# --------------------------------------------------------------------------------------------------
# system:mail
# --------------------------------------------------------------------------------------------------
system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"

# --------------------------------------------------------------------------------------------------
# system:base
# --------------------------------------------------------------------------------------------------
system_base_additional_ssh_users:
  - "pod-rproxy"
system_base_additional_tcp_ports:
  - 80
  - 443
system_base_udp_ports:
  - 51820

# --------------------------------------------------------------------------------------------------
# vpn
# --------------------------------------------------------------------------------------------------
vpn_subnet_id: 1

# --------------------------------------------------------------------------------------------------
# vpn:wireguard
# --------------------------------------------------------------------------------------------------
vpn_wireguard_role: "server"
vpn_wireguard_interface_private_key: "{{ vault_vpn_wireguard_interface_private_key }}"
vpn_wireguard_clients:
  - public_key: "{{ vault_vpn_wireguard_clients_0_public_key }}"
    preshared_key: "{{ vault_vpn_wireguard_clients_0_preshared_key }}"
    subnet: "{{ hostvars.yggdrasil.vpn_bridge_prefix }}.0/24"

# --------------------------------------------------------------------------------------------------
# vpn:bridge
# --------------------------------------------------------------------------------------------------
vpn_bridge_dnat:
  - address: "{{ vpn_bridge_prefix }}.2"
    ports:
      - 80
      - 443