| Field | Type | Description | Value(s) |
|---|---|---|---|
| `name` | string | Name of the Wireguard link (interface). | |
| `privateKey` | string | Specifies a private key configuration (base64 encoded). Can be generated by `wg genkey`. |
|
| `listenPort` | int | Specifies a device's listening port (UDP). If not specified, a random port will be chosen. |
|
| `firewallMark` | int | Specifies a device's firewall mark. Useful for advanced routing setups, marking packets originating from this device. |
|
| `peers` | WireguardPeer | Specifies a list of peer configurations to apply to a device. | |
| `up` | bool | Bring the link up or down. If not specified, the link will be brought up. |
|
| `mtu` | uint32 | Configure LinkMTU (Maximum Transmission Unit) for the link. If not specified, the system default LinkMTU will be used (usually 1500). |
|
| `addresses` | AddressConfig | Configure addresses to be statically assigned to the link. | |
| `routes` | RouteConfig | Configure routes to be statically created via the link. | |
| `multicast` | bool | Set the multicast capability of the link. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `publicKey` | string | Specifies the public key of this peer. Can be extracted from private key by running `wg pubkey < private.key`. |
|
| `presharedKey` | string | Specifies the preshared key for this peer (base64 encoded). Can be generated by `wg genpsk`. Optional, this key provides an additional layer of symmetric-key cryptography to the peer connection. |
|
| `endpoint` | AddrPort | Specifies the endpoint of this peer entry. Format: {"<"}IP address{">"}:{"<"}port{">"}. If not set, the peer should connect to us without us connecting to it first. |
|
| `persistentKeepaliveInterval` | Duration | Specifies the persistent keepalive interval for this peer. Field format accepts any Go time.Duration format ('1h' for one hour, '10m' for ten minutes). |
|
| `allowedIPs` | \[]Prefix | AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer. These IPs will be routed to this peer, and defines which IPs this peer is allowed to use. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `address` | Prefix | IP address to be assigned to the link. This field must include the network prefix length (e.g. /24 for IPv4, /64 for IPv6). |
|
| `routePriority` | uint32 | Configure the route priority (metric) for routes created for this address. If not specified, the system default route priority will be used. |
| Field | Type | Description | Value(s) |
|---|---|---|---|
| `destination` | Prefix | The route's destination as an address prefix. If not specified, a default route will be created for the address family of the gateway. |
|
| `gateway` | Addr | The route's gateway (if empty, creates link scope route). | |
| `source` | Addr | The route's source address (optional). | |
| `metric` | uint32 | The optional metric for the route. | |
| `mtu` | uint32 | The optional MTU for the route. | |
| `table` | RoutingTable | The routing table to use for the route. If not specified, the main routing table will be used. |