- name: Configure IPv4 and IPv6 packet forwarding
  ansible.builtin.sysctl:
    name: '{{ item }}'
    value: '1'
    sysctl_set: true
  loop:
    - net.ipv4.ip_forward
    - net.ipv4.conf.all.forwarding
    - net.ipv6.conf.all.forwarding

- name: Configure WireGuard for wgnet
  ansible.builtin.template:
    src: templates/wg0.conf.j2
    dest: /etc/wireguard/wg0.conf
    owner: root
    group: root
    # Config containes private key for this host, so permissions are
    # restricted.
    mode: u+rw,g-rw,o-rw
  notify: Reload wgnet

- name: Enable WireGuard service for wgnet
  ansible.builtin.service:
    name: wg-quick@wg0
    enabled: yes
    state: started