---
- name: Install WireGuard packages
  ansible.builtin.apt:
    name:
      - wireguard
      - wireguard-tools
    state: present
    update_cache: true

- name: Ensure WireGuard configuration directory exists
  ansible.builtin.file:
    path: /etc/wireguard
    state: directory
    owner: root
    group: root
    mode: "0700"

- name: Render WireGuard interface configuration
  ansible.builtin.template:
    src: wg0.conf.j2
    dest: "/etc/wireguard/{{ wireguard_interface.name }}.conf"
    owner: root
    group: root
    mode: "0600"
  notify: Restart WireGuard

- name: Enable WireGuard interface
  ansible.builtin.service:
    name: "wg-quick@{{ wireguard_interface.name }}"
    state: started
    enabled: true