---
- hosts: net
  vars:
        file:
                - { path: '/etc/wireguard', owner: 'root', group: 'root', mode: '600', state: directory }
        apt:
                packages:
                        - { package: "wireguard-tools", state: present }
                        - { package: "wireguard", state: present }
        systemd:
                services:
                        - { name: "wg-quick@wg0", enabled: true, action: restarted }
        firewall:
                - { port: "{{ wireguard.port }}", ipv: "v4", proto: "udp" }
                - { port: "{{ wireguard.port }}", ipv: "v6", proto: "udp" }
        wireguard:
                interface: 'wg0'
                port: 51820
                net:
                        v4:
                                addr: "172.22.12"
                                range:
                                        serv: 24
                                        clnt: 32
                        v6:
                                addr: "fd42:42:42::2"
                                range:
                                        serv: 120
                                        clnt: 128
                peers:
                        - { bit: 2, pubkey: "Xb+ASR5NdnIB+dXWEA4H0V3d0LC0KocKeFeQDyqDqjk=" }
                        - { bit: 3, pubkey: "kz9vLMnPtfka11n1EJpzHb4966ieJSo4BU1P2joHLXo=" }
                        - { bit: 10, pubkey: "wpjMlhrcv173ER7rZ0KrmaqahcqZA/fm3ovpaGlRIRo=" }
                        - { bit: 12, pubkey: "2FRcncz/oSmqFQLrHqICi4fEkgxrCeS9P8TTv5gcfCw=" }
                        - { bit: 14, pubkey: "XYUXzDDXzo1uDadvJ8YW5X/ISCZSyu10d35i7mb0pAY=" }
                        - { bit: 16, pubkey: "d459SqKVWko+wBhoFrU+yrFVM4BqI8FSmPtdrWepkw0=" }
                        - { bit: 18, pubkey: "Fb8sYfZghohEpznWpt46x1cmmkymt2ksQL7fEBI6qlc=" }
        vault:
                roles:
                        - "wireguard"
  roles:
        - vault
        - file
        - apt
        - wireguard
        - systemd
        - firewall