class profile::wireguard (
) {
  $password_seed = lookup("base_installation::puppet_pass_seed")

  ensure_packages(["linux-headers"], { before => Package["wireguard-dkms"] })
  ensure_packages(["wireguard-tools", "wireguard-dkms"])

  $host = $facts["ldapvar"]["self"]
  if has_key($host["vars"], "wireguard_ip") {
    $ips = $host["vars"]["wireguard_ip"]
  } else {
    $ips = []
  }

  $private_key = generate_password(32, $password_seed, "wireguard", "curve25519", true)

  file { "/etc/wireguard/network.conf":
    ensure  => "file",
    mode    => "0600",
    content => template("profile/wireguard/network.conf.erb"),
    require => [Package["wireguard-tools"], Package["wireguard-dkms"]],
  }
  ->
  service { "wg-quick@network":
    ensure => "running",
    enable => true,
  }

}