feat: improve WireGuard client management and framework initialization

- Improve WireGuard client IP calculation logic (find next available IP)
- Add local wireguard-clients directory for storing client configs
- Integrate Redis pool into CacheInitializer
- Improve ContainerBootstrapper with better imports and Redis pool
- Add monitoring role tags for better task organization
- Update WireGuard documentation
- Store generated WireGuard client configs locally

deployment/ansible/playbooks/add-wireguard-client.yml

@@ -9,6 +9,7 @@
     wireguard_config_path: "/etc/wireguard"
     wireguard_config_file: "{{ wireguard_config_path }}/{{ wireguard_interface }}.conf"
     wireguard_client_configs_path: "/etc/wireguard/clients"
+    wireguard_local_client_configs_dir: "{{ playbook_dir }}/../wireguard-clients"
 
   pre_tasks:
     - name: Set WireGuard network
@@ -60,14 +61,28 @@
       set_fact:
         server_vpn_ip: "{{ (wireguard_server_config_read.content | b64decode | regex_search('Address = ([0-9.]+)', '\\1')) | first | default('10.8.0.1') }}"
 
-    - name: Count existing clients in config
+    - name: Extract WireGuard server IP octets
       set_fact:
-        existing_clients_count: "{{ (wireguard_server_config_read.content | b64decode | regex_findall('\\[Peer\\]') | length) }}"
+        wireguard_server_ip_octets: "{{ server_vpn_ip.split('.') }}"
+      when: client_ip == ""
+
+    - name: Gather existing client addresses
+      set_fact:
+        existing_client_ips: "{{ (wireguard_server_config_read.content | b64decode | regex_findall('AllowedIPs = ([0-9A-Za-z.]+)/32', '\\1')) }}"
       when: client_ip == ""
 
     - name: Calculate client IP if not provided
+      vars:
+        existing_last_octets: "{{ (existing_client_ips | default([])) | map('regex_replace', '^(?:\\d+\\.\\d+\\.\\d+\\.)', '') | select('match', '^[0-9]+$') | map('int') | list }}"
+        server_last_octet: "{{ wireguard_server_ip_octets[3] | int }}"
+        next_octet_candidate: "{{ (existing_last_octets + [server_last_octet]) | map('int') | list | max + 1 if (existing_last_octets + [server_last_octet]) else server_last_octet + 1 }}"
       set_fact:
-        client_ip: "{{ server_vpn_ip | regex_replace('^(\\d+\\.\\d+\\.\\d+\\.)\\d+$', '\\1') }}{{ (server_vpn_ip | regex_replace('^(\\d+\\.\\d+\\.\\d+\\.)(\\d+)', '\\2') | int) + (existing_clients_count | default(1)) | int }}"
+        client_ip: "{{ [
+          wireguard_server_ip_octets[0],
+          wireguard_server_ip_octets[1],
+          wireguard_server_ip_octets[2],
+          next_octet_candidate
+        ] | join('.') }}"
       when: client_ip == ""
 
     - name: Generate client private key
@@ -84,12 +99,6 @@
       changed_when: false
       no_log: yes
 
-    - name: Check if client already exists in config
-      shell: "grep -q '{{ client_name }}' {{ wireguard_config_file }} || echo 'not found'"
-      register: client_exists_check
-      changed_when: false
-      failed_when: false
-
     - name: Add client to WireGuard server config
       blockinfile:
         path: "{{ wireguard_config_file }}"
@@ -99,7 +108,7 @@
           PublicKey = {{ client_public_key.stdout }}
           AllowedIPs = {{ client_ip }}/32
         marker: "# {mark} ANSIBLE MANAGED BLOCK - Client: {{ client_name }}"
-      when: "'not found' in client_exists_check.stdout"
+      register: wireguard_client_block
 
     - name: Ensure client configs directory exists
       file:
@@ -109,6 +118,15 @@
         owner: root
         group: root
 
+    - name: Ensure local client configs directory exists
+      file:
+        path: "{{ wireguard_local_client_configs_dir }}"
+        state: directory
+        mode: '0700'
+      delegate_to: localhost
+      become: no
+      run_once: true
+
     - name: Get server public key
       shell: "cat {{ wireguard_config_path }}/{{ wireguard_interface }}_private.key | wg pubkey"
       register: server_public_key_cmd
@@ -124,6 +142,20 @@
         owner: root
         group: root
 
+    - name: Download client configuration to control machine
+      fetch:
+        src: "{{ wireguard_client_configs_path }}/{{ client_name }}.conf"
+        dest: "{{ wireguard_local_client_configs_dir }}/{{ client_name }}.conf"
+        flat: yes
+        mode: '0600'
+
+    - name: Ensure local client configuration has strict permissions
+      file:
+        path: "{{ wireguard_local_client_configs_dir }}/{{ client_name }}.conf"
+        mode: '0600'
+      delegate_to: localhost
+      become: no
+
     - name: Read WireGuard server config to find server IP
       slurp:
         src: "{{ wireguard_config_file }}"
@@ -133,7 +165,7 @@
       systemd:
         name: "wg-quick@{{ wireguard_interface }}"
         state: restarted
-      when: "'not found' in client_exists_check.stdout"
+      when: wireguard_client_block.changed
 
     - name: Display client configuration
       debug:
@@ -144,6 +176,9 @@
           
           Client Configuration File:
           {{ wireguard_client_configs_path }}/{{ client_name }}.conf
+
+          Local Copy:
+          {{ wireguard_local_client_configs_dir }}/{{ client_name }}.conf
           
           Client IP: {{ client_ip }}
           Server Endpoint: {{ server_external_ip_content }}:{{ wireguard_port }}
@@ -166,4 +201,4 @@
     - name: Display QR code
       debug:
         msg: "{{ qr_code.stdout }}"
-      when: qr_code.rc == 0
+      when: qr_code.rc == 0