wireguard:
  wg0:
    # The two following keys are non-wireguard options.
    # Delete the config file. The interface will also be stopped and disables.
    # Defaults to False.
    #delete: False
    # Start and enable the service. Setting this to false causes the interface
    # to be stopped and disabled. Defaults to True.
    #enable: True

    # see wg(8) and wg-quick(8) for supported keys. We use all lowercase
    # letters.

    # address must be a list
    address:
      - fe80::1/64
      - 10.0.0.1/24
    listenport: 51820
    # very important to quote off. Jinja expands off without quotes to False
    # which will result in 'table' not being set in the config file, resulting
    # in defaulting to auto.
    table: 'off'
    peers:
      - publickey: foobar
        # address must be a list
        allowedips:
	  - fe80::2
	  - 10.0.0.2/32
        presharedkey: secret1
      - publickey: bazbar
        allowedips:
	  - fe80::3
	  - 10.0.0.3/32
        presharedkey: secret2

    # the config key can be used to pass a whole wireguard config in. The config
    # key takes precendce. Every other wireguard option in will then be ignored.
    # Make sure to have the correct indentation of 4 spaces more than the config
    # key and to start with config: |
    config: |
        [Interface]
        Address = fe80::1/64
        ListenPort = 51820
        PrivateKey = private
        Table = off
        [Peer]
        PublicKey = peer
        AllowedIPs = fe80::2