- hosts: all
  become: yes
  vars:
    fastd_profiles:
      vpn:
        # set log level to info
        log_level: info

        # start tunnel and start it on boot
        start: yes

        # address and port to listen on 
        bind: "any:10061"

        # the private key
        private_key: 605fbc328e258182b0b2859ca06b586dead2bd88d6566c89da11acfa9a537942

        # the public key of the serv
        public_key: b91be575b02ac02e5b9f387bf0d1b3bc8b3a2a6605c4b64dbfd3482621b3e17b

        # optional: interface name (default: fastd-<profile name>)
        interface: fastd-vpn

        # acceptable encryption methods
        methods:
          - "salsa2012+gmac"
          - "null"

        # peer configuration
        peers:
          gluon20171c61:
            # public key of the remote
            public_key: 7e383ce9ba4fea8a82c1860864c2f940ef9f8a92b04f62fb7ac5f57442872f0e
            # connection description with fastd syntax
            remotes:
              - 'ipv4 "gluon20171c61.leipzig.freifunk.net" port 10061'
          gluon20171b61:
            public_key: 6a5e3d0d88feb0350078b5ce7c7a15baf918e0c2455d6854ec933c96c7a01a43
            remotes:
              - 'ipv4 "gluon20171b61.leipzig.freifunk.net" port 10061'

        # append additional configuration like skip the verification
        additional_config: |
          on verify sync "true";

  tasks:
    - import_role:
        name: fastd