kp_wireguard/vg/playbooks/templates/server_wg0.conf

[Interface]
PrivateKey = {{ root_node_private_key }}
Address = 10.6.0.1/24
ListenPort = 51820
SaveConfig = true

PostUp = ufw route allow in on wg0 out on {{ server_public_interface }}
PostUp = iptables -t nat -I POSTROUTING -o {{ server_public_interface }} -j MASQUERADE
PreDown = ufw route delete allow in on wg0 out on {{ server_public_interface }}
PreDown = iptables -t nat -D POSTROUTING -o {{ server_public_interface }} -j MASQUERADE