[Interface]
PrivateKey = {{ vpn_wireguard_interface_private_key }}
{% if vpn_wireguard_role == "server" %}
ListenPort = {{ vpn_wireguard_port }}
{% endif %}

{% if vpn_wireguard_role == "server" %}
{% for client in vpn_wireguard_clients %}
[Peer]
PublicKey = {{ client.public_key }}
PresharedKey = {{ vpn_wireguard_preshared_key }}
{% if vpn_wireguard_subnet is defined %}
AllowedIPs = {{ vpn_wireguard_subnet }},{{ client.subnet }}
{% else %}
AllowedIPs = {{ client.subnet }}
{% endif %}

{% endfor %}
{% elif vpn_wireguard_role == "client" %}
[Peer]
PublicKey = {{ vpn_wireguard_server_public_key }}
PresharedKey = {{ vpn_wireguard_preshared_key }}
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15

{% endif %}