Wireguard: More Peer Config

coreos-config/roles/compose_project/templates/wireguard/docker-compose.yaml

@@ -25,12 +25,9 @@ services:
     restart: unless-stopped
     networks:
       - default
-      - gateway
       - internal_services
 
 networks:
-  gateway:
-    external: true
   internal_services:
     name: internal_services
     internal: true

coreos-config/roles/compose_project/templates/wireguard/wg0.conf

@@ -1,11 +1,12 @@
 [Interface]
-Address = 10.2.0.1/16
+{% for addr in wireguard.cidr %}
-Address = fd10:4000::1/32
+Address = {{ addr }}
+{% endfor %}
 MTU = 1420
 SaveConfig = true
 PostUp = iptables -A FORWARD -i wg0 -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; ip6tables -A FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 PostDown = iptables -D FORWARD -i wg0 -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE; ip6tables -D FORWARD -i wg0 -j ACCEPT; ip6tables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
-ListenPort = 51820
+ListenPort = {{ wireguard.port }}
 PrivateKey = {{ wireguard.private_key }}
 
 {% for peer in wireguard_peers %}
@@ -13,5 +14,11 @@ PrivateKey = {{ wireguard.private_key }}
 [Peer]
 PublicKey = {{ peer.pubkey }}
 AllowedIPs = {{ peer.allowedips | join(", ") }}
+{% if peer.endpoint is defined %}
+Endpoint = {{ peer.endpoint }}
+{% endif %}
+{% if peer.keepalive is defined %}
+PersistentKeepalive = {{ peer.keepalive }}
+{% endif %}
 
 {% endfor %}