---
# tasks file for wg_vpn
# playbook to go from a "base configured" server to a wg vpn peer

- name: add unstable to repos
  shell: |
    echo "deb http://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
    printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable

- name: Install linux headers
  apt:
    name: "linux-headers-{{ ansible_kernel }}"

- name: install wireguard
  apt:
    name:
      - wireguard
      - build-essential
      - dkms
      - wireguard-dkms
      - wireguard-tools        
    update_cache: yes
    state: latest

    
- name: Enable IP forwarding
  sysctl: name={{ item }} value=1 state=present
  with_items:
    - net.ipv4.ip_forward
    - net.ipv6.conf.all.forwarding

- name: Create wireguard config directory
  file: state=directory path=/etc/wireguard owner=root group=root mode=0700

- name: Install wireguard configuration
  template: src=wg0.conf dest=/etc/wireguard/wg0.conf owner=root group=root mode=0600
  notify: restart wireguard

- name: Start wireguard
  service: name=wg-quick@wg0.service enabled=yes state=started

- name: Create matrix.conf file in ~/wireguard/.
  template: src=ios.conf dest=/etc/wireguard/ owner=root mode=0600
  tags:
    - clients
    - client_matrix
    
- name: Create frisket.conf file in ~/wireguard/.
  template: src=frisket.conf dest=/etc/wireguard/ owner=root mode=0600
  tags:
    - clients
    - client_frisket

- name: Create ling8.conf file in /etc/wireguard/.
  template: src=ling8.conf dest=/etc/wireguard/ owner=root mode=0600
  tags:
    - clients
    - client_ling8  

- name: Create pvl.conf file in /etc/wireguard/.
  template: src=pvl.conf dest=/etc/wireguard/ owner=root mode=0600
  tags:
    - clients
    - client_pvl
    
- name: Create larva file in /etc/wireguard/.
  template: src=wg0-larva.conf dest=/etc/wireguard/ owner=root mode=0600
  tags:
    - clients
    - client_hatchery