- name: Install Wireguard
  package:
    name:
      - wireguard-virt
      - wireguard-tools
  become: true

- name: Get wireguard credentials
  set_fact:
    ingress_wireguard: "{{ wireguard.clients.ingress }}"

- name: Wireguard config
  template:
    src: files/wireguard.conf
    dest: /etc/wireguard/wg0.conf
    mode: "0600"
    backup: true
  become: true
  notify: restart wireguard

# Wireguard on Alpine doesn't ship a native OpenRC service
- name: Download wireguard service
  get_url:
    url: https://gitweb.gentoo.org/repo/gentoo.git/plain/net-vpn/wireguard-tools/files/wg-quick.init
    dest: /etc/init.d/wg-quick.wg0
    mode: "0755"
    backup: yes
  become: true

- name: Enable wireguard
  service:
    name: wg-quick.wg0
    enabled: true
  become: true

- name: Enable p2p communication
  sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    sysctl_set: yes
    state: present
    reload: yes
    sysctl_file: /etc/sysctl.d/99-sysctl.conf
  become: true