dotfiles/roles/wg/tasks/main.yml

---
- name: Packages
  ansible.builtin.include_tasks: install.yml
  tags: install

- name: Check for existence of private key
  ansible.builtin.stat:
    path: /etc/wireguard/private.key
  register: _private_key_stat

- name: Generate keypair
  ansible.builtin.include_tasks: tasks/generate_keypair.yml
  when: not _private_key_stat.exists

- name: Save private key
  ansible.builtin.template:
    src: templates/keyfile.j2
    dest: /etc/wireguard/private.key
    owner: root
    group: root
    mode: 0700
  vars:
    key: "{{ wg_private_key }}"
  when: not _private_key_stat.exists

- name: Save public key
  ansible.builtin.template:
    src: templates/keyfile.j2
    dest: /etc/wireguard/public.key
    owner: root
    group: root
    mode: 0700
  vars:
    key: "{{ wg_public_key }}"
  when: not _private_key_stat.exists

- name: Set dns_command for co-openSUSE
  ansible.builtin.set_fact:
    wg_dns_command: "resolvectl dns %i {{ wg_gateway }}; resolvectl domain %i ~{{ wg_domain }}"
  when: '"openSUSE" not in ansible_distribution'

- name: Set dns_command for openSUSE
  ansible.builtin.set_fact:
    wg_dns_command: "nmcli con mod %i ipv4.dns {{ wg_gateway }}; nmcli con mod %i ipv4.dns-search ~{{ wg_domain }}"
  when: '"openSUSE" in ansible_distribution'

- name: Create the config
  vars:
    address: "{{ wg_address }}"
    dns_command: "{{ wg_dns_command }}"
    domain: "{{ wg_domain }}"
    gateway: "{{ wg_gateway }}"
    peers: "{{ wg_peers }}"
  ansible.builtin.template:
    src: "templates/wg.conf"
    dest: "/etc/wireguard/{{ wg_ifname }}.conf"
    owner: root
    group: root
    mode: "0600"

- name: Set up the DNS on AlmaLinux
  ansible.builtin.include_tasks: "dns_{{ ansible_distribution }}.yml"
  when: wg_domain and ansible_distribution == "AlmaLinux"

- name: Enable and start the wireguard connection
  ansible.builtin.service:
    name: "wg-quick@{{ wg_ifname }}"
    enabled: yes
    state: started