---
- name: Install wireguard
  apt:
    update_cache: true
    name:
      - wireguard
      - resolvconf
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Indicate role in motd
  template:
    src: update-motd.d/05-service.j2
    dest: /etc/update-motd.d/05-wireguard
    mode: 0755

- name: Ensure wireguard directory is present
  file:
    path: /etc/wireguard
    mode: 0700
    owner: root
    group: root

- name: Deploy wireguard configuration
  template:
    src: wireguard/tunnel.conf.j2
    dest: "/etc/wireguard/{{ item.name }}.conf"
    mode: 0700
    owner: root
    group: root
  loop: "{{ wireguard.tunnels }}"

- name: Enable and start wireguard service
  systemd:
    name: "wg-quick@{{ item.name }}"
    state: started
    enabled: true
  loop: "{{ wireguard.tunnels }}"