---

- name: Install wireguard
  apt:
    name:
      - ifupdown2
    state: latest
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Enable ipv4 forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: true
  when: ipv4_forwarding

- name: Enable ipv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_set: true
  when: ipv6_forwarding

- name: Disable ipv4 forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '0'
    sysctl_set: true
  when: not ipv4_forwarding

- name: Disable ipv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '0'
    sysctl_set: true
  when: not ipv6_forwarding

- name: Create interface config files
  ansible.builtin.template:
    src: "interfaces.j2"
    dest: "/etc/network/interfaces"
    owner: root
    group: root
    mode: '644'
  notify: Reload network interfaces

- name: Create interface config files
  ansible.builtin.template:
    src: "interface.conf.j2"
    dest: "/etc/network/interfaces.d/{{ item.key }}.conf"
    owner: root
    group: root
    mode: '640'
  notify: Reload network interfaces
  when: (item.value.type == "wireguard") or ("raspbian_buster" not in group_names)
  loop: "{{ lookup('dict', interfaces) }}"