- set_fact:
    key: "keys/wg-{{ inventory_hostname }}-{{ item.key }}.sops.key"
    pub: "keys/wg-{{ inventory_hostname }}-{{ item.key }}.pub"
- set_fact:
    priv: "{{ lookup('community.sops.sops', key, empty_on_not_exist=true) }}"
- when: priv == ""
  block:
    - name: wg genkey
      shell: wg genkey
      register: new_priv

    - name: wg pubkey
      shell: 
        cmd: wg pubkey
        stdin: "{{ new_priv.stdout }}"
      register: new_pub

    - debug: 
        msg: "{{ new_pub.stdout }}"

    - name: Save Wireguard key
      community.sops.sops_encrypt:
        path: "{{ key }}"
        content_text: "{{ new_priv.stdout }}"

    - name: Save Wireguard public key
      copy:
        dest: "{{ pub }}"
        content: "{{ new_pub.stdout }}"