---
- name: Ensure wireguard is present
  apt:
    name: wireguard-tools
    state: present
    default_release: buster-backports
  register: wireguard

- name: Ensure wireguard configuration is present
  template:
    src: templates/wireguard.conf.j2
    dest: "/etc/wireguard/dns.conf"
    owner: root
    group: root
    mode: 0600
  notify: restart wireguard

- name: Enable IPv4 forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: 1
    reload: yes

- name: Reboot to allow wireguard to start
  reboot:
  when: wireguard.changed

- name: Ensure wireguard is enabled
  systemd:
    name: wg-quick@dns.service
    state: started
    enabled: yes