fix: wireguard config failfast

roles/wireguard/defaults/main.yml

@@ -4,6 +4,6 @@ wireguard_port: 51820 # static port to receive input connections
 wireguard_server_mode: true # enables NAT and open port
 wireguard_interface: wg0
 wireguard_config_base_path: /etc/wireguard
-wireguard_address: 192.168.27.1/27
+# wireguard_address: 192.168.27.1/27  # Intentionally undefined - role will fail if not set
-wireguard_dns: 192.168.27.1
+# wireguard_dns: 192.168.27.1          # Intentionally undefined - role will fail if not set
 wireguard_peers: []

roles/wireguard/tasks/main.yml

@@ -1,4 +1,16 @@
 ---
+- name: Validate required variables are set
+  ansible.builtin.assert:
+    that:
+      - wireguard_address is defined
+      - wireguard_address | length > 0
+      - wireguard_dns is defined
+      - wireguard_dns | length > 0
+    fail_msg: |
+      wireguard_address and wireguard_dns are required.
+      See roles/wireguard/defaults/main.yml for configuration instructions.
+    success_msg: "Variable validation passed"
+
 - name: Install wireguard
   ansible.builtin.package:
     name: "{{ (ansible_facts['os_family'] == 'Archlinux') | ternary('wireguard-tools', 'wireguard') }}"