#
# {{ ansible_managed }}
#
{% if debug_fastd %}
log level debug;
{% else %}
log level warn;
{% endif %}
hide ip addresses yes;
hide mac addresses yes;

method "salsa2012+umac";

interface "{{ item.0.id }}vpn-{{ item.1.mtu }}";

bind {{ ansible_default_ipv4.address | ipaddr('public') }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:10{{ item.1.id }}{{ '%02d' % item.0.domain_number }};

secret "{{ lookup('passwordstore', item.1.pass + '/' + inventory_hostname_short + ' subkey=secret') }}";

mtu {{ item.1.mtu }};

on up "/bin/systemctl reload networking";

on verify "{{ gopath }}/bin/fastd-limiter verify $PEER_KEY";

status socket "/var/run/fastd-{{ item.0.id }}vpn-{{ item.1.mtu }}.status";