---
- name: "install wireguard"
  ansible.builtin.apt:
    name: "wireguard"

- name: "create interface directory hierarchy"
  ansible.builtin.file:
    path: "{{ system_etc_root_directory }}/network/interfaces/{{ item }}"
    state: "directory"
    mode: 0755
  loop:
    - "{{ vpn_wireguard_iface }}"
    - "{{ vpn_wireguard_iface }}/ifup.d"
    - "{{ vpn_wireguard_iface }}/ifdown.d"
    - "{{ vpn_wireguard_iface }}/nftables"
    - "{{ vpn_wireguard_iface }}/wireguard"

- name: "wireguard configuration"
  ansible.builtin.template:
    src: "./wireguard/wireguard-{{ vpn_wireguard_role }}.conf"
    dest: "\
      {{ system_etc_root_directory }}/network/interfaces/\
      {{ vpn_wireguard_iface }}/wireguard/wireguard-{{ vpn_wireguard_role }}.conf"
    mode: 0600
  register: vpn_wireguard_configuration

- name: "nftables up script"
  ansible.builtin.template:
    src: "./nftables/up.nft"
    dest: "\
      {{ system_etc_root_directory }}/network/interfaces/\
      {{ vpn_wireguard_iface }}/nftables/up.nft"
    mode: 0644
  register: vpn_wireguard_nftables_up

- name: "interface up scripts"
  ansible.builtin.template:
    src: "./ifupdown.d/{{ item }}"
    dest: "\
      {{ system_etc_root_directory }}/network/interfaces/\
      {{ vpn_wireguard_iface }}/ifup.d/{{ item }}"
    mode: 0755
  loop:
    - "00-interface"
    - "10-nftables"
    - "20-routes-{{ vpn_wireguard_role }}"
  register: vpn_wireguard_interface_up

- name: "configure interface"
  ansible.builtin.template:
    src: "./interface"
    dest: "/etc/network/interfaces.d/{{ vpn_wireguard_iface }}"
    mode: 0644
  register: vpn_wireguard_interface_file

- name: "restart interface"
  ansible.builtin.shell: |
    if ip link show dev {{ vpn_wireguard_iface }}
    then
        ifdown {{ vpn_wireguard_iface }} && ifup {{ vpn_wireguard_iface }}
    else
        ifup {{ vpn_wireguard_iface }}
    fi
  when:
    vpn_wireguard_configuration.changed or
    vpn_wireguard_nftables_up.changed or
    vpn_wireguard_interface_up.changed or
    vpn_wireguard_interface_file.changed

- name: "nftables down script"
  ansible.builtin.template:
    src: "./nftables/down.nft"
    dest: "\
      {{ system_etc_root_directory }}/network/interfaces/\
      {{ vpn_wireguard_iface }}/nftables/down.nft"
    mode: 0644

- name: "interface down scripts"
  ansible.builtin.template:
    src: "./ifupdown.d/{{ item }}"
    dest: "\
      {{ system_etc_root_directory }}/network/interfaces/\
      {{ vpn_wireguard_iface }}/ifdown.d/{{ item }}"
    mode: 0755
  loop:
    - "00-interface"
    - "10-nftables"
    - "20-routes-{{ vpn_wireguard_role }}"