[Interface]
PrivateKey = {{ vars['wireguard-server-vault']['key'] }}
Address=10.0.0.1/24
PostUp=iptables -A FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -A FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -A POSTROUTING -o ens18 -j MASQUERADE;
PostDown=iptables -D FORWARD -i wireguardserver -o ens18 -j ACCEPT; iptables -D FORWARD -i ens18 -o wireguardserver -j ACCEPT; iptables -t nat -D POSTROUTING -o ens18 -j MASQUERADE;
ListenPort={{ vars['wireguard-server']['internal-port'] }}

{% for client_name, client_data in vars['wireguard-client'].items() %}
[Peer]
# {{ client_name }}
PublicKey = {{ vars['wireguard-client-vault'][client_name]['pub'] }}
AllowedIPs = {{ client_data.ip }}/32
{% endfor %}