Add wireguard configuration

templates/desktop/network/enp.network.j2

@@ -0,0 +1,7 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+
+[Match]
+Name=enp*
+
+[Network]
+DHCP=yes

templates/desktop/network/vmbr0.netdev.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+
+[NetDev]
+Name=vmbr0
+Kind=bridge

templates/desktop/network/vmbr0.network.j2

@@ -0,0 +1,10 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+
+[Match]
+Name=vmbr0
+
+[Network]
+Address=10.4.0.1/24
+DHCP=yes
+IPForward=yes
+ConfigureWithoutCarrier=yes

templates/desktop/network/wg0.netdev.j2

@@ -0,0 +1,24 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+
+[NetDev]
+Name={{ vpn_interface }}
+Kind=wireguard
+Description=WireGuard tunnel {{ vpn_interface }}
+
+[WireGuard]
+# PrivateKeyFile option does not seem to work, perhaps a bug?
+PrivateKey={{ vpn_private_key }}
+
+{% for peer in vpn_peers %}
+[WireGuardPeer]
+PublicKey={{ peer.public_key }}
+# PresharedKeyFile option does not seem to work, perhaps a bug?
+PresharedKey={{ peer.preshared_key }}
+AllowedIPs={{ peer.allowd_ips }}
+{% if peer.endpoint %}
+Endpoint={{ peer.endpoint }}
+{% endif %}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}

templates/desktop/network/wg0.network.j2

@@ -0,0 +1,7 @@
+# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
+
+[Match]
+Name={{ vpn_interface }}
+
+[Network]
+Address={{ vpn_ip }}/{{ vpn_subnet }}