- name: ensure script is run as root
  assert:
    that:
      - ansible_effective_user_id == 0
    fail_msg: "this playbook must be run as root"

- name: check if system is debian-based
  command: dpkg -l
  register: dpkg_check
  changed_when: false
  failed_when: false

- name: fail if not debian-based
  fail:
    msg: "distribution not Debian-based"
  when: dpkg_check.rc != 0


- name: check nat_subnet format
  fail:
    msg: "nat_subnet must be in CIDR format, e.g., 10.10.10.0/24"
  when: nat_subnet is not match("^(\\d{1,3}\\.){3}\\d{1,3}/\\d{1,2}$")

- name: check nat_bridge_ip is valid ip
  fail:
    msg: "nat_bridge_ip must be a valid IPv4 address"
  when: nat_bridge_ip is not match("^(\\d{1,3}\\.){3}\\d{1,3}$")

- name: check wg_subnet format
  fail:
    msg: "wg_subnet must be in CIDR format, e.g., 10.13.37.0/24"
  when: wg_subnet is not match("^(\\d{1,3}\\.){3}\\d{1,3}/\\d{1,2}$")

- name: check wg_port is between 1024 and 65535
  fail:
    msg: "wg_port must be a number between 1024 and 65535"
  when: wg_port | int < 1024 or wg_port | int > 65535