---
# WireGuard Configuration Tasks

- name: Configure WireGuard server
  ansible.builtin.template:
    src: wg0.conf.j2
    dest: "{{ wg_config_dir }}/{{ wg_interface }}.conf"
    owner: root
    group: root
    mode: '0600'
  notify: restart wireguard

- name: Enable IP forwarding (if not already enabled by sysctl)
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    state: present
    sysctl_set: yes
    reload: yes

- name: Enable WireGuard service
  ansible.builtin.systemd:
    name: "wg-quick@{{ wg_interface }}"
    enabled: yes
    state: started

- name: Get WireGuard service status
  ansible.builtin.systemd:
    name: "wg-quick@{{ wg_interface }}"
  register: wg_service_status

- name: Display WireGuard status
  ansible.builtin.debug:
    msg: "WireGuard service is {{ wg_service_status.status.ActiveState }}"