# WireGuard Client Configuration for {{ client_name }}
# Generated by Ansible - DO NOT EDIT MANUALLY

[Interface]
# Client private key
PrivateKey = {{ client_private_key.stdout }}

# Client IP address in VPN network
Address = {{ client_ip }}/24

{% if wireguard_dns_servers | length > 0 %}
# DNS servers provided via Ansible (optional)
DNS = {{ wireguard_dns_servers | join(', ') }}
{% endif %}

[Peer]
# Server public key
PublicKey = {{ server_public_key_cmd.stdout }}

# Server endpoint
Endpoint = {{ server_external_ip_content }}:{{ wireguard_port }}

# Allowed IPs (routes through VPN)
# IMPORTANT: Only VPN network is routed through VPN by default
# SSH access via normal IP ({{ server_external_ip_content }}) remains available
AllowedIPs = {{ allowed_ips }}

# Keep connection alive
PersistentKeepalive = 25