|
- wireguard:
- interfaces:
- wg0:
- # The two following keys are non-wireguard options.
- # Delete the config file. The interface will also be stopped and disables.
- # Defaults to False.
- #delete: False
- # Start and enable the service. Setting this to false causes the interface
- # to be stopped and disabled. Defaults to True.
- #enable: True
-
- config:
- # see wg(8) and wg-quick(8) for supported keys.
-
- # wg genkey
- PrivateKey: private_key_string
-
- # Address accepts a list of addresses or a string. Additionally wg-quick
- # will expand comma separated addresses.
- Address:
- - fe80::1/64
- - 10.0.0.1/24
- #Address: fe80::1/64, 10.0.0.1/24
- ListenPort: 51820
-
- # It is very important to quote off. Jinja expands off without quotes to
- # False which will result in 'table' not being set in the config file,
- # resulting in defaulting to auto.
- Table: 'off'
- peers:
- - PublicKey: foobar
- # AllowedIPs must be a list of strings or a comma separated string
- AllowedIPs:
- - fe80::2
- - 10.0.0.2/32
- PresharedKey: secret1
- - Publickey: bazbar
- AllowedIPs:
- - fe80::3
- - 10.0.0.3/32
- PresharedKey: secret2
-
- # the raw_config key can be used to pass a whole wireguard config in. The
- # raw_config key takes precendce before the regular config and peers keys.
- # Every other wireguard option in will then be ignored. Make sure to have
- # the correct indentation of 4 spaces more than the raw_config key and to
- # start with raw_config: |
- raw_config: |
- [Interface]
- Address = fe80::1/64
- ListenPort = 51820
- PrivateKey = private
- Table = off
- [Peer]
- PublicKey = peer
- AllowedIPs = fe80::2
|