nodes['home.router'] = { 'hostname': '172.19.138.10', 'bundles': { 'iptables', 'pppd', 'dhcpd', }, 'groups': set(), 'metadata': { 'interfaces': { 'enp1s0.23': { 'ips': { '172.19.139.10/24', }, }, 'enp1s0.42': { 'ips': { '172.19.138.10/24', }, 'gateway4': '172.19.138.1', }, 'enp1s0.100': { 'ignore': True, }, }, 'backups': { 'exclude_from_backups': True, }, 'cron': { # Our internet provider resets the connection if you're # connected longer than 24 hours. We install this cronjob # to make sure we don't get disconnected randomly during the # day. 'restart_pppd': '23 2 * * * root systemctl restart pppoe', }, 'iptables': { 'custom_rules': [ 'iptables_both -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT', 'iptables_both -A FORWARD -i enp1s0.23 -o enp1s0.42 -j REJECT', 'iptables_both -A FORWARD -i enp1s0.23 -j ACCEPT', 'iptables_both -A FORWARD -i enp1s0.42 -j ACCEPT', ], }, 'pppd': { 'username': vault.decrypt('encrypt$gAAAAABfruZ5AZbgJ3mfMLWqIMx8o4bBRMJsDPD1jElh-vWN_gnhiuZVjrQ1-7Y6zDXNkxXiyhx8rxc2enmvo26axd7EBI8FqknCptXAPruVtDZrBCis4TE='), 'password': vault.decrypt('encrypt$gAAAAABfruaXEDkaFksFMU8g97ydWyJF8p2KcSDJJBlzaOLDsLL6oCDYjG1kMPVESOzqjn8ThtSht1uZDuMCstA-sATmLS-EWQ=='), 'interface': 'enp1s0.100', }, 'dhcpd': { 'subnets': { 'home': { 'subnet': '172.19.138.0', 'netmask': '255.255.255.0', 'range_lower': '172.19.138.100', 'range_higher': '172.19.138.250', 'interface': 'enp1s0.42', 'options': { 'routers': '172.19.138.1', 'domain-name-servers': '8.8.8.8, 8.8.4.4', 'domain-name': 'franzi-home.kunbox.net', 'broadcast-address': '172.19.138.255', 'subnet-mask': '255.255.255.0', }, 'default-lease-time': 300, 'max-lease-time': 1800, }, }, }, 'vm': { 'cpu': 2, 'ram': 2, }, }, 'os': 'debian', 'os_version': (10,), }