ansible-roles/vpn/wireguard/templates/post-up-IFACE-ipv4.nft

#!/usr/bin/env -S nft -f

table ip {{ vpn_wireguard_iface }}_ipv4 {

{% if vpn_wireguard_role == "server" %}
        chain postrouting {
                type nat hook postrouting priority 100;
                iif {{ vpn_wireguard_iface }} oif {{ ansible_default_ipv4.interface }} masquerade;
        }

{% endif %}
}