---
osp_default_rootfs_size: 30

opentlc_admin_pub_keys:
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3Avw03Dmh1R2QWQ4CV7JgEsXnHQjNhfppD5aZmh0q/64p6lW+2oNKTT7fVQcrsdmlJwrMd5apkUGrOcq0hHXQMEVZEKUmEjko2BqD5A9/zNX7apObW88bFFfgxc91lOT+e+wfCFsrr3b2SJ3+KL6nTBJV7Lf46i6z86vhiDPjqL7U9kTS+bK9ldU20vpn8h+ZAIaiafVWfjihUjhNpcUY46klixV1YcAkBGCbE+YR6RAAc6vWy0zB3YJnTUl9OFt213ofi1qjuWKVMmOxORxPKB4/JQ+hfAsCMysoVFnFYs10dWxaySK63OgY9uLNyaIwkEaVVIfcViRVm0DZfoNH gucore
  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvZvn+GL0wTOsAdh1ikIQoqj2Fw/RA6F14O347rgKdpkgOQpGQk1k2gM8wcla2Y1o0bPIzwlNy1oh5o9uNjZDMeDcEXWuXbu0cRBy4pVRhh8a8zAZfssnqoXHHLyPyHWpdTmgIhr0UIGYrzHrnySAnUcDp3gJuE46UEBtrlyv94cVvZf+EZUTaZ+2KjTRLoNryCn7vKoGHQBooYg1DeHLcLSRWEADUo+bP0y64+X/XTMZOAXbf8kTXocqAgfl/usbYdfLOgwU6zWuj8vxzAKuMEXS1AJSp5aeqRKlbbw40IkTmLoQIgJdb2Zt98BH/xHDe9xxhscUCfWeS37XLp75J backdoor_opentlc_key

all_ssh_authorized_keys: "{{ opentlc_admin_pub_keys + [user_pub_key|d()] }}"


default_security_groups:
  - name: BastionSG
    description: >-
      Bastion security group allows basic ICMP
      and SSH adn Mosh ingress and egress to *
    rules:

      - name: SSHPublic
        description: "Public Access for bastions"
        from_port: 22
        to_port: 22
        protocol: tcp
        cidr: "0.0.0.0/0"
        rule_type: Ingress

  - name: DefaultSG
    description: >-
      Default SG to allow ICMP and everything from bastion,
      and from inside default SG
    rules:
      - name: FromBastionTCP
        description: "Allow everything from Bastion"
        from_port: 1
        to_port: 65535
        protocol: tcp
        from_group: BastionSG
        rule_type: Ingress

      - name: FromBastionUDP
        description: "Allow everything from Bastion"
        from_port: 1
        to_port: 65535
        protocol: udp
        from_group: BastionSG
        rule_type: Ingress

# Environment specific security groups
security_groups: []

# A list of the private networks and subnets to create in the project
# You can create as many as you want, but at least one is required.
# Use the name of the networks where appropriate in the instance list
networks:
  - name: default
    shared: "false"
    subnet_cidr: 192.168.47.0/24
    gateway_ip: 192.168.47.1
    allocation_start: 192.168.47.10
    allocation_end: 192.168.47.254
    dns_nameservers: []
    create_router: true

# The external network in OpenStack where the floating IPs (FIPs) come from
provider_network: external

default_metadata:
  owner: "{{ email | default('unknownuser') }}"
  Project: "{{ project_tag }}"
  guid: "{{ guid }}"
  env_type: "{{ env_type }}"