---
systemd_dir: "/etc/systemd/system"
k3s_version: v1.31.4+k3s1
api_endpoint: "{{ hostvars[groups['server'][0]]['wireguard_ip'] | default(groups['server'][0]) }}"
extra_server_args: >
  --disable traefik
  --disable servicelb
  --flannel-iface=wg0
  --advertise-address={{hostvars[inventory_hostname]['wireguard_ip']}}
  --tls-san={{hostvars[inventory_hostname]['wireguard_ip']}},{{hostvars[inventory_hostname]['ansible_host']}}
  {{ ['--node-label']|product(hostvars[inventory_hostname]['k3s_label'])|map('join', ' ')|join(' ') }}
  --kube-apiserver-arg enable-admission-plugins=NamespaceLifecycle,DefaultTolerationSeconds
  --kube-apiserver-arg default-not-ready-toleration-seconds=300
  --kube-apiserver-arg default-unreachable-toleration-seconds=300
extra_agent_args: >
  --flannel-iface wg0 
  --node-external-ip {{hostvars[inventory_hostname]['wireguard_ip']}} 
  {{ ['--node-label']|product(hostvars[inventory_hostname]['k3s_label'])|map('join', ' ')|join(' ') }}
ansible_python_interpreter: /usr/bin/python3
ansible_ssh_port: 22
ufw_enabled: false
wireguard_port: 51820
wireguard_mask_bits: 8