- name: Acquiring home of current user
  when: ansible_facts["system"] == "Linux"
  ansible.builtin.shell:
    cmd: "echo ~{{ ansible_user }}"
  register: ansible_user_home
- name: Acquiring current user
  when: ansible_facts["system"] == "Linux"
  ansible.builtin.shell:
    cmd: "echo {{ ansible_user }}"
  register: current_user
- name: Initializing DSNet
  become: true
  ansible.builtin.command:
    cmd: dsnet init
- name: Running DSNet VPN service interface
  become: true
  ansible.builtin.command:
    cmd: dsnet up
- name: Creating a directory to house VPN service client configurations
  ansible.builtin.file:
    path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d"
    recurse: true
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    mode: "755"
    state: directory
- name: Adding peer device for DSNet VPN service interface
  become: true
  ansible.builtin.shell:
    cmd: "dsnet add {{ item.name }}{{ idx }} --owner {{ current_user.stdout }} --description 'For {{ item.name }}--{{ item.desc }}' --confirm > {{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
    creates: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ idx }}.conf"
  loop: "{{ vpn_server.clients }}"
  loop_control:
    index_var: idx
- name: Changing ownership of consequent DSNet VPN service client configurations
  ansible.builtin.file:
    path: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
    owner: "{{ ansible_user }}"
    group: "{{ ansible_user }}"
    state: file
  loop: "{{ vpn_server.clients }}"
  loop_control:
    index_var: idx
- name: Pausing to inquire about how to proceed
  ansible.builtin.pause:
    prompt: "Type \"fetch\" to get the DSNet VPN service client configuration files, or \"show\" to see their contents for manual copying instead"
    echo: true
  register: data_method
- name: Presenting DSNet VPN service client configuration files to control node for copying
  when: data_method.user_input == "show"
  block:
    - name: Acquiring contents of DSNet VPN service client configuration files
      ansible.builtin.slurp:
        src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
      loop: "{{ vpn_server.clients }}"
      loop_control:
        index_var: idx
      register: vpn_client_configs
    - name: Presenting contents of DSNet VPN service client configurations to control node
      ansible.builtin.debug:
        msg: "Copy this client configuration of the DSNet VPN service:\n {{ item.content }}"
      loop: "{{ vpn_client_configs.results }}"
    - name: Giving opportunity to manually copy contents of DSNet VPN service client configuration files
      ansible.builtin.pause:
- name: Providing DSNet VPN service client configuration files to control node machine
  when: data_method.user_input == "fetch"
  block:
    - name: Dupliciating DSNet VPN service client configuration files to control node
      ansible.builtin.fetch:
        src: "{{ ansible_user_home.stdout }}/.wg/authorized_clients.d/{{ item.name }}{{ (idx | string) }}.conf"
        dest: "./.tmp/{{ inventory_hostname }}-dsnet/wg/"
        flat: true
      loop: "{{ vpn_server.clients }}"
      loop_control:
        index_var: idx
    - name: Informing control node of acquired files
      ansible.builtin.debug:
        msg: "The DSNet VPS service client configuration files have been duplicated to '/var/tmp/{{ inventory_hostname }}/wg/' at the control node."
    - name: Giving control node user time to read the aforementiioned message
      ansible.builtin.pause:
        seconds: 30
- name: Ensuring IP forwarding is allowed
  become: true
  ansible.posix.sysctl:
    name: "net.{{ item }}.ip_forward"
    value: "1"
    sysctl_set: true
    state: present
  loop:
    - ipv4
    # - ipv6
- name: Creating SystemD unit for placing up DSNet interface
  become: true
  ansible.builtin.copy:
    src: systemd/system/dsnet.service
    dest: /etc/systemd/system/dsnet.service
    owner: root
    group: root
    force: true
    backup: true
- name: Reloading SystemD and enabling DSNet interface
  become: true
  ansible.builtin.systemd_service:
    name: dsnet
    enabled: true
    daemon_reload: true
- name: Copying script for DSNet iptables rules
  become: true
  ansible.builtin.copy:
    src: usr/local/bin/dsnet-forward.sh
    dest: /usr/local/bin/
    owner: root
    group: root
    mode: "744"
    force: true
    backup: true
- name: Creating SystemD unit for DSNet iptables rules
  become: true
  ansible.builtin.copy:
    src: systemd/system/thrunet.service
    dest: /etc/systemd/system/thrunet.service
    owner: root
    group: root
    force: true
    backup: true
- name: Reloading SystemD and enabling iptables rules SystemD unit
  become: true
  ansible.builtin.systemd_service:
    name: thrunet
    enabled: true
    daemon_reload: true
- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
  become: true
  ansible.builtin.iptables:
    chain: FORWARD
    protocol: "{{ item[0][0] }}"
    source_port: "{{ item[0][1] }}"
    in_interface: "{{ item[1] }}"
    jump: ACCEPT
  loop: "{{ vpn_server.forwards | product([vpn_server.interface]) }}"
- name: Forwarding network traffic on certain ports to Wireguard VPS service interface
  become: true
  ansible.builtin.iptables:
    table: nat
    chain: POSTROUTING
    out_interface: "{{ vpn_server.interface }}"
    jump: MASQUERADE