1_main.yml

---

# default config => is overwritten by provided config
defaults_wg:
  topologies: {}
  purge_orphaned_tunnels: true
  path_keys: "{{ WG_HC.path_config }}/keys"
  controller_key_store: "{{ role_path }}/files/keys"
  support:
    dns: false
    traffic_forwarding: false
  log_prefix: 'wireguard'
  restart_on_change: false  # allow the wg-services to be restarted on changes
  continuous_installs: 50
  int_prefix:
    single: 'wgs'
    star: 'wgx'
    mesh: 'wgm'
  dynamic_contact_sleep: 30
  debug: false  # enable debug mode until reboot

defaults_topology:
  type: 'single'  # single/star/mesh
  peers: {}
  psk: true
  NATed: false  # alternative switch to enable keepalive topology-wide
  Route: false  # alternative switch to auto-add routes topology-wide

defaults_local:
  peers: {}
  ListenPort: "{{ WG_HC.default_port }}"
  Address: ['']
  FwMark: ''
  DNS:
    - '1.1.1.1'
    - '8.8.8.8'
  MTU: 1420
  PreUp: []
  PostUp: []
  PreDown: []
  PostDown: []
  Table: 'off'
  # set to number (p.e. 1000) to enable auto-added routes
  # if you do so, you will most probably need to modify your peers 'AllowedIPs' or lock yourself out (;
  TablePref: ''
  # set to number between 1 and 32765 as a preference for the given routing table
  # cmd: "ip rule add to all lookup {{ wg_local.Table }}{% if wg_local.TablePref %} pref {{ wg_local.TablePref }}"
  # cmd del: "ip route del prio {{ wg_local.TablePref }}"
  Route: false  # alternative switch to auto-add routes
  NATed: false  # alternative switch to enable keepalive
  role: 'edge'  # center/edge

defaults_peer:
  Endpoint: ''
  ListenPort: "{{ WG_HC.default_port }}"
  AllowedIPs:
    - '0.0.0.0/0'
    - '::/0'
  PersistentKeepalive: 0  # set to 5 if the connection is NATed
  NATed: false  # alternative switch to enable keepalive
  role: 'edge'  # center/edge