hostname = "172.19.138.22"
groups = ["debian-bookworm"]
bundles = ["docker-engine", "nginx", "redis"]

[metadata]
icinga_options.exclude_from_monitoring = true

[metadata.docker-engine.config]
# this is a dev machine, it's fine if docker does shenanigans with
# iptables
iptables = true

[metadata.interfaces.eno3]
ips = [
    "172.19.138.22/24",
]
gateway4 = "172.19.138.1"
ipv6_accept_ra = true

[metadata.nftables.forward]
50-local-forward = [
    'ct state { related, established } accept',
    'iifname eno3 accept',
    'ip6 nexthdr ipv6-icmp accept',
]

[metadata.users.molly]
password = "!decrypt:dummy$no"

[metadata.vm]
cpu = 56
ram = 128