---

- name: Set facts wg_clientname
  ansible.builtin.set_fact:
    wg_clientname: "{{ ansible_hostname }}"

- name: Get Wiregard-Privatekey from server
  ansible.builtin.shell:
    cmd: grep PrivateKey /etc/wireguard/wg0.conf | sed -En 's/.*=\s*(.+)/\1/p'
  register: wg_serverprivkey
  delegate_to: wireguard_server

- name: Create public key (Server)
  ansible.builtin.command:
    cmd: "wg pubkey"
  args:
    stdin: "{{ wg_serverprivkey.stdout }}"
  register: wg_serverpubkey

- name: Set facts wg_publickey (Server)
  ansible.builtin.set_fact:
    wg_serverpublickey: "{{ wg_serverpubkey.stdout }}"

- name: Check if Wiregard-Config exists on server
  ansible.builtin.command:
    cmd: "grep -A 3 '# BEGIN ANSIBLE MANAGED BLOCK {{ wg_clientname }}' /etc/wireguard/wg0.conf"
  failed_when: False
  register: wg_serverconfig
  delegate_to: wireguard_server

- name: Set facts wg_ip
  ansible.builtin.set_fact:
    wg_ip: "{{ wg_serverconfig.stdout | regex_search('AllowedIPs = ([0-9.]+)/32', '\\1', multiline=True) | first }}"
  when:  wg_serverconfig.rc == 0 and wg_ip is not defined

- name: Check if Wireguard exists on client
  ansible.builtin.stat:
    path: /etc/NetworkManager/system-connections/wg0.nmconnection
  register: wg_clientconfig

- name: Search IP address in NetworkManager config
  ansible.builtin.command:
    cmd: cat /etc/NetworkManager/system-connections/wg0.nmconnection
  register: wg_address
  when: wg_clientconfig.stat.exists

- name: Set facts wg_ip
  ansible.builtin.set_fact:
    wg_ip: "{{ wg_address.stdout | regex_search('address1=([0-9.]+)/.*', '\\1', multiline=True) | first }}"
  when: wg_address.rc is defined and wg_address.rc == 0 and wg_ip is not defined

- name: Set facts wg_privatekey
  ansible.builtin.set_fact:
    wg_privatekey: "{{ wg_address.stdout | regex_search('private-key=(.*)$', '\\1', multiline=True) | first }}"
  when: wg_address.rc is defined and wg_address.rc == 0 and wg_privatekey is not defined

- name: Search maximum AllowedIP
  ansible.builtin.shell:
    cmd: grep AllowedIPs /etc/wireguard/wg0.conf | sed -En 's/.*=\s*([0-9.]+)\/32.*/\1/p' | sort -t . -k 3,3n -k 4,4n | tail -n 1
  register: wg_ipmax
  delegate_to: wireguard_server
  when: wg_ip is not defined

- name: Set facts wg_ip
  ansible.builtin.set_fact:
    wg_ip: "{{ wg_ipmax.stdout | ipmath(1) }}"
  when: wg_ipmax.rc is defined and wg_ipmax.rc == 0 and wg_ipmax.stdout and wg_ip is not defined

- name: Create private key
  ansible.builtin.command:
    cmd: "wg genkey"
  register: wg_genkey
  when: wg_privatekey is not defined

- name: Set facts wg_privatekey
  ansible.builtin.set_fact:
    wg_privatekey: "{{ wg_genkey.stdout }}"
  when: wg_genkey.stdout is defined

- name: Create Wireguard-Config
  ansible.builtin.template:
    src: wg0.nmconnection.j2
    dest: /etc/NetworkManager/system-connections/wg0.nmconnection
    mode: 0600
   
- name: Create public key
  ansible.builtin.command:
    cmd: "wg pubkey"
  args:
    stdin: "{{ wg_privatekey }}"
  register: wg_pubkey

- name: Set facts wg_publickey
  ansible.builtin.set_fact:
    wg_publickey: "{{ wg_pubkey.stdout }}"

- name: Print WG IP
  debug:
    msg: "{{ wg_publickey }} -- {{ wg_pubkey.stdout }}"

- name: Set Wireguard Serverconfig
  ansible.builtin.blockinfile:
    marker: "# {mark} ANSIBLE MANAGED BLOCK {{ wg_clientname }}"
    path: /etc/wireguard/wg0.conf
    block: |
      [Peer]
      PublicKey = {{ wg_publickey }}
      AllowedIPs = {{ wg_ip }}/32
  delegate_to: wireguard_server