homelab/ansible/inventory/full/group_vars/vpn/main.yml

# Directory to store WireGuard configuration on the remote hosts
wireguard_remote_directory: /etc/wireguard

wireguard_interface_restart: false
wireguard_service_enabled: false
wireguard_service_state: started

# Keep the NAT mapping open. Should only be needed for server -> client, but
# if the server disconnects, we may never be able to re-establish a connection.
# So this is on both client and server just in case that happens.
wireguard_persistent_keepalive: 25

wireguard_ipv6_subnet: "fde0:fb5b:2593::/64"
# Setting this here doesn't seem to work. We set it in a playbook later
# public_ipv6_subnet: "{{ hostvars[groups['embassy'][0]].ipv6_subnet }}"

# We can generate this dynamically, but it really doesn't seem like it's worth
# the work.
nat_map:
  moirai-clotho.local:
    vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('16') | ansible.utils.ipaddr('address') }}"
    vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('16') | ansible.utils.ipaddr('address') }}"

  moirai-lachesis.local:
    vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('17') | ansible.utils.ipaddr('address') }}"
    vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('17') | ansible.utils.ipaddr('address') }}"

  moirai-atropos.local:
    vpn_ipv6: "{{ wireguard_ipv6_subnet | ansible.utils.ipaddr('18') | ansible.utils.ipaddr('address') }}"
    vps_ipv6: "{{ public_ipv6_subnet | ansible.utils.ipaddr('18') | ansible.utils.ipaddr('address') }}"