# wireguard ~~ tasks/main.yml

---

- include: set_facts.yml

- stat:
    path: "{{ wg_host_keys }}"
  register: stat_host_keys
  delegate_to: localhost

- name: Generate domain keys
  shell: |
    umask 077
    wg genkey | tee "{{ wg_host_keys }}" | wg pubkey >> "{{ wg_host_keys }}"
  args:
    chdir: "{{ wg_dir }}"
  when: not stat_host_keys.stat.exists or force is defined and force
  delegate_to: localhost

- name: Create wireguard dir on remote host
  file:
    path: /etc/wireguard
    owner: root
    state: directory
    mode: "0700"
  ignore_unreachable: true

- name: Generate client configuration
  template:
    src: templates/host.conf.j2
    dest: "{{ item.path }}"
    mode: "0600"
  when: ansible_host != _i.dcontroller
  delegate_to: "{{ item.name }}"
  loop:
    - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf }
    - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" }
  ignore_unreachable: true

- name: Generate server configuration
  template:
    src: templates/dcontroller.conf.j2
    dest: "{{ item.path }}"
    mode: "0600"
  when: ansible_host == _i.dcontroller
  delegate_to: "{{ item.name }}"
  loop:
    - { name: "{{ ansible_host }}", path: /etc/wireguard/dcontroller.conf }
    - { name: localhost, path: "{{ wg_dir }}/{{ ansible_host}}.conf" }

- name: Generate server interface
  template:
    src: templates/hostname.j2
    dest: /etc/hostname.tun0
  when: ansible_host == _i.dcontroller