all:
  hosts:
    cp:
      ansible_host: 192.168.56.101
      is_nas: false
      hostname: cp
      wireguard_ip: 10.20.0.1
      k3s_label:
        - type=worker
        - size=wide
    vps:
      ansible_host: 192.168.56.102
      is_nas: false
      hostname: vps
      wireguard_ip: 10.20.0.2
      k3s_label:
        - type=outbound
  children:
    server:
      hosts:
        cp:
    agent:
      hosts:
        vps:
    k3s_cluster:
      children:
        server:
        agent:
  vars:
    k3s_version: v1.28.5+k3s1
    api_endpoint: "{{ hostvars[groups['server'][0]]['wireguard_ip'] | default(groups['server'][0]) }}"
    extra_server_args: "--disable traefik --advertise-address {{hostvars[inventory_hostname]['wireguard_ip']}} --flannel-iface wg0 --tls-san {{hostvars[inventory_hostname]['wireguard_ip']}} --disable servicelb {{ ['--node-label']|product(hostvars[inventory_hostname]['k3s_label'])|map('join', ' ')|join(' ') }}"
    extra_agent_args: "--flannel-iface wg0 --node-external-ip {{hostvars[inventory_hostname]['wireguard_ip']}} {{ ['--node-label']|product(hostvars[inventory_hostname]['k3s_label'])|map('join', ' ')|join(' ') }}"
    ufw_enabled: false
    wireguard_port: 51820
    wireguard_mask_bits: 8