--- install: vm: mem: 1024 numcpu: 1 autostart: False disks: primary: /dev/sda scsi: sda: type: zfs name: root size: 5g interfaces: - bridge: br-public name: primary0 network: nameservers: "{{ vm_host.network.dns }}" domain: "{{ host_domain }}" systemd_link: interfaces: "{{ install.interfaces }}" primary: &_network_primary_ name: primary0 address: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address/prefix') }}" gateway: "{{ vm_host.network.bridges.public.prefix | ipaddr(vm_host.network.bridges.public.offsets[vm_host.name]) | ipaddr('address') }}" overlay: "{{ (vm_host.network.bridges.public.overlay.prefix | ipaddr(vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}" interfaces: - *_network_primary_ external_ip: "{{ network.primary.overlay }}" wireguard_keys: elemedia: pub: "1GdTR5ehIcSVvwdWWsKitRjzcm1gY3Z9ASzJAuN7VH0=" priv: "{{ vault_wireguard_priv_keys.elemedia }}" emc: pub: "xgBLLDTRrVxUG0BEr0gNQ6ofkXSRDQR7OXilxCCwtxs=" priv: "{{ vault_wireguard_priv_keys.emc }}" wireguard_gateway_tunnels: wg-elemedia: description: Elevate Media Server (media.elevate.at) priv_key: "{{ wireguard_keys.elemedia.priv }}" addresses: - 192.168.254.1/30 ip_snat: interface: "{{ network.primary.name }}" to: "{{ network.primary.overlay }}" port_forwardings: - dest: "{{ network.primary.overlay }}" tcp_ports: 80: 192.168.254.2:80 443: 192.168.254.2:443 322: 192.168.254.2:222 peers: - pub_key: "{{ hostvars['ele-media'].wireguard_keys.gwhetzner.pub }}" allowed_ips: - 192.168.254.2/32 wg-emc: description: Elevate Media Channel priv_key: "{{ wireguard_keys.emc.priv }}" listen_port: 51821 addresses: - 192.168.254.5/30 ip_snat: interface: "{{ network.primary.name }}" to: "{{ network.primary.overlay }}" port_forwardings: - dest: "{{ network.primary.overlay }}" tcp_ports: 422: 192.168.254.6:222 peers: - pub_key: "{{ hostvars['ele-router'].wireguard_keys.gwhetzner.pub }}" allowed_ips: - 192.168.254.6/32 - 192.168.20.0/24