---
- name: install wireguard
  apt: 
    name: wireguard
    update_cache: yes
    cache_valid_time: 3600

- name: generate private and public key pair
  args:
    creates: /etc/wireguard
  shell: |
    mkdir -p /etc/wireguard/
    cd /etc/wireguard/
    wg genkey | tee clank-privatekey | wg pubkey > clank-publickey
    chmod 0400 clank-privatekey
    chmod 0400 clank-publickey

- name: read public key
  command: cat /etc/wireguard/clank-publickey
  register: wireguard_publickey

- name: read private key
  command: cat /etc/wireguard/clank-privatekey
  register: wireguard_privatekey

- name: print publickey
  debug:
    msg: "{{ wireguard_publickey.stdout_lines[0] }}"

- name: Generate WireGuard configuration
  template:
    src: wireguard.conf.j2
    dest: /etc/wireguard/wg0.conf
  vars:
    interface_address: "{{ wireguard_peer_ip }}"
    listen_port: " {{ main_wireguard_port }} "
    private_key: "{{ wireguard_privatekey.stdout_lines[0] }}"
    allowed_ips: "10.0.9.0/24"
    peer_public_key: "{{ main_wireguard_public_key }}"
    endpoint: "{{ main_wireguard_ip }}:{{ main_wireguard_port }}"
    persistent_keepalive: 25

- name: enable and start wireguard service 
  systemd:
    name: "wg-quick@wg0"
    state: started
    enabled: yes