[Interface] Address={{ wireguard_node_ips[inventory_hostname] }}/32 ListenPort={{ wireguard_listen_port }} PrivateKey={{ wireguard_private_key.stdout }} SaveConfig=true {% if wireguard_node_ips[inventory_hostname] != '10.212.0.1' %} PostUp=ip route add 10.137.0.0/16 via 10.212.0.1 dev mmtmesh {% endif %} {% for peer in groups['wireguard-mesh'] %} {% if peer != inventory_hostname %} [Peer] PublicKey={{ hostvars[peer].wireguard_public_key.stdout }} PresharedKey={{ wireguard_preshared_keys[peer] if inventory_hostname < peer else hostvars[peer].wireguard_preshared_keys[inventory_hostname] }} {% if wireguard_node_ips[peer] == '10.212.0.1' %} AllowedIPs={{ wireguard_node_ips[peer] }}/32, 10.137.0.0/16 {% else %} AllowedIPs={{ wireguard_node_ips[peer] }}/32 {% endif %} Endpoint={{ peer | replace('.int.', '.') }}:{{ wireguard_listen_port }} {% endif %} {% endfor %}