{{ ansible_header | comment }}
{% if wireguard.sputnik %}
[Interface]
Address = 172.31.0.2/30, fd0c:700:0:8::2/64
ListenPort = 51820
PrivateKey = {{ wireguard.private_key }}

PostUp = /sbin/ip link set sputnik alias adm

[Peer]
PublicKey = {{ wireguard.peer_public_key }}
AllowedIPs = 172.31.0.1/32, fd0c:700:0:8::1/128, 10.231.136.0/24, 2a0c:700:0:2::/64
Endpoint = 138.231.136.131:51820
{% else %}
[Interface]
Address = 172.31.0.1/30, fd0c:700:0:8::1/64
ListenPort = 51820
PrivateKey = {{ wireguard.private_key }}

PostUp =   ifup   {{ wireguard.if }}; iptables -t nat -A PREROUTING -d 10.231.136.21 -j DNAT --to-destination 172.31.0.2; iptables -t nat -A POSTROUTING -j MASQUERADE; ip6tables -t nat -A PREROUTING -d 2a0c:700:0:2:73:70ff:fe75:7402/128 -j DNAT --to-destination fd0c:700:0:8::2; ip6tables -t nat -A POSTROUTING -j MASQUERADE
PostDown = ifdown {{ wireguard.if }}; iptables -t nat -D PREROUTING -d 10.231.136.21 -j DNAT --to-destination 172.31.0.2; iptables -t nat -D POSTROUTING -j MASQUERADE; ip6tables -t nat -D PREROUTING -d 2a0c:700:0:2:73:70ff:fe75:7402/128 -j DNAT --to-destination fd0c:700:0:8::2; ip6tables -t nat -D POSTROUTING -j MASQUERADE

[Peer]
PublicKey = {{ wireguard.peer_public_key }}
AllowedIPs = 172.31.0.2/32, fd0c:700:0:8::2/128
Endpoint = 46.105.102.188:51820
{% endif %}