Do not regenerate keys if they already in place

tasks/generate_keys.yml

@@ -1,20 +1,42 @@
 ---
-- name: Generate WireGuard private key
-  command: "wg genkey"
-  register: wireguard_register_private_key
-  changed_when: false
+- name: Register if config/private key already exists on target host
+  stat:
+    path: "/etc/wireguard/{{ wireguard_interface }}.conf"
+  register: wireguard_register_config_file
+
+- block:
+    - name: Read WireGuard config file
+      slurp:
+        src: "/etc/wireguard/{{ wireguard_interface }}.conf"
+      register: wireguard_register_config
+
+    - name: Set private key
+      set_fact:
+        wireguard_private_key: "{{ wireguard_register_config['content'] | b64decode | regex_findall('PrivateKey = (.*)') | first }}"
+  when:
+    - wireguard_register_config_file.stat.exists
+
+- block:
+  - name: Generate WireGuard private key
+    command: "wg genkey"
+    register: wireguard_register_private_key
+    changed_when: false
+
+  - name: Set private key
+    set_fact:
+      wireguard_private_key: "{{ wireguard_register_private_key.stdout }}"
+  when:
+    - not wireguard_register_config_file.stat.exists
+    - wireguard_private_key is not defined
 
-- name: Set private key fact
-  set_fact:
-    wireguard_private_key: "{{ wireguard_register_private_key.stdout }}"
 
-- name: Derive WireGuard public key
+- name: Generate WireGuard public key
   command: "wg pubkey"
   args:
     stdin: "{{ wireguard_private_key }}"
   register: wireguard_register_public_key
   changed_when: false
 
-- name: Set public key fact
+- name: Set public key
   set_fact:
     wireguard_fact_public_key: "{{ wireguard_register_public_key.stdout }}"