templates/etc/wireguard/wg.conf.j2

#jinja2: lstrip_blocks:"True",trim_blocks:"True"
{# Copyright (C) 2018-2022 Robert Wimmer
 # SPDX-License-Identifier: GPL-3.0-or-later
 #}
# {{ ansible_managed }}

[Interface]
# {{ inventory_hostname }}
Address = {{ wireguard_address }}
PrivateKey = {{ wireguard_private_key }}
ListenPort = {{ wireguard_port }}
{% if wireguard_dns is defined %}
DNS = {{ wireguard_dns }}
{% endif %}
{% if wireguard_fwmark is defined %}
FwMark = {{ wireguard_fwmark }}
{% endif %}
{% if wireguard_mtu is defined %}
MTU = {{ wireguard_mtu }}
{% endif %}
{% if wireguard_table is defined %}
Table = {{ wireguard_table }}
{% endif %}
{% if wireguard_preup is defined %}
{% for wg_preup in wireguard_preup %}
PreUp = {{ wg_preup }}
{% endfor %}
{% endif %}
{% if wireguard_postup is defined %}
{% for wg_postup in wireguard_postup %}
PostUp = {{ wg_postup }}
{% endfor %}
{% endif %}
{% if wireguard_predown is defined %}
{% for wg_predown in wireguard_predown %}
PreDown = {{ wg_predown }}
{% endfor %}
{% endif %}
{% if wireguard_postdown is defined %}
{% for wg_postdown in wireguard_postdown %}
PostDown = {{ wg_postdown }}
{% endfor %}
{% endif %}
{% if wireguard_save_config is defined %}
SaveConfig = {{ wireguard_save_config }}
{% endif %}
{% for host in ansible_play_hosts %}
{%   if host != inventory_hostname %}

[Peer]
# {{ host }}
PublicKey = {{hostvars[host].wireguard__fact_public_key}}
{%     if hostvars[host].wireguard_allowed_ips is defined %}
AllowedIPs = {{hostvars[host].wireguard_allowed_ips}}
{%     else %}
AllowedIPs = {{ hostvars[host].wireguard_address.split('/')[0] }}/32
{%     endif %}
{%     if hostvars[host].wireguard_persistent_keepalive is defined %}
PersistentKeepalive = {{hostvars[host].wireguard_persistent_keepalive}}
{%     endif %}
{%     if (
         hostvars[host].wireguard_dc is defined and
         wireguard_dc is defined and
         wireguard_dc['name'] != hostvars[host].wireguard_dc['name']
       )
%}
Endpoint = {{hostvars[host].wireguard_dc['endpoint']}}:{{hostvars[host].wireguard_dc['port']}}
{%     elif hostvars[host].wireguard_port is defined %}
{%       if hostvars[host].wireguard_endpoint is defined and hostvars[host].wireguard_endpoint != "" %}
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{hostvars[host].wireguard_port}}
{%       else %}
Endpoint = {{host}}:{{hostvars[host].wireguard_port}}
{%       endif %}
{%     elif hostvars[host].wireguard_endpoint is defined %}
{%       if hostvars[host].wireguard_endpoint != "" %}
Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
{%       else %}
# No endpoint defined for this peer
{%       endif %}
{%     else %}
Endpoint = {{host}}:{{wireguard_port}}
{%     endif %}
{%   endif %}
{% endfor %}
{% if wireguard_unmanaged_peers is defined %}

# Peers not managed by Ansible from "wireguard_unmanaged_peers" variable
{% for peer in wireguard_unmanaged_peers.keys() %}
[Peer]
# {{ peer }}
PublicKey = {{ wireguard_unmanaged_peers[peer].public_key }}
{%     if wireguard_unmanaged_peers[peer].preshared_key is defined %}
PresharedKey = {{ wireguard_unmanaged_peers[peer].preshared_key }}
{%     endif %}
{%     if wireguard_unmanaged_peers[peer].allowed_ips is defined %}
AllowedIPs = {{ wireguard_unmanaged_peers[peer].allowed_ips }}
{%     endif %}
{%     if wireguard_unmanaged_peers[peer].endpoint is defined %}
Endpoint = {{ wireguard_unmanaged_peers[peer].endpoint }}
{%     endif %}
{%     if wireguard_unmanaged_peers[peer].persistent_keepalive is defined %}
PersistentKeepalive = {{ wireguard_unmanaged_peers[peer].persistent_keepalive }}
{%     endif %}
{%   endfor %}
{% endif %}