---
# WireGuard User Management Tasks

- name: Auto-allocate IPs if enabled
  ansible.builtin.set_fact:
    wg_peers_with_ips: "{{ wg_peers_with_ips | default([]) + [item | combine({'ip': wg_network | ansible.utils.ipaddr(wg_ip_start + idx) | ansible.utils.ipaddr('address')})] }}"
  loop: "{{ wg_peers }}"
  loop_control:
    index_var: idx
  when:
    - wg_auto_allocate_ips | bool
    - item.ip is not defined

- name: Use provided IPs if auto-allocation disabled
  ansible.builtin.set_fact:
    wg_peers_with_ips: "{{ wg_peers }}"
  when: not (wg_auto_allocate_ips | bool)

- name: Generate client private keys
  ansible.builtin.shell: wg genkey > {{ wg_keys_dir }}/{{ item.name }}_private.key
  args:
    creates: "{{ wg_keys_dir }}/{{ item.name }}_private.key"
  loop: "{{ wg_peers_with_ips }}"

- name: Set client private key permissions
  ansible.builtin.file:
    path: "{{ wg_keys_dir }}/{{ item.name }}_private.key"
    owner: root
    group: root
    mode: '0600'
  loop: "{{ wg_peers_with_ips }}"

- name: Generate client public keys
  ansible.builtin.shell: cat {{ wg_keys_dir }}/{{ item.name }}_private.key | wg pubkey > {{ wg_keys_dir }}/{{ item.name }}_public.key
  args:
    creates: "{{ wg_keys_dir }}/{{ item.name }}_public.key"
  loop: "{{ wg_peers_with_ips }}"

- name: Read client keys
  ansible.builtin.shell: |
    echo "private=$(cat {{ wg_keys_dir }}/{{ item.name }}_private.key)"
    echo "public=$(cat {{ wg_keys_dir }}/{{ item.name }}_public.key)"
  register: client_keys
  loop: "{{ wg_peers_with_ips }}"
  changed_when: false

- name: Generate client configurations
  ansible.builtin.template:
    src: client.conf.j2
    dest: "{{ wg_client_configs_dir }}/{{ item.item.name }}.conf"
    owner: root
    group: root
    mode: '0600'
  loop: "{{ client_keys.results }}"
  vars:
    client_name: "{{ item.item.name }}"
    client_ip: "{{ item.item.ip }}"
    client_private_key: "{{ item.stdout_lines[0].split('=')[1] }}"
    client_public_key: "{{ item.stdout_lines[1].split('=')[1] }}"

- name: Generate QR codes for mobile clients
  ansible.builtin.shell: qrencode -t ansiutf8 < {{ wg_client_configs_dir }}/{{ item.name }}.conf > {{ wg_client_configs_dir }}/{{ item.name }}_qr.txt
  args:
    creates: "{{ wg_client_configs_dir }}/{{ item.name }}_qr.txt"
  loop: "{{ wg_peers_with_ips }}"

- name: Create summary file
  ansible.builtin.template:
    src: summary.md.j2
    dest: "{{ wg_client_configs_dir }}/README.md"
    owner: root
    group: root
    mode: '0644'