{
  "groups": {
    "group:vpn_admins": [
{% for user in vpn_admins %}
      "{{ user }}@{{ oauth_user_suffix }}"{{ ", " if not loop.last else "" }}
{% endfor %}
    ]
  },
  "acls": [
{% for user in vpn_users %}
    {
      "action": "accept",
      "src": ["{{ user }}@{{ oauth_user_suffix }}"],
      "dst": ["{{ user }}@{{ oauth_user_suffix }}:*"]
    },
{% endfor %}
    {
      "action": "accept",
      "src": ["{{ auth_key_user }}@"],
      "dst": ["{{ auth_key_user }}@:*", "{{ loadbalancer_ip }}/32:*"]
    },
{% for user, m in mesh.items() %}
    {
      "action": "accept",
      "src": ["{{ user }}@{{ oauth_user_suffix }}"],
      "dst": ["{{ m.gateway }}/32:*"]
    },
{% endfor %}
    {
      "action": "accept",
      "src": ["group:vpn_admins"],
      "dst": [{% for user, m in mesh.items() %} "{{ m.gateway }}/32:*", {% endfor %} "{{ loadbalancer_ip }}/32:*"]
    }
  ]
}