---
- name: install wireguard dependencies
  apt:
    name: "{{item}}"
  loop:
    - linux-headers-amd64
- name: add unstable repo for wireguard
  apt_repository:
    repo: "deb http://deb.debian.org/debian/ unstable main"
    update_cache: no
- name: pin unstable as unwanted
  blockinfile:
    create: yes
    path: /etc/apt/preferences.d/limit-unstable
    block: |
      Package: *
      Pin: release a=unstable
      Pin-Priority: 90
- name: install wireguard
  apt:
    name: wireguard
    update_cache: yes
- name: configure wireguard
  template:
    dest: /etc/wireguard/nodevpn.conf
    src: wireguard-nodevpn.conf.j2
  notify: ifup nodevpn
- name: configure wireguard interface
  template:
    dest: /etc/network/interfaces.d/nodevpn.cfg
    src: interfaces-nodevpn.cfg.j2
  notify: ifup nodevpn
- name: adapt /etc/hosts
  lineinfile:
    path: /etc/hosts
    line: "{{item.value.wg_ip}} {{item.key}}"
  loop: "{{hostvars|dict2items}}"
- name: fire handlers
  meta: flush_handlers