# {{ ansible_managed }}

{%- if wireguard_openbao_mount | length > 0 %}
{%- set openbao_path = [inventory_hostname, ansible_role_name, inventory_hostname] | join('/') %}
{%- set privatekey = lookup('community.hashi_vault.vault_kv2_get', openbao_path)['data']['data']['privatekey'] %}
{%- else %}
{%- set privatekey = wireguard_interface_privatekey %}
{%- endif %}

[Interface]
Address = {{ wireguard_interface_addresses | join(', ') }}
ListenPort = {{ wireguard_interface_listen_port }}
PrivateKey = {{ privatekey }}

{% for peer in wireguard_peers -%}
{% if wireguard_openbao_mount | length > 0 -%}
{% set openbao_path = [inventory_hostname, ansible_role_name, peer.name] | join('/') -%}
{% set publickey = lookup('community.hashi_vault.vault_kv2_get', openbao_path)['data']['data']['publickey'] -%}
{% else -%}
{% set publickey = peer.publickey -%}
{% endif -%}

[Peer]
# {{ peer.name }}
AllowedIPs = {{ peer.allowed_ips | join(', ') }}
{% if peer.endpoint is defined %}
Endpoint = {{ peer.endpoint }}
{% endif %}
{% if peer.persistent_keepalive is defined %}
PersistentKeepalive = {{ peer.persistent_keepalive }}
{% endif %}
PublicKey = {{ publickey }}
{% if not loop.last %}

{% endif %}
{% endfor %}