---
vm_host: sk-2019vm

install:
  host: "{{ vm_host }}"
  mem: 1024
  numcpu: 1
  disks:
    primary: /dev/sda
    scsi:
      sda:
        type: zfs
        pool: storage
        name: "{{ inventory_hostname }}"
        size: 5g
  interfaces:
  - bridge: br-public
    name: primary0
  autostart: False

network:
  nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}"
  domain: "{{ host_domain }}"
  systemd_link:
    interfaces: "{{ install.interfaces }}"
  primary:
    interface: primary0
    ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}"
    mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}"
    gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}"
    overlay: "{{ (hostvars[vm_host].vm_host.network.bridges.public.overlay.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.overlay.offsets[inventory_hostname])).split('/')[0] }}"

external_ip: "{{ network.primary.overlay }}"


wireguard_keys:
  elemedia:
    pub: "1GdTR5ehIcSVvwdWWsKitRjzcm1gY3Z9ASzJAuN7VH0="
    priv: "{{ vault_wireguard_priv_keys.elemedia }}"
  emc:
    pub: "xgBLLDTRrVxUG0BEr0gNQ6ofkXSRDQR7OXilxCCwtxs="
    priv: "{{ vault_wireguard_priv_keys.emc }}"

wireguard_gateway_tunnels:
  wg-elemedia:
    description: Elevate Media Server (media.elevate.at)
    priv_key: "{{ wireguard_keys.elemedia.priv }}"
    addresses:
    - 192.168.254.1/30
    ip_snat:
      interface: "{{ network.primary.interface }}"
      to: "{{ network.primary.overlay }}"
    port_forwardings:
    - dest: "{{ network.primary.overlay }}"
      tcp_ports:
        80: 192.168.254.2:80
        443: 192.168.254.2:443
        322: 192.168.254.2:222
    peers:
    - pub_key: "{{ hostvars['ele-media'].wireguard_keys.gwhetzner.pub }}"
      allowed_ips:
        - 192.168.254.2/32
  wg-emc:
    description: Elevate Media Channel
    priv_key: "{{ wireguard_keys.emc.priv }}"
    listen_port: 51821
    addresses:
    - 192.168.254.5/30
    ip_snat:
      interface: "{{ network.primary.interface }}"
      to: "{{ network.primary.overlay }}"
    port_forwardings:
    - dest: "{{ network.primary.overlay }}"
      tcp_ports:
        422: 192.168.254.6:222
    peers:
    - pub_key: "{{ hostvars['ele-router'].wireguard_keys.gwhetzner.pub }}"
      allowed_ips:
        - 192.168.254.6/32
        - 192.168.20.0/24