Wait for /run/xtables.lock for wireguard rules

When box is restarted seems like there is a race to take iptables lock
file and some units can not start because of that.

In the log error looks like this.

    Can't lock /run/xtables.lock: Resource temporarily unavailable
    Another app is currently holding the xtables lock. Perhaps you want
    to use the -w option?

Take iptables suggestion and wait for the xtables lock.

Downside is if something is not going to release the lock, then we stall
forever.

1 files changed, 3 insertions, 3 deletions

diff --git a/roles/wgvpn/templates/wgvpn0.conf.j2 b/roles/wgvpn/templates/wgvpn0.conf.j2
index d70832c..090d4b2 100644
--- a/roles/wgvpn/templates/wgvpn0.conf.j2
+++ b/roles/wgvpn/templates/wgvpn0.conf.j2
@@ -3,9 +3,9 @@ PrivateKey = {{ wireguard_private_key }}
 Address = 10.0.1.1/24
 ListenPort = 51821
 
-PostUp = iptables -A FORWARD -i %i -j ACCEPT
-PostUp = iptables -A FORWARD -o %i -j ACCEPT
-PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+PostUp = iptables --wait -A FORWARD -i %i -j ACCEPT
+PostUp = iptables --wait -A FORWARD -o %i -j ACCEPT
+PostUp = iptables --wait -t nat -A POSTROUTING -o eth0 -j MASQUERADE
 
 PostDown = iptables -D FORWARD -i %i -j ACCEPT
 PostDown = iptables -D FORWARD -o %i -j ACCEPT