---
- name: Ensure wireguard is present
  apt:
    name: wireguard-tools
    state: present
    default_release: buster-backports
  register: wireguard

- name: Ensure wireguard netdev configuration is present
  template:
    src: templates/wireguard/wireguard.netdev.j2
    dest: "/etc/systemd/network/{{ gateway.vpn.name }}.netdev"
    owner: root
    group: root
    mode: 0644
  notify: restart networking

- name: Ensure wireguard network configuration is present
  template:
    src: templates/wireguard/wireguard.network.j2
    dest: "/etc/systemd/network/{{ gateway.vpn.name }}.network"
    owner: root
    group: root
    mode: 0644
  notify: restart networking

- name: Reboot to allow wireguard to start
  reboot:
  when: wireguard.changed

- name: Ensure systemd-networkd is enabled and running
  systemd:
    name: systemd-networkd.service
    state: started
    enabled: yes