diff --git a/defaults/main.yml b/defaults/main.yml
index c5f80cb..bf829dc 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -8,6 +8,8 @@
 # the parent directory is writable by the user that runs "ansible-playbook"
 # command.
 wireguard_cert_directory: "{{ '~/wireguard/certs' | expanduser }}"
+wireguard_cert_owner: "root"
+wireguard_cert_group: "root"
 
 # Directory to store Wireguard configuration on the remote hosts
 wireguard_remote_directory: "/etc/wireguard"
diff --git a/tasks/main.yml b/tasks/main.yml
index 4a6f108..a093262 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,4 +1,7 @@
 ---
+- name: Gather instance facts
+  setup:
+
 - include_tasks: "setup-{{ansible_os_family|lower}}.yml"
 
 - name: Install WireGuard
@@ -90,7 +93,7 @@
     module: template
     src: "wg-privatekey.j2"
     dest: "{{private_key_file_path}}"
-    mode: 0600
+    mode: 0644
   when: private_key_file_stat.stat.exists == False
   tags:
     - wg-generate-keys
@@ -100,18 +103,18 @@
     module: template
     src: "wg-publickey.j2"
     dest: "{{public_key_file_path}}"
-    mode: 0600
+    mode: 0644
   when: private_key_file_stat.stat.exists == False
   tags:
     - wg-generate-keys
 
-- name: Read private key from local filesystem
+- name: Read private key
   set_fact:
     private_key: "{{lookup('file', private_key_file_path)}}"
   tags:
     wg-config
 
-- name: Read public key from local filesystem
+- name: Read public key
   set_fact:
     public_key: "{{lookup('file', public_key_file_path)}}"
   tags:
@@ -128,14 +131,14 @@
 - name: Generate WireGuard configuration file
   template:
     src: wg-fullmesh.conf.j2
-    dest: "{{wireguard_remote_directory}}/wg0.conf"
+    dest: "{{wireguard_remote_directory}}/{{wireguard_interface}}.conf"
     owner: root
     group: root
     mode: 0600
-  notify:
-    - restart wireguard
   tags:
     - wg-config
+  notify:
+    - restart wireguard
 
 - name: Start and enable WireGuard service
   service:
diff --git a/templates/wg-fullmesh.conf.j2 b/templates/wg-fullmesh.conf.j2
index f61ba9f..dde5e67 100644
--- a/templates/wg-fullmesh.conf.j2
+++ b/templates/wg-fullmesh.conf.j2
@@ -1,14 +1,19 @@
-#jinja2: trim_blocks:False
+#jinja2: lstrip_blocks:"True",trim_blocks:"True"
 [Interface]
-Address = {{vpn_ip}}
+Address = {{hostvars[inventory_hostname].wireguard_ip}}
 PrivateKey = {{private_key}}
 ListenPort = {{wireguard_port}}
 
 {% for host in groups["vpn"] %}
-  {%- if host != inventory_hostname -%}
+  {% if host != inventory_hostname %}
     [Peer]
-    PublicKey = {{hostvars[host]['public_key']}}
-    AllowedIPs = {{hostvars[host]['vpn_ip']}}/32
+    PublicKey = {{hostvars[host].public_key}}
+    AllowedIPs = {{hostvars[host].wireguard_ip}}/32
+    {% if hostvars[host].wireguard_endpoint is not defined %}
     Endpoint = {{host}}:{{wireguard_port}}
-  {%- endif -%}
+    {% elif hostvars[host].wireguard_endpoint != "" %}
+    Endpoint = {{hostvars[host].wireguard_endpoint}}:{{wireguard_port}}
+    {% endif %}
+
+  {% endif %}
 {% endfor %}