Add conf for other host not in play

templates/etc/wireguard/wireguard.conf.j2

@@ -41,28 +41,30 @@ PostDown   = firewall-cmd --remove-port {{ wireguard_port }}/udp && firewall-cmd
 {% if wireguard_save_config is defined %}
 SaveConfig = {{ wireguard_save_config }}
 {% endif %}
-{% for host in ansible_play_hosts %}
-{%   if host != inventory_hostname %}
+{% for host in groups['Vpn'] | difference([inventory_hostname]) %}
+{%   if hostvars[host].wireguard_public_key is defined %}
 
 [Peer]
 # {{ host }}
 PublicKey = {{ hostvars[host].wireguard_public_key }}
+{%     if false %}
 #AllowedIPs = 0.0.0.0/0,::/0
+{%     endif %}
 {%     if hostvars[host].wireguard_allowed_ips is defined %}
 AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32, {% for wireguard_allowed_ip in hostvars[host].wireguard_allowed_ips %}{{ wireguard_allowed_ip }}{% if not loop.last %}, {% endif %}{% endfor %}
 
 {%     else %}
 AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32
 {%     endif %}
-{% if hostvars[host].wireguard_endpoint_ip is defined and hostvars[host].wireguard_endpoint_port is defined %}
+{%     if hostvars[host].wireguard_endpoint_ip is defined and hostvars[host].wireguard_endpoint_port is defined %}
 Endpoint = {{ hostvars[host].wireguard_endpoint_ip }}:{{ hostvars[host].wireguard_endpoint_port }}
-{% elif hostvars[host].wireguard_endpoint_ip is defined %}
+{%     elif hostvars[host].wireguard_endpoint_ip is defined %}
 Endpoint = {{ hostvars[host].wireguard_endpoint_ip }}:{{ hostvars[host].wireguard_port }}
-{% else %}
+{%     else %}
 Endpoint = {{ hostvars[host].ansible_default_ipv4.address }}:{{ wireguard_port }}
-{% endif %}
-{%     if hostvars[host].wireguard_persistent_keepalive is defined %}
-PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
 {%     endif %}
-{% endif %}
+{%     if hostvars[host].wireguard_persistent_keepalive is defined %}
+PersistentKeepalive = {{ hostvars[host].wireguard_persistent_keepalive }}
+{%     endif %}
+{%   endif %}
 {% endfor %}