---

- name: create local wireguard directory
  ansible.builtin.file:
    path: "{{ wireguard_local_dir }}"
    state: directory
    mode: 0700
  run_once: true
  delegate_to: localhost

- name: create wireguard directory
  ansible.builtin.file:
    path: "{{ wireguard_dir }}"
    owner: 0
    group: 0
    mode: 0700
    state: directory

- name: include key generation
  ansible.builtin.include_tasks: keys.yml

- name: include configuration generation
  ansible.builtin.include_tasks: configuration.yml

- name: install wireguard on remote host
  ansible.builtin.package:
    name: wireguard-tools
    state: present

- name: include service configuration for hosts
  ansible.builtin.include_tasks: service.yml
  when: inventory_hostname == wireguard_domain_controller

- name: include service configuration for server
  ansible.builtin.include_tasks: "{{ task }}"
  when: inventory_hostname != wireguard_domain_controller
  loop_control:
    loop_var: task
  loop:
    - service.yml
    - cron.yml