---
- name: Packages
  ansible.builtin.include_tasks: install.yml
  tags: install

- name: Generate private key
  ansible.builtin.shell:
    cmd: |
      set -e -o pipefail
      umask 077
      wg genkey | tee private.key | wg pubkey > public.key

    chdir: /etc/wireguard
    creates: /etc/wireguard/private.key
  when: wg_generate_keypair

- name: Get public key
  ansible.builtin.command: cat /etc/wireguard/public.key
  register: public_key
  changed_when: False

- name: Set public key fact
  ansible.builtin.set_fact:
    public_key: "{{ public_key.stdout }}"

- name: Set dns_command for co-openSUSE
  ansible.builtin.set_fact:
    wg_dns_command: "resolvectl dns %i {{ wg_gateway }}; resolvectl domain %i ~{{ wg_domain }}"
  when: '"openSUSE" not in ansible_distribution'

- name: Set dns_command for openSUSE
  ansible.builtin.set_fact:
    wg_dns_command: "nmcli con mod %i ipv4.dns {{ wg_gateway }}; nmcli con mod %i ipv4.dns-search ~{{ wg_domain }}"
  when: '"openSUSE" in ansible_distribution'

- name: Create the config
  vars:
    address: "{{ wg_address }}"
    dns_command: "{{ wg_dns_command }}"
    domain: "{{ wg_domain }}"
    gateway: "{{ wg_gateway }}"
    peers: "{{ wg_peers }}"
  ansible.builtin.template:
    src: "{{ wg_ifname }}.conf"
    dest: "/etc/wireguard/{{ wg_ifname }}.conf"
    owner: root
    group: root
    mode: "0600"

- name: Set up the DNS on AlmaLinux
  ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
  when: domain and ansible_distribution == "AlmaLinux"

- name: Enable and start the wireguard connection
  ansible.builtin.service:
    name: "wg-quick@{{ wg_ifname }}"
    enabled: yes
    state: started