == "desktop"

- name: setup laptop network configuration
  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - {
        src: 'templates/laptop/network/wireless.network.j2',
        dest: '/etc/systemd/network/20-wireless.network',
      }
    - {
        src: 'templates/laptop/network/vmbr0.network.j2',
        dest: '/etc/systemd/network/30-vmbr0.network',
      }
    - {
        src: 'templates/laptop/network/vmbr0.netdev.j2',
        dest: '/etc/systemd/network/30-vmbr0.netdev',
      }
    - {
        src: 'templates/laptop/network/wg0.network.j2',
        dest: '/etc/systemd/network/40-wg0.network',
      }
    - {
        src: 'templates/laptop/network/wg0.netdev.j2',
        dest: '/etc/systemd/network/40-wg0.netdev',
      }
  when: platform == "laptop"

- name: restart systemd-networkd
  become: true
  systemd:
    name: systemd-networkd
    state: restarted
    enabled: true

- name: start systemd-resolved service
  become: true
  systemd:
    name: systemd-resolved
    state: started
    enabled: true

- name: start iwd service
  become: true
  systemd:
    name: iwd
    state: started
    enabled: true
  when: platform == "laptop"

- name: copy firewall template
  become: true
  template:
    src: 'templates/{{ platform }}/nftables.j2'
    dest: '/etc/nftables.conf'
    owner: root
    group: root
    mode: '0600'
  notify: restart nftables