---
# tasks file for debian/ansible/wireguard
- name: Include main vars
  include_vars:
    file: vars/main.yml
- name: Apt upgrade
  apt:
    update_cache: yes
    upgrade: yes
  become: yes
- name: Install wireguard
  apt:
    name: 
      - wireguard
      - iptables
    state: present
    update_cache: yes
  become: yes
- name: Copy wireguard config to /etc/wg0.conf
  ansible.builtin.template:
    src: templates/wg0.conf
    dest: /etc/wireguard/wg0.conf
    owner: root
    group: root
    mode: '0600'
  become: yes
- name: Update ipv4 sysctl
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: yes
    state: present
    reload: yes
  become: yes
- name: Ensure wireguard is enabled and running
  ansible.builtin.systemd:
    state: restarted
    enabled: yes
    name: wg-quick@wg0
  become: yes