homeserver-iac/roles/wireguard/templates/server.conf.j2

[Interface]
Address = {{ wireguard.ip.address }}
PrivateKey = {{ wireguard_secret.server_key }}
ListenPort = {{ wireguard.ip.port }}

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ net_interface }} -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ net_interface }} -j MASQUERADE
SaveConfig = false

{% for peer in wireguard_secret.peers %}
[Peer]
PublicKey = {{ peer.pub_key }}
AllowedIPs = {{ peer.addr }}
{% endfor %}
roles/wireguard: implemented 2024-06-16 15:05:12 -04:00			`[Interface]`
			`Address = {{ wireguard.ip.address }}`
			`PrivateKey = {{ wireguard_secret.server_key }}`
			`ListenPort = {{ wireguard.ip.port }}`

			`PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ net_interface }} -j MASQUERADE`
			`PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ net_interface }} -j MASQUERADE`
			`SaveConfig = false`

			`{% for peer in wireguard_secret.peers %}`
			`[Peer]`
			`PublicKey = {{ peer.pub_key }}`
			`AllowedIPs = {{ peer.addr }}`
			`{% endfor %}`