Added Wireguard role

roles/wireguard/templates/clients.conf.j2

@@ -0,0 +1,13 @@
+[Interface]
+Address = {{ item.Address }}
+ListenPort = {{ wireguard_port }}
+PrivateKey = {{ _privkey_value['content'] | b64decode | trim }}
+{% if item.DNS|length > 0 %}DNS = {{ item.DNS }}
+{% endif %}
+
+[Peer]
+PublicKey = {{ server_public_key }}
+PresharedKey = {{ preshared_key }}
+AllowedIPs = {{ item.AllowedIPs }}
+Endpoint = {{ wireguard_hostname }}:{{ wireguard_port }}
+PersistentKeepalive = {{ item.PersistentKeepalive | default(wireguard_keepalive) }}

roles/wireguard/templates/peer.j2

@@ -0,0 +1,5 @@
+[peer]
+# peer_{{ item.FriendlyName }}
+PublicKey = {{ _client_pubkey_value['content'] | b64decode | trim }}
+PresharedKey = {{ item.PresharedKey }}
+AllowedIPs = {{ item.Address }}/32

roles/wireguard/templates/peers.j2

@@ -0,0 +1,9 @@
+{% for peer in wireguard_peers %}
+- WireGuardPeer:
+  FriendlyName: {{ peer.name }}
+  Address: {{ peer.address }}
+  AllowedIPs: "{{ peer.allowed_ip }}{% if not '/' in peer.allowed_ip %}/32{% endif %}"
+  DNS: "{% if peer.dns is defined %}{{ peer.dns }}{% endif %}"
+  PresharedKey: "{{ _pskkey_value['content'] | b64decode | trim }}"
+  PersistentKeepalive: {{ peer.keepalive | default(wireguard_keepalive) }}
+{% endfor %}

roles/wireguard/templates/server.conf.j2

@@ -0,0 +1,6 @@
+[Interface]
+Address = {{ wireguard_server_ip }}
+ListenPort = {{ wireguard_port }}
+PrivateKey = {{ _privkey_value['content'] | b64decode | trim }}
+PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -s {{ wireguard_address }} -o {{ nat_out_interface }} -j MASQUERADE
+PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -s {{ wireguard_address }} -o {{ nat_out_interface }} -j MASQUERADE