first working version

tasks/main.yml

@@ -3,6 +3,7 @@
     name:
     - wireguard
     - wireguard-tools
+    - linux-headers-amd64
 
 - name: handle a wireguard network
   include_tasks: net.yml

tasks/net.yml

@@ -1,5 +1,5 @@
 - set_fact:
-    item: "{{ {}|combine(wireguard.defaults , {'name': conn.name}, item.value, recursive=True) }}"
+    item: "{{ {}|combine(wireguard.defaults , {'name': conn.key}, conn.value, recursive=True) }}"
 
 - name: generate interface config
   template:
@@ -9,4 +9,4 @@
 - name: generate wireguard config
   template:
     src: wireguard.conf.j2
-    dest: /etc/wireguard//wg_{{ item.name }}
+    dest: /etc/wireguard/wg_{{ item.name }}.conf

templates/networkinterface.j2

@@ -1,14 +1,20 @@
 auto wg_{{ item.name }}
-iface w_{{ item.name }} inet static
+iface wg_{{ item.name }} inet static
 {% for i in item.ip %}
 	address {{ i }}
-{% endif %}
+{% endfor %}
-	pre-up ip link add $IFACE type wireguard
+	pre-up ip link add $IFACE type wireguard || true
 	pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
+{% for i in item.route %}
+	up ip route add {{ i }} dev $IFACE
+{% endfor %}
 	post-down ip link del $IFACE
 
-iface w_{{ item.name }} inet6 static
+iface wg_{{ item.name }} inet6 static
 	# static IP address 
 {% for i in item.ip6 %}
 	address {{ i }}
-{% endif %}
+{% endfor %}
+{% for i in item.route6 %}
+	up ip -6 route add {{ i }} dev $IFACE
+{% endfor %}

templates/wireguard.conf.j2

@@ -1,11 +1,13 @@
 [Interface]
-Address = {{ (item.ip + item.ip6)|join(', ') }}
 ListenPort = {{ item.lport }}
 PrivateKey = {{ item.privkey }}
 
-{% for peer in item.peers %}
+{% for peername in item.peers %}
+{% set peer = {}|combine({'name': peername}, item.peers[peername]) %}
+
 [Peer]
+# {{ peer.name }}
 PublicKey = {{ peer.PublicKey }}
-AllowedIPs = {{ peer.AllowedIPs|join(', ') }}
+AllowedIPs = {{ peer.AllowedIPs|d(['0.0.0.0/0', '::/0'])|join(', ') }}
 {% if peer.Endpoint is defined %}Endpoint = {{ peer.Endpoint }}{% endif %}
 {% endfor %}