- name: Install WireGuard
  apt:
    name: wireguard

- name: WireGuard interface configuration
  template:
    src: ./filesystem/{{ ansible_hostname }}/etc/wireguard/wg0.conf.j2
    dest: /etc/wireguard/wg0.conf
    mode: 0600
  register: wg_intf_conf

- name: WireGuard interface post-up nftables script
  template:
    src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/post-up-wg0.nft.j2
    dest: /usr/local/sbin/post-up-wg0.nft
    mode: 0755
  register: wg_intf_post_up

- name: Create WireGuard interface
  template:
    src: ./filesystem/{{ ansible_hostname }}/etc/network/interfaces.d/wg0.j2
    dest: /etc/network/interfaces.d/wg0
    mode: 0644
  register: wg_intf

- name: Restart WireGuard interface
  shell: ifdown wg0 && ifup wg0
  when:
    wg_intf_conf is changed or
    wg_intf_post_up is changed or
    wg_intf is changed

- name: WireGuard interface pre-down nftables script
  template:
    src: ./filesystem/{{ ansible_hostname }}/usr/local/sbin/pre-down-wg0.nft.j2
    dest: /usr/local/sbin/pre-down-wg0.nft
    mode: 0755