---
default_interface: "enp2s0"
consul_iface: "{{ default_interface}}"
vault_iface: "{{ default_interface}}"

wireguard_address: "10.0.0.2/24"
wireguard_byhost_allowed_ips:
  merlin: 10.0.0.2,192.168.1.40
  corwin: 10.0.0.2,192.168.1.40
perrsistent_keepalive: "30"
wireguard_endpoint: ""

wireguard_postup:
  - iptables -A FORWARD -i wg0 -j ACCEPT
  - iptables -A FORWARD -o wg0 -j ACCEPT
  - iptables -t nat -A POSTROUTING -o {{ default_interface }} -j MASQUERADE

wireguard_postdown:
  - iptables -D FORWARD -i wg0 -j ACCEPT
  - iptables -D FORWARD -o wg0 -j ACCEPT
  - iptables -t nat -D POSTROUTING -o {{ default_interface }} -j MASQUERADE

partition_table:
  - device: "/dev/sda"
    label: gpt
    settings:
      - number: 1
        part_end: 300MB
        flags: [boot, esp]
        fstype: vfat
        format: yes
      - number: 2
        part_start: 512MB
        part_end: 1524MB
        flags: []
        fstype: swap
        format: yes
      - number: 3
        part_start: 1524MB
        flags: [lvm]
        fstype: ext4
        format: yes
  #- device: "/dev/sdb"
  #settings:
  #- number: 1
  #name: home
  #fstype: ext4
  #format:
mount_table:
  - device: "/dev/sda"
    settings:
      - number: 3
        mountpath: /mnt
        fstype: ext4
      - number: 1
        mountpath: /mnt/boot
        fstype: vfat

#need vfat boot partition with esp label
provissionning_UEFI_Enable: True