# wireguard dcontroller configuration ~~ /etc/wireguard/*.conf
# managed by Ansible
{% set dcontroller_keys = lookup("file", wg_dcontroller_keys).splitlines() %}

[Interface]
Address = {{ ip.in }}/24, fd00::1/128
ListenPort = 53
PrivateKey = {{ dcontroller_keys[0] }}

{% for host in groups["all"] %}
{% set host = hostvars[host] %}
{##}
{% if host.ansible_host != global.dcontroller and host.ip is defined %}
{% set host_keys = lookup("file", wg_dir + "/" + host.ansible_host + ".keys").splitlines() %}
# {{ host.ansible_host }}
[Peer]
PublicKey = {{ host_keys[1] }}
AllowedIPs = {{ host.ip.in }}/32, fd00:10:10::{{ host.ip.in.split('.')[3] }}/128

{% endif %}
{% endfor %}