---

headscale_url: 'https://{{ headscale_host }}'
headscale_base_domain: '{{ headscale_nodes_domain }}'
headscale_base: '/etc/docker/compose/headscale'
headscale_port: '8080'
headscale_metrics_port: '5577'
headscale_listen_addr: '0.0.0.0:{{ headscale_port }}'
headscale_metrics_listen_addr: '0.0.0.0:{{ headscale_metrics_port }}'

headscale_dns_for_connected_clients:
#  - '{{ mesh.lucina.gateway }}'
  - '{{ mesh.liz.gateway }}'
  - '1.0.0.1'
  - '8.8.8.8'

vpn_proxy_filter_container_name: 'headscale-proxy'
proxy_base: '/etc/docker/compose/proxy'

generate_api_key: '{{ homelab_build }}'
api_key_expiration: '2y'
generate_auth_key: '{{ homelab_build }}'
auth_key_expiration: '2y'
auth_key_user: 'pocketmonsters'

oauth_user_suffix: '{{ idm_domain }}'

# being in this list just means you'll have access to your own devices.
# the vpn_users oauth claim decides whether or not you're authorized to actually
# use the vpn.
vpn_users:
  - liz
  - lucina
  - riley

# but... there's no way to membership sync the groups that i know of... D:
vpn_admins:
  - liz
  - lucina