---
wireguard_endpoints:
  - name: ovh
    addr: 192.168.0.0/31
    private_key: "{{ vault_wireguard_secrets.gs.private }}"
    peer:
      public_key: "{{ vault_wireguard_secrets.ovh_gs.public }}"
      allowed_addrs:
        - 192.168.0.1/32
        - 10.132.0.0/16
      keepalive: 5
      endpoint: 92.222.211.198:5412

nftables_basic_input_rules:
  - proto: tcp
    port: 22
    verdict: accept 
  - proto: udp
    port: 5412
    verdict: accept
...