[Interface]
PrivateKey = {{ wireguard_private_key }}
Address = {{ wireguard_address }}
ListenPort = {{ wireguard_port }}
{% if wireguard_dns is defined %}
DNS = {{ wireguard_dns }}
{% endif %}
{% if wireguard_fwmark is defined %}
FwMark = {{ wireguard_fwmark }}
{% endif %}
{% if wireguard_mtu is defined %}
MTU = {{ wireguard_mtu }}
{% endif %}
{% if wireguard_table is defined %}
Table = {{ wireguard_table }}
{% endif %}
{% if wireguard_preup is defined %}
{% for wg_preup in wireguard_preup %}
PreUp = {{ wg_preup }}
{% endfor %}
{% endif %}
{% if wireguard_postup is defined %}
{% for wg_postup in wireguard_postup %}
PostUp = {{ wg_postup }}
{% endfor %}
{% else %}
PostUp     = firewall-cmd --add-port {{ wireguard_port }}/udp && firewall-cmd --add-masquerade
{% endif %}
{% if wireguard_predown is defined %}
{% for wg_predown in wireguard_predown %}
PreDown = {{ wg_predown }}
{% endfor %}
{% endif %}
{% if wireguard_postdown is defined %}
{% for wg_postdown in wireguard_postdown %}
PostDown = {{ wg_postdown }}
{% endfor %}
{% else %}
PostDown   = firewall-cmd --remove-port {{ wireguard_port }}/udp && firewall-cmd --remove-masquerade
{% endif %}
{% if wireguard_save_config is defined %}
SaveConfig = {{ wireguard_save_config }}
{% endif %}
{% for host in groups['Vpn'] | difference([inventory_hostname]) %}
{%   if hostvars[host].wireguard_public_key is defined %}

[Peer]
# {{ host }}
PublicKey = {{ hostvars[host].wireguard_public_key }}
{%     if false %}
#AllowedIPs = 0.0.0.0/0,::/0
{%     endif %}
{%     if hostvars[host].wireguard_allowed_ips is defined %}
AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32, {% for wireguard_allowed_ip in hostvars[host].wireguard_allowed_ips %}{{ wireguard_allowed_ip }}{% if not loop.last %}, {% endif %}{% endfor %}

{%     else %}
AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32
{%     endif %}
{%     if hostvars[host].wireguard_endpoint_ip is defined and hostvars[host].wireguard_endpoint_port is defined %}
Endpoint = {{ hostvars[host].wireguard_endpoint_ip }}:{{ hostvars[host].wireguard_endpoint_port }}
{%     elif hostvars[host].wireguard_endpoint_ip is defined %}
Endpoint = {{ hostvars[host].wireguard_endpoint_ip }}:{{ hostvars[host].wireguard_port }}
{%     else %}
Endpoint = {{ hostvars[host].ansible_default_ipv4.address }}:{{ wireguard_port }}
{%     endif %}
{%     if hostvars[host].wireguard_persistent_keepalive is defined %}
PersistentKeepalive = {{ hostvars[host].wireguard_persistent_keepalive }}
{%     endif %}
{%   endif %}
{% endfor %}