- notify: systemctl restart systemd-networkd
  become: yes
  file:
    path: "/etc/systemd/network/50-tnet-{{ inventory_hostname }}-{{ item.key }}.netdev"
    state: absent

- name: "Make netdev for {{ inventory_hostname }} -> {{ item.key }}"
  notify: systemctl restart systemd-networkd
  become: yes
  copy:
    dest: "/etc/systemd/network/50-tnet-{{ item.key }}.netdev"
    owner: systemd-network
    group: adm
    mode: 0640
    content: |
      [NetDev]
      Name=tnet-{{ item.key }}
      Kind=wireguard
      Description=tnet link to {{ item.key }}

      [WireGuard]
      PrivateKey={{ lookup('community.sops.sops', 'keys/wg-{{ inventory_hostname }}-{{ item.key }}.sops.key') }}
      {% if item.value.port is defined %}
      ListenPort={{ item.value.port }}
      {% endif %}

      [WireGuardPeer]
      PublicKey={{ lookup('file', 'keys/wg-{{ item.key }}-{{ inventory_hostname }}.pub') }}
      AllowedIPs=::/0
      {% if item.value.endpoint is defined %}
      Endpoint={{ item.value.endpoint }}
      PersistentKeepalive=60
      {% endif %}

- notify: systemctl restart systemd-networkd
  become: yes
  file:
    path: "/etc/systemd/network/50-tnet-{{ inventory_hostname }}-{{ item.key }}.network"
    state: absent

- name: "Make network for {{ inventory_hostname }} -> {{ item.key }}"
  notify: systemctl restart systemd-networkd
  become: yes
  copy:
    dest: "/etc/systemd/network/50-tnet-{{ item.key }}.network"
    owner: systemd-network
    group: adm
    content: |
      [Match]
      Name=tnet-{{ item.key }}

      [Network]
      Address={{ item.value.address }}/64