wireguard: add nft rules for NAT

roles/vpn-server-wireguard/tasks/templates/nftables.conf

@@ -0,0 +1,30 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority filter;
+	}
+	chain forward {
+		type filter hook forward priority filter;
+	}
+	chain output {
+		type filter hook output priority filter;
+	}
+}
+
+# TODO: just add this under the already existing filecontent
+
+add table wireguard-nat
+
+table inet wireguard-nat {
+        chain prerouting {
+                type nat hook prerouting priority -100; policy accept;
+        }
+
+        chain postrouting {
+                type nat hook postrouting priority 100; policy accept;
+                oifname "ens6" masquerade
+        }
+}