---
- name: install fail2ban service
  apt:
    update_cache: yes
    state: "{% if cloud_update | bool %}latest{% else %}present{% endif %}"
    install_recommends: yes
    pkg: wireguard
  register: wireguard_installed

- name: setup key files
  template:
    src: "etc/wireguard/{{ item }}.j2"
    dest: "/etc/wireguard/{{ item }}"
    owner: root
    mode: 0600
  loop:
    - private.key
    - public.key
  notify: restart wireguard service

- name: setup wireguard config
  template:
    src: "etc/wireguard/wireguard-{% if wireguard_is_gateway %}server{% else %}client{% endif %}.conf.j2"
    dest: "/etc/wireguard/{{ cloud_name }}.conf"
    owner: root
    mode: 0600
  notify: restart wireguard service

- name: enable wireguard systemd unit
  systemd:
    name: wg-quick@{{ cloud_name }}
    enabled: yes
    daemon_reload: yes
    state: started