- name: load private key into var
  set_fact:
    vpn_server_key: '{{ lookup("file", "files/wireguard/default/server.key" ) }}'

- name: load public key into var
  set_fact:
    vpn_server_public_key: '{{ lookup("file", "files/wireguard/default/server.pub" ) }}'

# this should eventually be replaced with using the
# PrivateKeyFile/PresharedKeyFile options
- name: load preshared keys into variables
  set_fact:
    vpn_peers: '{{ vpn_peers | combine({item.key: item.value|combine({"preshared_key": lookup("file", item.value.preshared_key_source_path )})})}}'
  with_dict: '{{ vpn_peers }}'

- name: load mobile private_key
  set_fact:
    vpn_peers: '{{ vpn_peers | combine({item.key: item.value|combine({"private_key": lookup("file", item.value.private_key_source_path )})})}}'
  with_dict: '{{ vpn_peers }}'
  when: item.key == "mobile"

- name: copy wireguard configuration files
  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'templates/network/wireguard/default/wg0.netdev.j2', dest: '/etc/systemd/network/wg0.netdev' }
    - {
        src: 'templates/network/wireguard/default/wg0.network.j2',
        dest: '/etc/systemd/network/wg0.network',
      }
  notify: restart systemd-networkd

- name: copy mobile configuration
  template:
    src: 'templates/network/wireguard/default/mobile.wireguard.j2'
    dest: '/tmp/mobile.conf'
    mode: '0600'
  when: copy_vpn_configurations

- name: create wireguard directories
  become: true
  file:
    path: '{{ item | dirname }}'
    owner: root
    group: systemd-network
    mode: '0640'
    state: directory
  loop:
    - '{{ vpn_server_key_path }}'
    - '{{ vpn_server_public_key_path }}'

- name: copy wireguard credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'files/wireguard/default/server.pub', dest: '{{ vpn_server_public_key_path }}' }
    - { src: 'files/wireguard/default/server.key', dest: '{{ vpn_server_key_path }}' }

- name: copy mobile wireguard credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'files/wireguard/default/mobile.pub', dest: '{{ vpn_server_public_key_path|dirname }}/mobile.pub' }
    - { src: 'files/wireguard/default/mobile.key', dest: '{{ vpn_server_key_path|dirname }}/mobile.key' }

- name: copy wireguard preshared keys
  become: true
  copy:
    src: '{{ item.value.preshared_key_source_path }}'
    dest: '{{ item.value.preshared_key_path }}'
    owner: root
    group: systemd-network
    mode: '0640'
  with_dict: '{{ vpn_peers }}'