ansible-roles/vpn/wireguard/templates/IFACE.conf

[Interface]
PrivateKey = {{ vpn_wireguard_interface_private_key }}
{% if vpn_wireguard_role == "server" %}
ListenPort = {{ vpn_wireguard_port }}
{% endif %}

{% if vpn_wireguard_role == "server" %}
{% for client in vpn_wireguard_clients %}
[Peer]
PublicKey = {{ client.public_key }}
PresharedKey = {{ client.preshared_key }}
{% if 'subnet' in client %}
AllowedIPs = {{ vpn_wireguard_subnet }},{{ client.subnet }}
{% else %}
AllowedIPs = {{ vpn_wireguard_subnet }}
{% endif %}

{% endfor %}
{% elif vpn_wireguard_role == "client" %}
[Peer]
PublicKey = {{ vpn_wireguard_server_public_key }}
PresharedKey = {{ vpn_wireguard_server_preshared_key }}
Endpoint = {{ vpn_wireguard_server_address }}:{{ vpn_wireguard_port }}
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 15

{% endif %}