{{ ansible_managed | comment }}

[Interface]
PrivateKey = {{ wg_private_key }}
Address = {{ wg_addr4 }}, {{ wg_addr6 }}
ListenPort = {{ wg_listen_port }}
SaveConfig = false

{% if wg_firewall %}
PostUp = iptables -t nat -A POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE
PostUp = iptables -A FORWARD -s {{ wg_addr4 }} -j ACCEPT
PostUp = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE
PostUp = ip6tables -A FORWARD -s {{ wg_addr6 }} -j ACCEPT
PostDown = iptables -t nat -D POSTROUTING -s {{ wg_addr4 }} -m policy --pol none --dir out -j MASQUERADE
PostDown = iptables -D FORWARD -s {{ wg_addr4 }} -j ACCEPT
PostDown = ip6tables -t nat -A POSTROUTING -s {{ wg_addr6 }} -m policy --pol none --dir out -j MASQUERADE
PostDown = ip6tables -D FORWARD -s {{ wg_addr6 }} -j ACCEPT
{% endif %}
{% if wg_peers is defined %}
{% for peer in wg_peers %}

[Peer]
PublicKey = {{ peer.public_key }}
{% if peer.preshared_key is defined %}
PresharedKey = {{ peer.preshared_key }}
{% endif %}
AllowedIPs = {{ peer.allowed_ips }}
{% if peer.endpoint is defined %}
Endpoint = {{ peer.endpoint }}
{% endif %}
{% if peer.persistent_keepalive is defined and peer.persistent_keepalive %}
PersistentKeepalive = 25
{% endif %}
{% endfor %}
{% endif %}