auto {{ vpn_wireguard_iface }}
iface {{ vpn_wireguard_iface }} inet6 static
    pre-up /usr/local/sbin/ip-link-add.sh $IFACE type wireguard
    pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf

    post-up /usr/local/sbin/post-up-$IFACE-inet.nft
{% if vpn_wireguard_routing_table is defined %}
    post-up ip -6 rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
{% for client in vpn_wireguard_clients %}
{% if 'inet6_subnet' in client %}
    post-up ip route add {{ client.inet6_subnet }} dev $IFACE
{% endif %}
{% endfor %}

{% for client in vpn_wireguard_clients %}
{% if 'inet6_subnet' in client %}
    pre-down ip route del {{ client.inet6_subnet }} dev $IFACE
{% endif %}
{% endfor %}
{% if vpn_wireguard_routing_table is defined %}
    pre-down ip -6 rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
    pre-down /usr/local/sbin/pre-down-$IFACE-inet.nft

    mtu {{ vpn_wireguard_mtu }}

    address {{ vpn_wireguard_inet6_address }}/{{ vpn_wireguard_inet6_prefixlen }}

iface {{ vpn_wireguard_iface }} inet static
{% if vpn_wireguard_routing_table is defined %}
    post-up ip rule add sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}
{% for client in vpn_wireguard_clients %}
{% if 'inet_subnet' in client %}
    post-up ip route add {{ client.inet_subnet }} dev $IFACE
{% endif %}
{% endfor %}

{% for client in vpn_wireguard_clients %}
{% if 'inet_subnet' in client %}
    pre-down ip route del {{ client.inet_subnet }} dev $IFACE
{% endif %}
{% endfor %}
{% if vpn_wireguard_routing_table is defined %}
    pre-down ip rule del sport {{ vpn_wireguard_port }} ipproto udp table {{ vpn_wireguard_routing_table }}
{% endif %}

    address {{ vpn_wireguard_inet_address }}/{{ vpn_wireguard_inet_prefixlen }}