# Template configuration file for VPN nodes that are non in the cluster
# The private key should be stored as /etc/wireguard/privkey
# External nodes should be registered in network/vars/main.yml

[Interface]
Address = <INSERT YOUR IP HERE, IT SHOULD MATCH THE ONE IN vars/main.yml>
PostUp = wg set %i private-key <(cat /etc/wireguard/privkey)
ListenPort = 51820

# Cluster nodes
{% for selected_host in groups['cluster_nodes'] %}
[Peer]
PublicKey = {{ hostvars[selected_host].wireguard_pubkey.stdout }}
Endpoint = {{ hostvars[selected_host].public_ip }}:{{ hostvars[selected_host].public_vpn_port }}
AllowedIPs = {{ hostvars[selected_host].vpn_ip }}/32
PersistentKeepalive = 25
{% endfor %}

# External nodes
# TODO: remove yourself from here
{% for host in other_vpn_nodes %}
[Peer]
PublicKey = {{ host.pubkey }}
Endpoint = {{ host.public_ip }}:{{ host.public_vpn_port }}
AllowedIPs = {{ host.vpn_ip }}/32
PersistentKeepalive = 25
{% endfor %}