[Interface]
Address = {{ pillar['wireguard']['address'] }}
PrivateKey = {{ pillar['wireguard']['privatekey'] }}
ListenPort = {{ pillar['wireguard']['port'] }}
PostUp = iptables -A FORWARD -i {{ pillar['wireguard']['iface'] }} -j ACCEPT; iptables -t nat -A POSTROUTING -o {{ pillar['network']['interface'] }} -j MASQUERADE
PostDOWN = iptables -D FORWARD -i {{ pillar['wireguard']['iface'] }} -j ACCEPT; iptables -t nat -D POSTROUTING -o {{ pillar['network']['interface'] }} -j MASQUERADE

{% for peer in pillar['wireguard']['peers'] -%}
[peer]
PublicKey = {{ peer['publickey'] }}
PresharedKey = {{ peer['presharedkey'] }}
AllowedIPs = {{ peer['allowedips'] }}
{% endfor %}