---
- hosts: dhcp
  become: True
  gather_facts: False
  tasks:
    - name: Load potential endpoints
      include_vars:
        file: ../vars/vault.yaml

    - name: Select a random endpoint
      set_fact:
        wg_info: "{{ vaulted_wg_info | shuffle | first }}"

    - name: Record new endpoint config
      set_fact:
        wg_public_key: "{{ wg_info.pubkey }}"
        wg_endpoint: "{{ wg_info.endpoint }}"

    - name: Update wireguard config
      template:
        src: ../roles/wg-gateway/templates/wg.conf.j2
        dest: /etc/wireguard/{{ wg_interface }}.conf
        owner: root
        group: root
        mode: '0644'

    - name: Restart wireguard interface
      systemd:
        name: wg-quick@{{ wg_interface }}
        state: restarted