- name: load private key into var
  set_fact:
    vpn_server_key: '{{ lookup("file", "files/wireguard/server.key" ) }}'

- name: load public key into var
  set_fact:
    vpn_server_public_key: '{{ lookup("file", "files/wireguard/server.pub" ) }}'

# this should eventually be replaced with using the
# PrivateKeyFile/PresharedKeyFile options
- name: load preshared keys into variables
  set_fact:
    vpn_peers: '{{ vpn_peers | combine({item.key: item.value|combine({"preshared_key": lookup("file", item.value.preshared_key_source_path )})})}}'
  with_dict: '{{ vpn_peers }}'

- name: load mobile private_key
  set_fact:
    vpn_peers: '{{ vpn_peers | combine({item.key: item.value|combine({"private_key": lookup("file", item.value.private_key_source_path )})})}}'
  with_dict: '{{ vpn_peers }}'
  when: item.key == "mobile"

- name: copy network configuration files
  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'templates/network/link1.link.j2', dest: '/etc/systemd/network/link1.link' }
    - {
        src: 'templates/network/link1.network.j2',
        dest: '/etc/systemd/network/link1.network',
      }
    - { src: 'templates/network/wg0.netdev.j2', dest: '/etc/systemd/network/wg0.netdev' }
    - {
        src: 'templates/network/wg0.network.j2',
        dest: '/etc/systemd/network/wg0.network',
      }

- name: copy interface restart timer/service
  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - {
        src: 'templates/interface_restart.timer.j2',
        dest: '/etc/systemd/system/interface-restart.timer',
      }
    - {
        src: 'templates/interface_restart.service.j2',
        dest: '/etc/systemd/system/interface-restart.service',
      }

- name: enable interface restart timer
  become: true
  systemd:
    name: interface-restart.timer
    state: started
    enabled: true

- name: copy mobile configuration
  template:
    src: 'mobile.wireguard.j2'
    dest: '/tmp/mobile.wireguard.conf'
    mode: '0600'
  when: copy_mobile_conf

- name: create wireguard directories
  become: true
  file:
    path: '{{ item | dirname }}'
    owner: root
    group: systemd-network
    mode: '0640'
    state: directory
  loop:
    - '{{ vpn_server_key_path }}'
    - '{{ vpn_server_public_key_path }}'

- name: copy wireguard credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'files/wireguard/server.pub', dest: '{{ vpn_server_public_key_path }}' }
    - { src: 'files/wireguard/server.key', dest: '{{ vpn_server_key_path }}' }

- name: copy mobile wireguard credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'files/wireguard/mobile.pub', dest: '{{ vpn_server_public_key_path }}' }
    - { src: 'files/wireguard/mobile.key', dest: '{{ vpn_server_key_path }}' }

- name: copy wireguard preshared keys
  become: true
  copy:
    src: '{{ item.value.preshared_key_source_path }}'
    dest: '{{ item.value.preshared_key_path }}'
    owner: root
    group: systemd-network
    mode: '0640'
  with_dict: '{{ vpn_peers }}'

- name: restart systemd-networkd
  become: true
  systemd:
    name: systemd-networkd
    state: restarted
    enabled: true