---
- name: install wireguard
  apt:
    name: wireguard
    state: present
  become: yes
  when: ansible_distribution == 'Debian' or ansible_distribution == "Ubuntu"

- name: install wireguard
  pacman:
    name: wireguard-tools
    state: present
  become: yes
  when: ansible_distribution == "Archlinux"

- name: generate wireguard keypair
  shell: wg genkey | tee /etc/wireguard/serverctl-privatekey | wg pubkey | tee /etc/wireguard/serverctl-publickey
  args:
    creates: /etc/wireguard/serverctl-privatekey
  become: yes

- name: register private key
  shell: cat /etc/wireguard/serverctl-privatekey
  register: wireguard_private_key
  changed_when: false
  become: yes

- name: register public key
  shell: cat /etc/wireguard/serverctl-publickey
  register: wireguard_public_key
  changed_when: false
  become: yes

- name: generate preshared keypair
  shell: "wg genpsk > /etc/wireguard/serverctl-psk-{{item}}"
  args:
    creates: "/etc/wireguard/serverctl-psk-{{item}}"
  when: inventory_hostname < item
  with_items: "{{groups['serverctl_super_cluster']}}"
  become: yes

- name: register preshared key
  shell: "cat /etc/wireguard/serverctl-psk-{{item}}"
  register: wireguard_preshared_key
  changed_when: false
  when: inventory_hostname < item
  with_items: "{{groups['serverctl_super_cluster']}}"
  become: yes

- name: message preshared keys
  set_fact: "wireguard_preshared_keys={{wireguard_preshared_keys|default({}) | combine({item.item: item.stdout})}}"
  when: item.skipped is not defined
  with_items: "{{wireguard_preshared_key.results}}"
  become: yes

#- name: print hostvars
#  ansible.builtin.debug:
#    msg: "{{hostvars[item]}}"
#  with_items: "{{groups['serverctl_super_cluster']}}"

- name: Setup wg0 device
  template:
    src: 'systemd.netdev'
    dest: '{{systemd_network_dir}}/99-serverctl-wg0.netdev'
    owner: root
    group: systemd-network
    mode: 0640
  become: yes
  notify: systemd network restart

- name: Setup wg0 network
  template:
    src: 'systemd.network'
    dest: "{{systemd_network_dir}}/99-serverctl-wg0.network"
    owner: root
    group: systemd-network
    mode: 0640
  become: yes
  notify: systemd network restart

#- name: Start and enalbe wireguard on book
#  systemd:
#    name: wg-quick@wgserverctl0
#    enabled: yes
#    state: started

#- debug: msg="{{item.1}} - {{ (wireguard_base_ipv4|ipaddr(item.0 + 1)) }}"
#  with_indexed_items: "{{groups.serverctl_mesh_nodes}}"