- name: Wireguard
  hosts: beepi
  become: true
  vars:
    wireguard_private_key: !vault |
              $ANSIBLE_VAULT;1.1;AES256
              64663235376666616263333732653733633362393634663130356638353431633635373437323961
              3030636636626339316366326161623236303937623338380a656639636338643937323037366139
              64633263646664303962323830663435343531393231393939663633343165383163626466633231
              3138326563386233390a386237633630656436663062633264366562616632633035343733323331
              64366538386364623938663836336661313632376131336338643432646338303738616438623361
              6237653737666662336665326237623331383132653431343466
  tasks:
    - name: Install wireguard
      ansible.builtin.apt:
        name: wireguard
        state: present

    - name: Down wg0
      changed_when: true
      failed_when: false
      ansible.builtin.command: wg-quick down wg0

    - name: Copy wg0.conf
      ansible.builtin.template:
        src: wg0.conf.j2
        dest: /etc/wireguard/wg0.conf
        mode: '0600'

    - name: Up wg0
      changed_when: true
      ansible.builtin.command: wg-quick up wg0

    # - name: Start service
    #   ansible.builtin.service:
    #     name: wg-quick@wg0
    #     state: restarted
    #     enabled: true