homelab/ansible/host_vars/merlin

---
ansible_host: 10.0.0.4
#ansible_host: 65.21.2.14
default_interface: "ens3"
nfs_iface: "wg0"
wireguard_address: "10.0.0.4/24"
wireguard_endpoint: "65.21.2.14"
wireguard_persistent_keepalive: "20"
wireguard_byhost_allowed_ips:
  oscar: "0.0.0.0/0"
  bleys: "0.0.0.0/0"
wireguard_allowed_ips: "10.0.0.4/32,10.0.0.3,10.0.0.5"

wireguard_postup:
  - iptables -A FORWARD -o %i -j ACCEPT
  - iptables -A FORWARD -i %i -j ACCEPT
  - iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE
  - sysctl -w net.ipv4.ip_forward=1
  - resolvectl dns %i 192.168.1.4 192.168.1.41; resolvectl domain %i '~ducamps.win' '~ducamps.eu' '~{{ consul_domain }}'

wireguard_postdown:
  - iptables -D FORWARD -i %i -j ACCEPT
  - iptables -D FORWARD -o %i -j ACCEPT
  - iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE
  - sysctl -w net.ipv4.ip_forward=0

wireguard_unmanaged_peers:
  phone:
    public_key: IYKgrQ2VJUbOnupSqedOfIilsbmBBABZUTRF9ZoTrkc=
    allowed_ips: 10.0.0.3/32
    persistent_keepalive: 0
  zen:
    public_key: rYYljQw8InmM95pxCP9KyZ8R+kcicgnjr6E9qtkI1Ag=
    allowed_ips: 10.0.0.5/32
    persistent_keepalive: 0
wireguard_dns: "192.168.1.4,192.168.1.41"
consul_client_addr: "127.0.0.1 10.0.0.4"
consul_bind_address: "10.0.0.4"
consul_ui: True
consul_iface: "wg0"
nomad_bind_addr: "10.0.0.4"
nomad_host_networks:
  - name: "private"
    interface: wg0
  - name: "public"
    interface: ens3
  - name: "default"
    interface: wg0
vault_listener_address: 10.0.0.4
nomad_plugins_podman: True