[Interface]
PrivateKey = <%= @privkey %>
Address = <%= @address %>
ListenPort = <%= @listenport %>
SaveConfig = true

<% if node['esh']['wireguard']['server']['routing'] %>
PostUp = ufw route allow in on wg0 out on <%= @pubint %>
PostUp = iptables -t nat -I POSTROUTING -o <%= @pubint %> -j MASQUERADE
PostUp = ip6tables -t nat -I POSTROUTING -o <%= @pubint %> -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on <%= @pubint %>
PreDown = iptables -t nat -D POSTROUTING -o <%= @pubint %> -j MASQUERADE
PreDown = ip6tables -t nat -D POSTROUTING -o <%= @pubint %> -j MASQUERADE
<% end %>