---

- name: Install wireguard
  apt:
    name:
      - ifupdown2
    state: latest
    update_cache: true
  register: apt_result
  retries: 3
  until: apt_result is succeeded

- name: Enable ipv4 forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_set: true
  when: ipv4_forwarding

- name: Enable ipv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_set: true
  when: ipv6_forwarding

- name: Disable ipv4 forwarding
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '0'
    sysctl_set: true
  when: not ipv4_forwarding

- name: Disable ipv6 forwarding
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '0'
    sysctl_set: true
  when: not ipv6_forwarding

- name: Create interface config files
  ansible.builtin.template:
    src: "debian_interfaces.j2"
    dest: "/etc/network/interfaces"
    owner: root
    group: root
    mode: '644'
  notify: Reload network interfaces debian
  when: ansible_facts["lsb"]["id"] == "Debian"