---
# WireGuard Installation Tasks

- name: Install WireGuard
  ansible.builtin.apt:
    name:
      - wireguard
      - wireguard-tools
      - qrencode
    state: present
    update_cache: yes

- name: Create WireGuard directories
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
    owner: root
    group: root
    mode: '0700'
  loop:
    - "{{ wg_config_dir }}"
    - "{{ wg_keys_dir }}"
    - "{{ wg_client_configs_dir }}"

- name: Check if server private key exists
  ansible.builtin.stat:
    path: "{{ wg_keys_dir }}/server_private.key"
  register: server_private_key

- name: Generate server private key
  ansible.builtin.shell: wg genkey > {{ wg_keys_dir }}/server_private.key
  when: not server_private_key.stat.exists

- name: Set server private key permissions
  ansible.builtin.file:
    path: "{{ wg_keys_dir }}/server_private.key"
    owner: root
    group: root
    mode: '0600'

- name: Generate server public key
  ansible.builtin.shell: cat {{ wg_keys_dir }}/server_private.key | wg pubkey > {{ wg_keys_dir }}/server_public.key
  args:
    creates: "{{ wg_keys_dir }}/server_public.key"

- name: Read server private key
  ansible.builtin.slurp:
    src: "{{ wg_keys_dir }}/server_private.key"
  register: server_private_key_content

- name: Read server public key
  ansible.builtin.slurp:
    src: "{{ wg_keys_dir }}/server_public.key"
  register: server_public_key_content

- name: Set server keys as facts
  ansible.builtin.set_fact:
    wg_server_private_key: "{{ server_private_key_content['content'] | b64decode | trim }}"
    wg_server_public_key: "{{ server_public_key_content['content'] | b64decode | trim }}"