- name: "Create iptables configuration direcetory"
  file: path=/etc/iptables/ state=directory

- name: "Deploy iptablesv4 configuration"
  template: src=rules.v4.j2 dest=/etc/iptables/rules.v4

- name: "Deploy iptablesv6 configuration"
  copy: src=rules.v6 dest=/etc/iptables/rules.v6

- name: "Activate IP forwarding"
  sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    sysctl_set: yes

# Wireguard configuration
- name: "Enable backports repository"
  apt_repository:
    repo: deb http://deb.debian.org/debian buster-backports main
    state: present

- name: "Install wireguard"
  apt:
    name:
      - wireguard
      - wireguard-tools
      - "linux-headers-{{ ansible_kernel }}"
    state: present

- name: "Create wireguard configuration direcetory"
  file: path=/etc/wireguard/ state=directory

- name: "Check if wireguard private key exists"
  stat: path=/etc/wireguard/privkey
  register: wireguard_privkey

- name: "Create wireguard private key"
  shell: wg genkey > /etc/wireguard/privkey
  when: wireguard_privkey.stat.exists == false
  notify:
    - reload wireguard

- name: "Secure wireguard private key"
  file: path=/etc/wireguard/privkey mode=0600

- name: "Retrieve wireguard public key"
  shell: wg pubkey < /etc/wireguard/privkey
  register: wireguard_pubkey

- name: "Deploy wireguard configuration"
  template: src=wireguard.conf.j2 dest=/etc/wireguard/wgdeuxfleurs.conf mode=0600
  notify:
    - reload wireguard

- name: "Enable Wireguard systemd service at boot"
  service: name=wg-quick@wgdeuxfleurs state=started enabled=yes daemon_reload=yes

- name: "Create /tmp/wgdeuxfleurs.template.conf example configuration file for external nodes"
  local_action: template src=wireguard_external.conf.j2 dest=/tmp/wgdeuxfleurs.template.conf