- name: install wireguard
  apt:
    name:
      - wireguard
    state: latest

- name: stop wireguard and enable on boot
  systemd:
    name: wg-quick@hatecomputers
    enabled: yes
    state: stopped

- name: copy config
  ansible.builtin.copy:
    src: ../files/wireguard.cfg
    dest: /etc/wireguard/hatecomputers.conf
    owner: root
    group: root
    mode: 0600

- name: enable and persist ip forwarding
  sysctl:
    name: net.ipv4.ip_forward
    value: "1"
    state: present
    sysctl_set: yes
    reload: yes

- name: start wireguard and enable on boot
  systemd:
    name: wg-quick@hatecomputers
    enabled: yes
    state: restarted

- name: allow wireguard endpoint ufw
  ufw:
    rule: allow
    port: '51820'
    proto: 'udp'