{{ ansible_managed | comment }}

{% macro iface_common(iface) %}
{% for address in iface.addresses | default([]) %}
address {{ address | ipaddr }}
{% endfor %}
{% for gateway in iface.gateways | default([]) %}
gateway {{ gateway | ipaddr }}
{% endfor %}
{% if iface.forward | default(false) %}
ip-forward yes
ip6-forward yes
{% endif %}
{% if iface.goto_table is defined %}
pre-up ip rule add iif $IFACE table {{ iface.goto_table }}
pre-up ip rule add iif $IFACE blackhole
post-down ip rule del iif $IFACE table {{ iface.goto_table }}
post-down ip rule del iif $IFACE blackhole
{% endif %}
{% if iface.ipv6_addrgen is defined %}
ipv6-addrgen {{ iface.ipv6_addrgen
	        | ternary("yes", "no") }}
{% endif %}
{% endmacro %}

{% for name, iface in ifupdown2__interfaces.items() %}
auto {{ name }}
iface {{ name }}
    {{ iface_common(iface) | indent(4) }}
{% if iface.bridge_ports is defined %}
    bridge-ports {{ iface.bridge_ports | join(" ") }}
{% endif %}
{% if iface.bridge_vlan_aware is defined %}
    bridge-vlan-aware {{ iface.bridge_vlan_aware
                         | ternary("yes", "no") }}
{% endif %}
{% if iface.bridge_vids is defined %}
    bridge-vids {{ iface.bridge_vids | join(",") }}
{% endif %}
{% if iface.vlan_id is defined %}
    vlan-id {{ iface.vlan_id | int }}
{% endif %}
{% if iface.vlan_raw_device is defined %}
    vlan-raw-device {{ iface.vlan_raw_device }}
{% endif %}
{% if iface.bridge_disable_pvid | default(false) %}
    bridge-pvid 0
    post-up bridge vlan del dev {{ name }} vid 1 self
{% endif %}

{% endfor %}

{% for name, iface in ifupdown2__wireguard.items() %}
auto {{ name }}
iface {{ name }}
    link-type wireguard
    {{ iface_common(iface) | indent(4) }}
    pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
{% for address in iface.peer_allowed_addresses | default([]) %}
    post-up ip route add {{ address }} dev $IFACE
{% endfor %}

{% endfor %}