---
- name: Ensure keys are generated
  shell: umask 077 && wg genkey | tee /etc/wireguard/privatekey | wg pubkey > /etc/wireguard/publickey
  args:
    creates: /etc/wireguard/publickey
  notify:
    - Restart Wireguard service

- name: Register private key
  slurp:
    src: /etc/wireguard/privatekey
  register: private_key_slurp

- name: Set private key variable
  set_facts:
    private_key: "{{ private_key_slurp.content }}"

- name: Ensure Wireguard client is configure
  template:
    src: templates/wireguard_client.conf
    dest: "/etc/wireguard/{{ interface_name }}.conf"
    backup: yes
  notify:
    - Restart Wireguard service

- name: Ensure UFW firewall rule exists
  ufw:
    rule: allow
    port: "{{ listenport }}"
    comment: 'Wireguard client listener'
    proto: udp

- name: Get public key
  slurp:
    src: /etc/wireguard/publickey
  register: public_key

- name: Ensure cron to ping VPN server exists
  cron:
    name: Ping VPN server
    job: ping -c 3 192.168.2.1 &> /dev/null
    hour: '1'
    user: gestor