{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
{% set mac = '0211' + ip4hex -%}
#
# {{ ansible_managed }}
#
log level warn;
hide ip addresses yes;
hide mac addresses yes;

method "salsa2012+umac";

interface "{{ item.key }}VPN";

bind {{ ansible_default_ipv4.address | ipaddr('public') }}:100{{ item.value.site_number }};
bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:100{{ item.value.site_number }};

include "secret.conf";
mtu 1406;

peer group "vpn_nodes" {
    include "peer_limit.conf";
    include peers from "peers";
{% if item.key == "mz" %}
    include peers from "peers_bingen";
{% endif %}
}

peer group "servers" {
    include peers from "peers/servers";
}

on up "
    ip link set $INTERFACE down
    ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
    ip link set $INTERFACE up

    batctl -m {{ item.key }}BAT if add $INTERFACE
";

on down "
    batctl -m {{ item.key }}BAT if del $INTERFACE
";

status socket "/var/run/fastd-{{ item.key }}VPN.status";