---
- name: Activate IP4 forwarding in kernel
  ansible.posix.sysctl:
    name: net.ipv4.ip_forward
    value: '1'
    sysctl_file: /etc/sysctl.d/99-ip-forwarding.conf
    state: present
    reload: yes

- name: Activate IP6 forwarding in kernel
  ansible.posix.sysctl:
    name: net.ipv6.conf.all.forwarding
    value: '1'
    sysctl_file: /etc/sysctl.d/99-ip-forwarding.conf
    state: present
    reload: yes

- name: Provision wireguard tools
  ansible.builtin.apt: { name: "wireguard-tools" }

- name: Template a-vpn configuration
  ansible.builtin.template:
    src: a-vpn.conf.j2
    dest: /etc/wireguard/a-vpn.conf
    mode: 0600
    owner: root
    group: root
  notify: [ "Start a-vpn" ]

- name: Flush handlers
  ansible.builtin.meta: flush_handlers