---
- name: Check if wstunnel is already installed
  ansible.builtin.stat:
    path: /usr/local/bin/wstunnel
  register: wstunnel_binary

- name: Download and install wstunnel
  when: not wstunnel_binary.stat.exists
  block:
    - name: Download and unarchive wstunnel package
      ansible.builtin.unarchive:
        src: "{{ vars['wireguard-server']['wstunnel-download-url'] }}"
        dest: /tmp
        remote_src: yes
        creates: /tmp/wstunnel

    - name: Move wstunnel binary to /usr/local/bin
      ansible.builtin.copy:
        src: /tmp/wstunnel
        dest: /usr/local/bin/wstunnel
        mode: '0755'
        remote_src: yes
      become: true
  
    - name: Clean up temporary wstunnel file
      ansible.builtin.file:
        path: /tmp/wstunnel
        state: absent

- name: Create wstunnel systemd service file
  ansible.builtin.copy:
    dest: /etc/systemd/system/wstunnel.service
    content: |
      [Unit]
      Description=WSTunnel Server
      After=network.target

      [Service]
      Type=simple
      User=nobody
      ExecStart=/usr/local/bin/wstunnel server ws://0.0.0.0:8080 --restrict-to 127.0.0.1:{{ vars['wireguard-server']['internal-port'] }}
      Restart=always
      RestartSec=3

      [Install]
      WantedBy=multi-user.target
  become: true
  notify: Restart wstunnel

- name: Ensure wstunnel service is started and enabled
  ansible.builtin.systemd:
    name: wstunnel
    state: started
    enabled: yes
    daemon_reload: yes
  become: true