[NetDev]
Name=serverctl-wg0
Kind=wireguard
Description=WireGuard tunnel serverctl-wg0

[WireGuard]
ListenPort={{ wireguard_port }}
PrivateKey={{ wireguard_private_key.stdout }}

{% for peer in groups['serverctl_super_cluster'] %}
{% if peer != inventory_hostname %}

[WireGuardPeer]
PublicKey={{ hostvars[peer].wireguard_public_key.stdout }}
PresharedKey={{ wireguard_preshared_keys[peer] if inventory_hostname < peer else hostvars[peer].wireguard_preshared_keys[inventory_hostname] }}
AllowedIPs={{ hostvars[peer].wireguard_ip }}/32
{% if not hostvars[peer].client_server %}
Endpoint={{ hostvars[peer].ansible_host }}:{{ wireguard_port }}
PersistentKeepalive=25
{% endif %}
{% endif %}
{% endfor %}