- name: Set up traffic routing
  ansible.builtin.include_role:
    name: router
  when: wg_router

- name: Set up Wireguard
  become: true
  block:
    - name: Install wireguard-tools
      ansible.builtin.apt:
        install_recommends: false
        name: wireguard-tools
        state: present

    - name: Write wg-quick config file
      ansible.builtin.template:
        src: wg0.conf.j2
        dest: '/etc/wireguard/{{ wg_name }}.conf'
        owner: root
        group: root
        mode: '600'
      register: config

    - name: Restart wg-quick service
      ansible.builtin.systemd_service:
        name: 'wg-quick@{{ wg_name }}'
        enabled: true
        state: restarted
      when: config.changed