[NetDev]
Name=wgs0

Description=Wireguard Server Peer

Kind=wireguard

[WireGuard]

# Port to listen on.
ListenPort=500

# I usually set this to the port number above it's not really needed
# but useful for firewalls.
FirewallMark=500

# The Base64 encoded private key for the interface. It can be generated
# using the wg genkey command (see wg(8)). This option or
# PrivateKeyFile= is mandatory to use WireGuard. Note that because this
# information is secret, you may want to set the permissions of the
# .netdev file to be owned by "root:systemd-network" with a "0640" file
# mode.
PrivateKey=<KEY>

# Public key for the above private key. Only here as a reminder.
# systemd will ignore if uncommented.
#PublicKey=<PUBKEY>

# Your Peers.
[WireGuardPeer]

# Base64 encoded public key calculated by wg pubkey (see wg(8)) from a
# private key, and usually transmitted out of band to the author of the
# configuration file. This option is mandatory for this section.
PublicKey=<KEY>

# Comma-separated list of IP addresses with CIDR masks from which this
# peer is allowed to send incoming traffic and to which outgoing traffic
# for this peer is directed.
AllowedIPs=10.0.0.1.2/32