- name: Configure Wireguard Network Link
  hosts: 
    - colors
    - kubernetes
    - managed
  become: true
  become_user: root
  become_method: sudo
  vars_files:
    - vars.yaml
  tasks:
  - name: Check if {{ wireguard.interface }} exists
    shell: ip link show {{ wireguard.interface }}
    register: link_check
    ignore_errors: yes
  - name: Add {{ wireguard.interface }} link
    shell: ip link add dev {{ wireguard.interface }} type wireguard
    when: link_check.rc != 0
  - name: Add {{ wireguard.interface }} ipv6 addresses
    shell: "ip address add dev {{ wireguard.interface }} {{ ip[inventory_hostname].address_ipv6 }}/64"
    ignore_errors: yes
  - name: Add {{ wireguard.interface }} ipv4 addresses
    shell: "ip address add dev {{ wireguard.interface }} {{ ip[inventory_hostname].address_ipv4 }}/24"
    ignore_errors: yes
  - name: wg set port/key
    shell: >
      wg set {{ wireguard.interface }}
      listen-port {{ wireguard.listen_port }}
      private-key /etc/wireguard/privatekey
  - name: Set link up
    shell: ip link set up dev {{ wireguard.interface }}
  - name: Touch {{ wireguard.interface }}.conf
    ansible.builtin.file:
      path: /etc/wireguard/{{ wireguard.interface }}.conf
      state: touch
  - name: save wg config
    shell: wg-quick save {{ wireguard.interface }}
  - name: Enable wg-quick@{{ wireguard.interface }}
    ansible.builtin.systemd_service:
      name: wg-quick@{{ wireguard.interface }}
      enabled: true