---
- name: Install Wireguard on Server
  hosts: wireguard
  user: root 

  tasks:
    - name: Install wireguard tools and dig
      ansible.builtin.package:
        name:
          - wireguard-tools
          - bind

    - name: Copy keys to server
      ansible.builtin.copy:
        src: wireguard/wg0.conf
        dest: /etc/wireguard/wg0.conf
      notify: Reload systemd daemon

    - name: Get server public IP
      ansible.builtin.command: dig +short myip.opendns.com @resolver1.opendns.com
      register: wireguard_public_ip

    - name: Allow ipv4 forwarding
      ansible.builtin.lineinfile:
        path: /etc/sysctl.d/wg.conf
        line: net.ipv4.ip_forward=1
        create: yes

    - name: Start the wireguard service
      ansible.builtin.service:
        name: wg-quick@wg0
        enabled: yes

  handlers:
    - name: Reload systemd daemon
      ansible.builtin.command:
        cmd: systemctl daemon-reload