# WireGuard Server Configuration
# Generated by Ansible - DO NOT EDIT MANUALLY

[Interface]
# Server private key
PrivateKey = {{ server_private_key_for_config }}

# Server IP address in VPN network
Address = {{ wireguard_server_ip }}/24

# Port to listen on
ListenPort = {{ wireguard_port }}

# Enable NAT for VPN clients to access internet
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ wireguard_interface_name }} -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ wireguard_interface_name }} -j MASQUERADE

# Clients will be added here by the add-wireguard-client playbook
# Example:
# [Peer]
# PublicKey = <client_public_key>
# AllowedIPs = 10.8.0.2/32