[NetDev]
Name=wg0
Kind=wireguard
Description=WireGuard tunnel wg0

[WireGuard]
ListenPort=51820
PrivateKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/' ~ inventory_hostname ~ '.key:content') | trim }}

{% for host in groups['wireguard'] if host != inventory_hostname %}
[WireGuardPeer]
PublicKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/' ~ host ~ '.pub:content') | trim }}
PresharedKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/' ~ inventory_hostname ~ '_' ~ host ~ '.psk:content') | trim }}
AllowedIPs={{ hostvars[host]['wireguard_address'] }}/32
Endpoint={{ host }}:51820

{% endfor %}

{% if inventory_hostname == 'xenrox.net' %}
[WireGuardPeer]
PublicKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/localhost.pub:content') | trim }}
PresharedKey={{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/wireguard/localhost.psk:content') | trim }}
AllowedIPs=10.0.0.1/32
{% endif %}