---
- hosts: dhcp
  become: True
  gather_facts: False
  vars:
    wg_allowed_ips: '0.0.0.0/0,::0/0'

  tasks:
    - name: Load potential endpoints
      include_vars:
        file: ../vars/vault.yaml

    - name: Select a random endpoint
      set_fact:
        wg_info: "{{ vaulted_wg_info | shuffle | first }}"

    - name: Update settings to connect to {{ wg_info.name }}
      set_fact:
        wg_private_key: "{{ wg_info.private_key }}"
        wg_address: "{{ wg_info.address }}"
        wg_public_key: "{{ wg_info.pubkey }}"
        wg_endpoint: "{{ wg_info.endpoint }}"


    - name: Update wireguard config
      template:
        src: ../roles/wg-gateway/templates/wg.conf.j2
        dest: /etc/wireguard/wg0.conf
        owner: root
        group: root
        mode: '0644'

    - name: Restart wireguard interface
      systemd:
        name: wg-quick@wg0
        state: restarted

    - name: Edit /etc/motd
      lineinfile:
        path: /etc/motd
        regex: "^VPN Traffic tunneled through server: "
        line: "VPN Traffic tunneled through server: {{ wg_info.name }}"
      delegate_to: nas

    - name: Restart unbound
      systemd:
        name: unbound
        state: restarted