---
- name: Ensure that interfaces names don't overlap
  assert:
    that: "not (ifupdown2__interfaces.keys()
                | intersect(ifupdown2__wireguard.keys()))"
    msg: "Static and wireguard interfaces names must not overlap"

- name: Install wireguard
  apt:
    name: wireguard
  when: ifupdown2__wireguard

- name: Configure wireguard
  template:
    src: wireguard.conf.j2
    dest: "/etc/wireguard/{{ item.key }}.conf"
    owner: root
    group: root
    mode: u=rw,g=r,o=
  #no_log: true
  loop: "{{ ifupdown2__wireguard | dict2items }}"
  register: results_wireguard

- name: Synchronise wireguard config if necessary
  command: "wg syncconf {{ item.0.key }} /etc/wireguard/{{ item.0.key }}.conf"
  when: "item.0.key in ansible_interfaces and item.1.changed"
  loop: "{{ ifupdown2__wireguard
            | dict2items
            | zip(results_wireguard.results) }}"

- name: Gather package facts
  package_facts:
    manager: apt

- name: Check if ifupdown2 is installed
  set_fact:
    must_mask: "{{ 'ifupdown2' not in ansible_facts.packages }}"

- name: Mask networking before installing ifupdown2
  systemd:
    name: networking.service
    masked: true
  when: must_mask

- name: Install ifupdown2
  apt:
    name: ifupdown2

- name: Unmask networking now that ifupdown2 is installed
  systemd:
    name: networking.service
    masked: false
  when: must_mask

- name: Configure ifupdown2
  template:
    src: interfaces.j2
    dest: /etc/network/interfaces
    owner: root
    group: root
    mode: u=rw,g=r,o=
  notify:
    - Restart networking
    - Bring all interfaces up

- name: Enable and start networking
  systemd:
    name: networking.service
    state: started
    enabled: true
...