---

headscale_url: 'https://{{ headscale_host }}'
headscale_base_domain: '{{ headscale_host }}'
headscale_base: '/etc/docker/compose/headscale'
headscale_port: '8080'
headscale_listen_addr: '0.0.0.0:{{ headscale_port }}'

headscale_dns_for_connected_clients_1: '{{ loadbalancer_ip }}'
headscale_dns_for_connected_clients_2: '1.0.0.1'

vpn_proxy_filter_container_name: 'headscale-proxy'
proxy_base: '/etc/docker/compose/proxy'

generate_api_key: '{{ homelab_build }}'
api_key_expiration: '2y'
generate_auth_key: '{{ homelab_build }}'
auth_key_expiration: '2y'
auth_key_user: 'pocketmonsters'

oauth_user_suffix: '@idm.{{ domain }}'

# being in this list just means you'll have access to your own devices.
# the vpn_users oauth claim decides whether or not you're authorized to actually
# use the vpn.
vpn_users:
  - liz
  - lucina
  - riley

# but... there's no way to membership sync the groups that i know of... D:
vpn_admins:
  - liz
  - lucina