# Directory to store WireGuard configuration on the remote hosts
wireguard_remote_directory: /etc/wireguard

wireguard_interface_restart: false
# wireguard_service_enabled: false
# wireguard_service_state: stopped
wireguard_service_enabled: true
wireguard_service_state: started

# We need to keep the NAT mapping open:
# https://www.wireguard.com/quickstart/#nat-and-firewall-traversal-persistence
# It seems like we do need this on the server for server->client, but it's
# being omitted currently. See the issue I opened:
# https://github.com/githubixx/ansible-role-wireguard/issues/217#issue-2871281915
wireguard_persistent_keepalive: 25

wireguard_ipv6_subnet: "fde0:fb5b:2593::/64"
wireguard_ipv4_subnet: "10.4.4.0/24"
# Setting this here doesn't seem to work. We set it during runtime later
# public_ipv6_subnet: "{{ hostvars[groups['embassy'][0]].ipv6_subnet }}"

# We can generate this dynamically, but it really doesn't seem like it's worth
# the work.
nat_map:
  moirai-clotho.local:
    vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('16') }}"
    vpn_ipv4: "{{ wireguard_ipv4_subnet | ansible.utils.ipaddr('16') }}"
    vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('16') }}"
    vps_ipv4: "{{ ansible_default_ipv4.address }}"

    # With IPv6, we don't have to map different internal/external ports because
    # we have separate port spaces on separate IPv6 addresses
    ipv6_port_ranges:
      # Anything that's accepted into the --dport argument of iptables is a
      # valid entry.
      - 2022
      - 16261:16262
      - 20000:20100

    # With IPv4, we do, because we share a single public IPv4 address
    # ipv4_port_mapping:
      # - external_port: 20050
        # internal_port: 20050

  moirai-lachesis.local:
    vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('17') }}"
    vpn_ipv4: "{{ wireguard_ipv4_subnet | ansible.utils.ipaddr('17') }}"
    vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('17') }}"
    vps_ipv4: "{{ ansible_default_ipv4.address }}"

    ipv6_port_ranges:
      - 2022
      - 16261:16262
      - 20000:20100

    ipv4_port_mapping:
      # Project Zomboid
      - external_port: 16261
        internal_port: 16261
      - external_port: 16262
        internal_port: 16262

  moirai-atropos.local:
    vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('18') }}"
    vpn_ipv4: "{{ wireguard_ipv4_subnet | ansible.utils.ipaddr('18') }}"
    vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('18') }}"
    vps_ipv4: "{{ ansible_default_ipv4.address }}"

    ipv6_port_ranges:
      - 2022
      - 16261:16262
      - 20000:20100