---
- name: Packages
  ansible.builtin.include_tasks: install.yml
  tags: install

- name: Generate private key
  ansible.builtin.shell:
    cmd: |
      set -e -o pipefail
      umask 077
      wg genkey | tee private.key | wg pubkey > public.key

    chdir: /etc/wireguard
    creates: /etc/wireguard/private.key

- name: Get public key
  ansible.builtin.command: cat /etc/wireguard/public.key
  register: public_key
  changed_when: False

- name: Set public key fact
  ansible.builtin.set_fact:
    public_key: "{{ public_key.stdout }}"

- name: Set dns_command for co-openSUSE
  ansible.builtin.set_fact:
    wg_dns_command: "resolvectl dns %i 10.42.0.1; resolvectl domain %i ~admin"
  when: '"openSUSE" not in ansible_distribution'

- name: Set dns_command for openSUSE
  ansible.builtin.set_fact:
    wg_dns_command: "nmcli con mod %i ipv4.dns 10.42.0.1; nmcli con mod %i ipv4.dns-search ~admin"
  when: '"openSUSE" in ansible_distribution'

- name: Create the config
  vars:
    address: "{{ wg_admin_address }}"
    dns_command: "{{ wg_dns_command }}"
  ansible.builtin.template:
    src: wg-admin.conf
    dest: /etc/wireguard/wg-admin.conf
    owner: root
    group: root
    mode: "0600"

- name: Set up the DNS on AlmaLinux
  ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
  when: ansible_distribution == "AlmaLinux"

- name: Enable and start the wireguard connection
  ansible.builtin.service:
    name: "wg-quick@wg-admin"
    enabled: yes
    state: started