- name: load media private key into var
  set_fact:
    vpn_media_server_key: '{{ lookup("file", "files/wireguard/media/server.key" ) }}'

- name: load media public key into var
  set_fact:
    vpn_media_server_public_key: '{{ lookup("file", "files/wireguard/media/server.pub" ) }}'

# this should eventually be replaced with using the
# PrivateKeyFile/PresharedKeyFile options
- name: load preshared media keys into variables
  set_fact:
    vpn_media_peers: '{{ vpn_media_peers | combine({item.key: item.value|combine({"preshared_key": lookup("file", item.value.preshared_key_source_path )})})}}'
  with_dict: '{{ vpn_media_peers }}'

- name: load external media private_keys
  set_fact:
    vpn_media_peers: '{{ vpn_media_peers | combine({item.key: item.value|combine({"private_key": lookup("file", item.value.private_key_source_path )})})}}'
  with_dict: '{{ vpn_media_peers }}'
  when: item.key in ['mobile_peer_1', 'mobile_peer_2', 'tv']

- name: copy wireguard media configuration files
  become: true
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'templates/network/wireguard/media/wg1.netdev.j2', dest: '/etc/systemd/network/wg1.netdev' }
    - {
        src: 'templates/network/wireguard/media/wg1.network.j2',
        dest: '/etc/systemd/network/wg1.network',
      }
  notify: restart systemd-networkd

- name: copy external media configurations
  template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    mode: '0600'
  loop:
    - { src: 'templates/network/wireguard/media/mobile_1.wireguard.j2', dest: '/tmp/mobile_1.conf' }
    - { src: 'templates/network/wireguard/media/mobile_2.wireguard.j2', dest: '/tmp/mobile_2.conf' }
    - { src: 'templates/network/wireguard/media/tv.wireguard.j2', dest: '/tmp/tv.conf' }
  when: copy_vpn_media_configurations

- name: create wireguard media directories
  become: true
  file:
    path: '{{ item | dirname }}'
    owner: root
    group: systemd-network
    mode: '0640'
    state: directory
  loop:
    - '{{ vpn_media_server_key_path }}'
    - '{{ vpn_media_server_public_key_path }}'

- name: copy wireguard media credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'files/wireguard/media/server.pub', dest: '{{ vpn_media_server_public_key_path }}' }
    - { src: 'files/wireguard/media/server.key', dest: '{{ vpn_media_server_key_path }}' }

- name: copy mobile media wireguard credentials
  become: true
  copy:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
    owner: root
    group: systemd-network
    mode: '0640'
  loop:
    - { src: 'files/wireguard/media/mobile-1.pub', dest: '{{ vpn_media_server_public_key_path|dirname }}/mobile_1.pub' }
    - { src: 'files/wireguard/media/mobile-1.key', dest: '{{ vpn_media_server_key_path|dirname }}/mobile_1.key' }
    - { src: 'files/wireguard/media/mobile-2.pub', dest: '{{ vpn_media_server_public_key_path|dirname }}/mobile_2.pub' }
    - { src: 'files/wireguard/media/mobile-2.key', dest: '{{ vpn_media_server_key_path|dirname }}/mobile_2.key' }
    - { src: 'files/wireguard/media/tv.pub', dest: '{{ vpn_media_server_public_key_path|dirname }}/tv.pub' }
    - { src: 'files/wireguard/media/tv.key', dest: '{{ vpn_media_server_key_path|dirname }}/tv.key' }

- name: copy wireguard media preshared keys
  become: true
  copy:
    src: '{{ item.value.preshared_key_source_path }}'
    dest: '{{ item.value.preshared_key_path }}'
    owner: root
    group: systemd-network
    mode: '0640'
  with_dict: '{{ vpn_media_peers }}'