- name: Configure WireGuard for wgnet
  ansible.builtin.template:
    src: templates/wg0.conf.j2
    dest: /etc/wireguard/wg0.conf
    owner: root
    group: root
    # Config containes private key for this host, so permissions are
    # restricted.
    mode: u+rw,g-rw,o-rw
  notify: Reload wgnet

- name: Enable WireGuard service for wgnet
  ansible.builtin.service:
    name: wg-quick@wg0
    enabled: yes
    state: started