- name: Include wireguard media defaults
  ansible.builtin.include_vars:
    file: vars/wireguard-media.yml

- name: Create Wireguard directories
  become: true
  ansible.builtin.file:
    path: '{{ item }}'
    owner: root
    group: systemd-network
    mode: '0750'
    state: directory
    recurse: true
  loop:
    - '{{ vpn_config_dir }}'
    - '{{ wireguard_media_defaults.private_key_path | dirname }}'
    - '{{ wireguard_media_defaults.public_key_path | dirname }}'
  notify:
    - restart systemd-networkd
    - restart systemd-resolved

- name: Copy Wireguard credentials
  become: true
  ansible.builtin.copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - dest: '{{ wireguard_media_defaults.public_key_path }}'
      src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.pub'

    - dest: '{{ wireguard_media_defaults.private_key_path }}'
      src: 'files/wireguard-media/{{ ansible_hostname }}/fudiggity.key'
  notify:
    - restart systemd-networkd
    - restart systemd-resolved

- name: Copy Wireguard preshared keys
  become: true
  ansible.builtin.copy:
    src: '{{ item.preshared_key_source_path }}'
    dest: '{{ item.preshared_key_path }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop: '{{ wireguard_media_defaults.peers }}'
  notify:
    - restart systemd-networkd
    - restart systemd-resolved

- name: Setup network configuration
  become: true
  ansible.builtin.template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - src: 'templates/{{ ansible_hostname }}/network/wg1.network.j2'
      dest: '/etc/systemd/network/40-wg1.network'

    - src: 'templates/{{ ansible_hostname }}/network/wg1.netdev.j2'
      dest: '/etc/systemd/network/40-wg1.netdev'
  notify:
    - restart systemd-networkd
    - restart systemd-resolved
  vars:
    wireguard: "{{ wireguard_media | ansible.builtin.combine(wireguard_media_defaults) }}"