[Interface]
PrivateKey = {{ wireguard_server_privkey }}
{#
    We want the Address field here to be an IP address
    with the whole network in CIDR notation, like 10.0.0.1/24.

    If wireguard_vpn_network is a CIDR network like 10.0.0.0/24,
    and wireguard_server_offset is an integer like 1,
    this will produce an offset of the start of the network + CIDR prefix,
    which in this case will be the desired 10.0.0.1/24.
#}
Address = {{ wireguard_vpn_network | ipaddr(wireguard_server_offset) }}
ListenPort = {{ wireguard_server_listen_port }}

PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE

{% for client in wireguard_clients %}
[Peer]
# {{ client.name }}
PublicKey = {{ client.pubkey }}
{#
    We want the Address field here to be an IP address
    withOUT the whole network in CIDR notation, like 10.0.0.15/32.

    If wireguard_vpn_network is a CIDR network like 10.0.0.0/24,
    and client.offset is an integer like 15,
    this will produce an offset of the start of the network with a /32 CIDR prefix
    which in this case will be the desired 10.0.0.15/32.
#}
{% if client.name == 'larva' %}
AllowedIPs = {{ wireguard_vpn_network | ipsubnet(32, client.offset) }}, 192.168.0.0/16
    
{% else %}
AllowedIPs = {{ wireguard_vpn_network | ipsubnet(32, client.offset) }} 
    
{% endif %}
{% endfor %}