- name: copy network configuration files
  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    mode: '0640'
  loop:
    - {
        src: 'templates/network/br0.netdev.j2',
        dest: '/etc/systemd/network/br0.netdev',
      }
    - {
        src: 'templates/network/br0.network.j2',
        dest: '/etc/systemd/network/br0.network',
      }
    - {
        src: 'templates/network/enp5s0.network.j2',
        dest: '/etc/systemd/network/enp5s0.network',
      }
    - {
        src: 'templates/network/wg0.netdev.j2',
        dest: '/etc/systemd/network/wg0.netdev',
      }
    - {
        src: 'templates/network/wg0.network.j2',
        dest: '/etc/systemd/network/wg0.network',
      }

- name: create wireguard directories
  become: true
  file:
    path: '{{ item | dirname }}'
    owner: root
    group: systemd-network
    mode: '0640'
    state: directory
  loop:
    - '{{ vpn_server_key_path }}'
    - '{{ vpn_server_public_key_path }}'

- name: copy wireguard credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - {
        src: 'files/wireguard/server.pub',
        dest: '{{ vpn_server_public_key_path }}',
      }
    - {
        src: 'files/wireguard/server.key',
        dest: '{{ vpn_server_key_path }}',
      }
    - {
        src: 'files/wireguard/preshared.key',
        dest: '{{ vpn_preshared_path }}',
      }

- name: restart systemd-networkd
  become: true
  systemd:
    name: systemd-networkd
    state: restarted
    enabled: true