---
all:
  hosts:
    frame1:
      ansible_host: 192.168.0.11
    dispatcher:
      ansible_connection: local
dispatchers:
  hosts:
    dispatcher:
frames:
  hosts:
    frame1:
  vars:
    frame_timezone: UTC
    monit_wireguard: true
    monit_wireguard_ip: 192.168.254.1
    rtty_server: 192.168.254.1
    munin_server: 192.168.254.1
    wireguard_postup:
      - ip route add 192.168.254.0/24 dev wg0
    wireguard_postdown:
      - ip route del 192.168.254.0/24 dev wg0
wg:
  hosts:
      frame1:
        wireguard_address: 192.168.254.11/32
      dispatcher:
        containerized: true
        wireguard_containerized: "{{ containerized }}"
        wireguard_remote_directory: "/opt/wireguard"
        wireguard_address: 192.168.254.1/32
        wireguard_allowed_ips: "192.168.254.0/24"
        wireguard_postup:
          - ip route add 192.168.254.0/24 via 192.168.254.1 dev wg0
          - iptables -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
          - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
        wireguard_postdown:
          - ip route del 192.168.254.0/24 via 192.168.254.1 dev wg0
          - iptables -D -t nat -A PREROUTING -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -D -A FORWARD -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
          - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 192.168.254.0/24 -j ACCEPT
          - iptables -D -A INPUT -i wg0 -s 192.168.254.0/24 -d 0.0.0.0/0 -j DROP
  vars:
    wireguard_table: "off"
    wireguard_port: 51821
    wireguard_endpoint: 192.168.0.2
    wireguard_persistent_keepalive: 30