---

remote_user: josiah
gather_facts: True
source_os: arch
become: yes
create_user: josiah
ansible_become_pass: "{{ vault_ansible_become_pass }}"

# all of this is stolen from mrled, because fuck this is way better than what i was doing.
# Wireguard docs
# TODO: lookup plugin to generate the pubkey from the privkey
# TODO: set all these as hostvars, use hostvars['HOSTNAME'].wireguard_privkey etc
#       (should be ok even for e.g. glitch, which doesn't get provisioned from Ansible)
# To generate the keys:
# - wg genkey | tee privatekey | wg pubkey > publickey
# - save the privkey in the vault and the pubkey here
# - Delete the privatekey and publickey files
wireguard_vpn_network: 10.200.219.0/24
wireguard_server_privkey: "{{ vault_wireguard_server_privkey }}"
wireguard_server_pubkey: e49UyNg/kqPETyT9K6nqIYjtTwlR8hY8Brm/P66xnmo=
wireguard_server_offset: 1
wireguard_clients:
  - name: matrix
    offset: 10
    privkey: "{{ vault_wireguard_client_privkey_matrix }}"
    pubkey: lNoFqmeHfSDb/VB0mutpFzb4cZELOjSVOYQCLEfQIRU=
  - name: pvl
    offset: 11
    privkey: "{{ vault_wireguard_client_privkey_pvl }}"
    pubkey: l/j+UXtrxTqqTTjxjgheQ3B2QppZWs07na4GypZw9GM=
  - name: ling8
    offset: 12
    privkey: "{{ vault_wireguard_client_privkey_ling8 }}"
    pubkey: YqGQE6yUz6rjBFRWgZyj5mPEaGavxrmO/cclO5o+VBQ=
  - name: hatchery
    offset: 13
    privkey: "{{ vault_wireguard_client_privkey_hatchery }}"
    pubkey: kguQg0CvB7N1fJDO8i0Nj4C1cUKUsawfHyArwiaGxis=
  - name: frisket
    offset: 14
    privkey: "{{ vault_wireguard_client_privkey_frisket }}"
    pubkey: z5ogJTRX4K5evGOntpkIVopZFUVeTzAOaBtRS0K71TU=
# mojos
slack_bot_token: "{{ VAULT_SLACK_BOT_TOKEN }}"