diff --git a/group_vars/all/main.yaml b/group_vars/all/main.yaml
new file mode 100644
index 0000000..582fd95
--- /dev/null
+++ b/group_vars/all/main.yaml
@@ -0,0 +1,302 @@
+---
+ansible_python_interpreter: /usr/bin/python3
+
+syslogfacility: LOG_LOCAL2
+
+network_nameservers: "{{ dns_servers }}"
+network_search: kill0.net
+
+postfix_aliases:
+  postmaster: root
+  hostmaster: root
+  webmaster: root
+  abuse: root
+  administrator: root
+  admin: root
+  root: sysops@kill0.net
+  devnull: /dev/null
+
+    #firewall_ssh_whitelist:
+    #  - "{{ lookup('dig', 'jump0.kill0.net/A') }}"
+    #  - "{{ lookup('dig', 'jump0.kill0.net/AAAA') }}"
+    #  - 192.168.255.17
+    #  - 2600:3c00:e000:343::11/128
+
+firewall_ipset_mgmt:
+  - "{{ lookup('dig', 'jump0.kill0.net/A') }}"
+  - "{{ lookup('dig', 'jump0.kill0.net/AAAA') }}"
+
+firewall_limited_tcp_ports:
+  - 22
+
+#unattended_upgrades_mailto: sysops@kill0.net
+unattended_upgrades_mailto: devnull
+unattended_upgrades_automatic_reboot: yes
+unattended_upgrades_automatic_reboot_time: '8:00'
+unattended_upgrades_reboot_with_users: no
+
+openssh_sshd_config:
+  PermitRootLogin: prohibit-password
+
+autossh_config:
+  - name: influx
+    host: jump0.kill0.net
+    options:
+      - -L 127.254.254.1:8086:127.0.0.1:8086
+  - name: syslog
+    host: jump0.kill0.net
+    options:
+      - -L 127.254.254.1:1514:127.0.0.1:514
+
+user_authorized_keys_hash:
+  ryan:
+    - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGznaofIstAxYsX1MH8xQiZU4aOO4SUw9OlRbyFMfQTx
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDKdWuh9fbKNubIWaYGwOcbGNkh1Osifh/22KE5pKlVxfVqTT2MiEY6LlvlqR0UkU0hos5F0aEigK7wsABy0KEP2Z0hlx1IwO89rX1TbeqbNVvFk34+jBFflNhBTwE4fekBc4WyvQ3MtlygUTqUnPiQNMBL6uV3rHfh015C5ZqRHSqT7O/+bIbuLSOLizQPph/EJ7U7ti5gfZb5J8uSLdaK0vCLSIokleht3dE1DxfNq4LaVcNCGfNXHIzhaew7L4IkJ7nSWGRtGD7aHKcPV8PRJCt3Mn1IDXrVwFYx0tmFF4eyJ5h9l7fTiRs8PjJ8zD8BePtAP/LFCrhCS+vYbGJT 
+    # windows 10
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCe1dmofrPBmchiBs1NQxJVEiAyNfd/eG/U6xh8buekKpEYu6vY9oLN3fk1TdIQoq5gl6qVMaT8cRXQkN7zPBHdwpX55ifmM8O5sQJ3Q2Wioi+6W2elVG58kDIaWFUiQLFm3CXUQ43Ec3+SMo2xlr8b7tUUbCc7690TNJx4gB1t+mYQMIv5OBuzRgUJLSclT0Tp5luJgVKVimPKXTqawDPIKwEZHHvJjs1S4irDdIP4OJJHfHmegapXbMexfEEmgt82axlSjywlMDOKCxnJphOSxtzbUGHkdNMM8VBQC/iMEHprmp75LQzgL5tk9cdIe6T8b1XyuD3tdO/xguChBPpV
+    # work
+    - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICndorpp/6aKlLq2K1YP81r8zA80VGp1qAUeCZtdVhAw rcavicchioni@NMLT072
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCW02T3dkh1Ra9n+Ql86e/C2ZdtwY5if5RZoc2BYwFCcygwP3GUKOrR6c9SW25B3X048+tVdTiOUhqfsqWf6jxCJ5h17lJ2sigMxEZOht0hUQZSgmQgdviYv3WYrqC4hlStumwEgEsJjRl9PP5LnIcdjWWINslaweFdfD7KhTRPlok1T2ycd0wEvsSCVATW32xV4Dpof5HLgLqnNwtK3VKSl7YIQu5i9SimtRDijwPnOkeMoknGjatpOu5VrnOP03GaExqXnjaIaUz++5GhCGEQEKhlcQrBCYlxubH+L4r6bka1S5r1GeeZNL6g+uUVUP5XaG8HcA9vArilmQfDj3xd
+  rick:
+    - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDTt13M/kyXmm8ORhefa6b4e0j1XczLu+R/asgTSdvhDCljo1LLtDvXWdUVQCwXxMXw8aPKjskBr+k1KJOFsdfVi65dExHhmaHk4qeGgkSkLNLPaMkKcNv3h+hS7VGmZjsxU0+bwl0b3g6woKEuMjnD5MfCsKIs6TOB5XjoDw8PMC+BsOiafFPeXGL8UA4yBtdNXFk6B4Ev6lZflPvenJXXJjYeePnhXjPaI6cNjSPhByy8mPU0AzWhtq8akbXlOCUrjuq2XoatwVOd1ZWj344PHfav7zmZkYLWOE7AR++ng+4pNxrfeiCxBcgSluKNYkZFac04OX8PSNbvqTWA29GIDlmcomaSJOWslVoVOiWYQ+7wWIb0d2+RgH/6UvVS500NyacOSkSlfI8SyqC5VVb2jjUC+GQ2zW/IMfYlwRutXT3MRgVtuoQ2i/aXizPLsH6iBqKxQDMV48avTNIitN29owOBPpDNsd1o4iy4kdMPrAFmrPBYSA939nOUzPmCCwU=
+
+users_interactive:
+  - name: ryan
+    groups:
+      - users
+      - sudo
+      - adm
+    comment: Ryan Cavicchioni
+    password: "{{ vault_user_password_hashes['ryan'] }}"
+  - name: rick
+    groups:
+      - users
+    comment: Rick Elias
+    password:
+
+users_authorized_keys:
+  - name: ryan
+    keys: "{{ user_authorized_keys_hash['ryan'] }}"
+  - name: rick
+    keys: "{{ user_authorized_keys_hash['rick'] }}"
+  - name: root
+    keys: "{{ user_authorized_keys_hash['ryan'] }}"
+
+telegraf_config_outputs:
+  influxdb:
+    urls:
+      - http://127.254.254.1:8086
+
+telegraf_config_d:
+  - name: ping
+    config:
+      inputs.ping:
+        - urls:
+            - 10.255.0.1
+          count: 10
+          ipv6: false
+          binary: ping4
+
+rsyslog_archival_format_enabled: true
+
+rsyslog_outputs:
+  - name: omfwd
+    params:
+      #target: 127.254.254.1
+      target: 10.255.0.1
+      #port: 1514
+      port: 514
+      protocol: tcp
+      action.resumeretrycount: -1
+      queue.type: linkedlist
+      queue.size: 10000
+      queue.filename: fwd
+      queue.saveonshutdown: "on"
+      keepalive: "on"
+
+sudo_aliases:
+  host:
+    - name: minecraft
+      items:
+        - mine[[\:digit\:]]*
+    - name: jumphosts
+      items:
+        - jump[[\:digit\:]]*
+
+sudo_rules:
+  - name: "%sudo"
+    hosts: ALL
+    runas:
+      users: ALL
+      groups: ALL
+    tags:
+      - NOPASSWD
+    commands: ALL
+
+restic_repos:
+  - name: b2
+    repo: "b2:kill0-infra-backup:"
+    environment:
+      RESTIC_PASSWORD: "{{ vault_restic_repo_b2_password }}"
+      B2_ACCOUNT_ID: "{{ vault_restic_repo_b2_account_id }}"
+      B2_ACCOUNT_KEY: "{{ vault_restic_repo_b2_account_key }}"
+
+restic_jobs:
+  - name: system
+    repo: b2
+    paths:
+      - /
+
+certs_trusted_ca:
+  chill9-root-ca: |
+    subject=C = US, O = chill9, CN = chill9 Root CA
+    issuer=C = US, O = chill9, CN = chill9 Root CA
+    notBefore=May 16 17:36:20 2020 GMT
+    notAfter=May 14 17:36:20 2030 GMT
+    -----BEGIN CERTIFICATE-----
+    MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3
+    MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
+    Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV
+    BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB
+    MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5
+    LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX
+    +U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd
+    m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0
+    VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM
+    d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft
+    9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS
+    Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5
+    aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR
+    0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS
+    hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo
+    DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+    HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG
+    SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P
+    /3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0
+    jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP
+    oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t
+    /BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu
+    UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ
+    u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/
+    Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ
+    NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM
+    MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs
+    ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA==
+    -----END CERTIFICATE-----
+
+openvpn_config:
+  client:
+    client:
+    remote: vpn-jump0.kill0.net 1194
+    ca: "{{ openvpn_etc_path }}/client/ca.pem"
+    cert: "{{ openvpn_etc_path }}/client/cert.pem"
+    key: "{{ openvpn_etc_path }}/client/key.pem"
+    tls-auth: "{{ openvpn_etc_path }}/client/ta.key 1"
+    verb: 3
+    dev: tun
+
+teleport_service_state: stopped
+teleport_service_enabled: false
+firewall_teleport_node_enabled: false
+
+teleport_roles: [ node ]
+teleport_config:
+  teleport:
+    auth_token: "{{ vault_teleport_static_token }}"
+    ca_pin: sha256:4ef484a5949aadedf983bc1f1d43f6f31356ca37f9608267424ddc0d9b68e010
+    auth_servers:
+      - "jump0.kill0.net:3025"
+
+firewall_ipset_node_exporter:
+  - "{{ lookup('dig', 'jump0.kill0.net./A') }}"
+  - "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
+  - 10.255.0.1
+
+firewall_ipset_blackbox_exporter:
+  - "{{ lookup('dig', 'jump0.kill0.net./A') }}"
+  - "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
+  - 10.255.0.1
+
+firewall_ipset_mtail:
+  - "{{ lookup('dig', 'jump0.kill0.net./A') }}"
+  - "{{ lookup('dig', 'jump0.kill0.net./AAAA') }}"
+  - 10.255.0.1
+
+node_exporter_du_directories:
+  - /var/log/syslog
+  - /var/spool/rsyslog
+
+wireguard_iptables:
+  wg0:
+    input: true
+
+wireguard_network_prefix: 10.255.0
+wireguard_peers:
+  wg0:
+  - public_key: 1ipGUnK8XDbIoBIEF440BhwLUe0yHa5l3kZZc4eFxV8=
+    endpoint: "{{ lookup('dig', 'jump0.kill0.net./A') }}:{{ wireguard_port }}"
+    allowed_ips: "{{ hostvars['jump0.kill0.net'].wireguard_interfaces.wg0.address }}"
+
+supervisor_unix_http_server_socket_chown: root:node_exporter
+supervisor_unix_http_server_socket_chmod: "0770"
+
+firewall_ipset_loki:
+  - 10.255.0.1
+
+promtail_clients:
+  - url: http://10.255.0.1:3100/loki/api/v1/push
+
+promtail_scrape_configs:
+- job_name: system
+  static_configs:
+  - targets:
+      - localhost
+    labels:
+      job: syslog
+      __path__: "/var/log/syslog/{{ ansible_hostname }}/**/*.log"
+- job_name: nginx
+  static_configs:
+  - targets:
+      - localhost
+    labels:
+      job: nginx
+      host: "{{ ansible_hostname }}"
+      __path__: /var/log/nginx/*.log
+  pipeline_stages:
+  - match:
+      selector: '{job="nginx"}'
+      stages:
+      - regex:
+          expression: '^(?P<remote_addr>[^ ]+) - (?P<remote_user>[^ ]*) \[(?P<time_local>.*)\] "(?P<method>[^ ]*) (?P<request>[^ ]*) (?P<protocol>[^ ]*)" (?P<status>[\d]+) (?P<body_bytes_sent>[\d]+) "(?P<http_referer>[^"]*)" "(?P<http_user_agent>[^"]*)"?'
+      - metrics:
+          nginx_requests_total:
+            type: Counter
+            description: requests in nginx access logs
+            source: method
+            config:
+              action: inc
+      - labels:
+          #remote_addr:
+          #remote_user:
+          #time_local:
+          method:
+          #request:
+          #protocol:
+          status:
+          body_bytes_sent:
+          #http_referer:
+          #http_user_agent:
+
+loki_service_enabled: false
+loki_service_state: stopped
+
+promtail_service_enabled: false
+promtail_service_state: stopped
+
+influxdb_service_enabled: false
+influxdb_service_state: stopped
+influxdb_package_state: absent
+
+telegraf_service_enabled: false
+telegraf_service_state: stopped
+telegraf_package_state: absent
diff --git a/group_vars/all/vault.yaml b/group_vars/all/vault.yaml
new file mode 100644
index 0000000..f8fdfec
--- /dev/null
+++ b/group_vars/all/vault.yaml
@@ -0,0 +1,323 @@
+$ANSIBLE_VAULT;1.1;AES256
+31363530386439333137346232326666303761646639326334383230336365393138366637383338
+3332303562323030643037313965376134363230333830320a376362633836626639633966616230
+65633065373336373735326163666438353135393435383861663665336433623038336531393437
+6231326664383462380a303832613736376236646631376461363965383166626366616439653465
+38386132383562623430363138373630343030643930396532393834623833383934363936666236
+32366663373031646162336364313662356339353739353135613762623236313063336562643163
+65323231323739396630343935353763366166396535393031653130326632653839343332326161
+62636364303566343764363131643935633365643337383536663334373063323135396130653033
+65333434346439366636633566333866333361323439366437366264343230666365346263333734
+66663639666165336136636661333533373733336334626266316165386430653564636461306261
+39643961383366623335353337373562623433353238333338326637633862616465333562666530
+36636133303037643361666265633162393965396534303732643966383537383734643737316335
+65363266623034386162653364633962386635373435643864346637303938303731323537353439
+38633564643837393836326337303838636263626234306165323661333562356235396665323265
+61306464653835653038336437666166666361366134663738333133373737313034653336366561
+38663138633131336233613363333233636435653236393361343763646239613466386330376265
+31353238623436333461383833356465343134386565396161356438646438363332306164353235
+38633834393938336134656235396437316262633830623233383366343133643066323363626666
+63656338653564653262333039353732386434616261393437303436363061623465653438623731
+63333762363865363930356134396439356665646364633362356531363730316339633162336266
+61396433323036633631646635636262366134346632633535363937316436646439326138316363
+66633538643165303661393738333739396530303138306133613333393461396363303463373636
+61633066333765346436613034383766346633373839613638346432396166306631386364643537
+38333331323930656563613130663438386664626637373537653966333261663233633033383736
+36356665323165383862643032376565643134396361633835393632643834663566663336656664
+31353736313638643935643065613438326465393538616462616338646637326361653435653066
+65353537333338666634313863643732363763643366656132373163646438346363336233363662
+37633137346362623739343562326661373266663339616164346533353935643432326339303761
+37323231323833656165353561333565623237656238383332653665643766313234333739383133
+30626164363338653938643135643034393231386634386237336264323135393161343432616563
+38646530646536663030336166383261663134663230656565623739666636366166313364353734
+30663639383938373439356530316666633030383832666335636433633136663530373861333936
+66303636636439333762616365306437386139633937346537383365333235656165633537326563
+39393330336362336565653830623462616539336164656563333563643539383538623432646563
+36353239643962346232636233356132303762396462303731623932306435633132333065336531
+65623462653163666165613937316531343561363730326439643164616364656166613438346433
+65353934303433363965656262666634326436346330366462343131623334383936613362656630
+36323434613435646131623466303265633831616539623438626634343938336532633866666362
+36343930336664363262616330633930313232353866653236313864643531306436666464303563
+37643063396137656663343165343162363835376439396362626432376437393931396138616263
+62333061663761383135333862346636663534616632656231323438663230626636643565363066
+32323337396663366532353764353931343837633465613037376433636531343765313466633338
+65653862303835643330396634613934303135343532323334366632313637373665633336393236
+34643064343761373231303465643230393264356432383764613561366337356135313738353836
+62653162376533613462613236386432353765633230333634316530616133363331626436306237
+32393261653465376234313035666234393461613166383030386138373738346531666132383732
+37363365383066643463656630396263326561643330373565653035336365373564613033313539
+61666433333535613961666633366334306463333038356663613436343765303438303932613766
+37663361656630383930326563356530343366633633303765366261353035346566303366303064
+39636334656165653735623761326464323737323733613666313839316334386630356565383132
+66613963326161666136303262633338343137373336643735666634323338656161623839363431
+35326531343430346632636464386235643236326635306562623339636132383334393038616565
+62376435623565633138623466363230613861366437613230373464373762383135633431376533
+33626166303835653733366534363762396163326534323663373363356631336230363362393466
+30306534626134306534653361663939653736373165633762663464656635623134326335636465
+32313439646462373937316237613834613538396634393339666530666534376164366339326334
+37336362626536656433306466323739303665643139386637316536656536386163336461346439
+30323136663830643866306135663931626438396638353237343532373639303630316133613730
+66623939656635656535623539663661326666313664666235643336666338356565613537353635
+32626464633532393135653735653237326231363762626466646366393266333039313437306437
+34626438376461373537303137666639346533313634396337303165663234643665393737313262
+64306563333062383832396333663134633736616366633961373230333635363639363039313662
+30323737323166373066336331383839383964323561363836633861376137306161646164636366
+36346133653965333539386232303930663435353131323337363863336466313666613430343436
+64386537643763303132343062323938323530333839613365363031613037643362656334313137
+32393337643732613837373564333930623566316333636166666132653339613337646335393963
+33353461623133303566306533333539326162653764623731396463323364653930393534373539
+65623833623938366638303461393364636333303839346635366662626661656633303034626265
+36373834333934663830656438306539393532316239666534393265306334303263623835356664
+34333836383463646362653266353864346133336562633762393763336462353734353636323030
+62316135316538623130663838316238343630653964373531613939653832323430646464313764
+33336438386231376539623061656335656430303038326431633061393436643966333932323266
+31613730343361636339303233303266306363306537633630656433396462326336616339306536
+35376661306566373330306264326164636135323938663634326336343832363566303436373138
+30396630613635636666393738333036303437366232303732643837393233653539306131363731
+36393963343335386336653930396432626231343334653036653762663066333435656464373234
+33646637633832386361343331343231313537373765356166313762623066383638313034393731
+37663831643466666566613361636661373734623761323733336333366562386430656138636138
+35373135663765333733663531353136376563313932303164636234303030653337653738333461
+38383363656534353562333065613862343536376231383264373539663936386364333637356535
+63343736376431333338613766643033323862663336333164343130626333373336346134326635
+35663939323438633136323862626634613332663030666637613662646563333766663238383930
+32323163343637336462383366386239623030636233353531656533303833353332643337646461
+64633965643834326234643837623165353635373364623630626535653339396639643937363261
+62353561653237323036343431363632643539316461303338346266373166623435343133613465
+30323230373139346132663066333739316437306532613534306533656161653665393534353062
+36326537616536666336646664666564353564383939386435326334333932363331653962636532
+32636133386339306638396438326132653636353733633735303063613537623961326164396266
+64313336376435353665616439366262303166316632623761383061316664636565313933663436
+30393938356361613562643835626138646462623737643738343463643862363136373665323631
+39326233373838623638363034613835393838393362653938666662356633643363353963336461
+63313932633062376336653238333263623331643735623134383364353536353866626166303338
+64303039353364623837373139323838366432663838623530353939366363633738323461323763
+37613037636436396232336437633039343838313534376136323836393162613932633430623064
+62383466343033633739613738326661653931376562376137613138616630373536623734646637
+61356632363430316337363839643237346466316464356439636530373466626166613032303536
+64383238323236653838363137393761343138333837376332643138393161336263313664333838
+63633662633465326636343132653464383731336133323863313162336632616430363734393865
+62643730613862633166366139303865316364366461616466303366626637393734343336653864
+30393631643463396435653664346332643665373932376333353439356564316337376430323064
+62343736633439636361623066336663646261393432646331356632643638666163623639356137
+63343132643066353031643961666131396431633036656136313536393164313062323139623263
+31626434396631383361346330303437326165396163333633353761623433643639356365353965
+37363533663934336534646339383735623431633032613761383066383230646530616639336636
+33356633643936633834353962636538393534633266626237323436656330343235333732346464
+62303061306662316139643666393861356130386237613836626136346238306332643433323031
+66656631386636653831653933306236623531373036313237636365313666616564653637383930
+63653336353838386465646562373636613032373636393866343565623866356130353562663637
+33646438633438383337326333666561663665353637376463333863643531316432383462336231
+35383731303232643064366563623735626266643336303563326133333866383261366366653164
+37313737393636383832393463346235343637643632393735616462396464356362396336373465
+63643265326661323766633534303832616466656662613163376233303536363037343662306336
+30366265666166343138623739623161326433653465663466383162343161323037336265336634
+62343833616330336364396139336539643137346334303634666130633831346432636631393336
+62333862363161363063626134386436656337386165383364353930383338373665613635383336
+62376133316563646366373666363539383732343961626164343530613866373735653165333538
+61383363633561313766626461356537313066346537653233653166396635623533626636363232
+66366264363030363065376563376561613866343733363330336138353238306134393363373036
+38346633646238623837393565616435616531653631373465336131663531656266383139353161
+62336639303936343230643832303565653665386365393637353132323331303436616635353538
+62373234323062656566383538363564326532663037663662336237353039616635376665633230
+35633832323538336364633365656665653464383930313533613033663066373137646561313162
+30386364636339396435356563346335336664303833623630363065383764643333636333643838
+36373732636165393362313430646635666138393134313332303335336638373232376234636363
+30616562356134633061613663643163306532633765353734326438313861326462303966613564
+35333935393032396130636139643437613961303438353338616438393231303834386638316630
+34343537356439363338646539396563666139353565393731333535336231373339306536343131
+61343664666365643734633834366132636662386530633830656231346162656462303563333732
+65336233646362333266303634376539393031316436373133333538653236326439313234653439
+35383038316164623761393130633132373533346231383433313537303339386463313766336631
+36616337363136353531656235613330336366353330393738636366666235666230643662636365
+37363131383338666137363531623161663930353032326439343936653636333265633463613037
+36666636303661663937366161393436386130653363306539616631623633323838356337356538
+39373537376464306636393961636130333565623865666630653937623235353838366132366534
+33346337366461383234623432343662383732346130363439613966363064333964376236303162
+30623430383064333639613139383737373939363439633537333135623336346162376264336237
+36373537373437396364323264653434623738393638396636643930303461323738363532396364
+36386462343064633664633264393264633063373334306133303034613130313530616231336533
+38343634386565646331353664333636353363643465646332346236633832326139386333613635
+38373264313730633336353730636136386437343834646464633932653138353330643231616535
+62333365393361353035613465633334643535366431643461316333626535383766333431613462
+30313939343733383938343930313261316362306430653737663463636136626466306339313566
+36313330656663653066386566303163623830306635626238343630306536643435393231363835
+32336537343634303364316638666239343432633366643937643236393930656664333163326139
+30313132346331366630663430613461636239666661306631616636363061323435613735626633
+32383366613965643236643163626466306165303666306261656161656561393535353836323338
+66643237386138643231383434346135323164313265623132623934376138326536616161306161
+30623163623035666535616364613065633236373832383235656162303865386131643261666365
+34363237663161343363613534333963643934643531323335643163376435316633623139663237
+32366331396438633439626638616461626333666561623536643537336265346665323737393831
+31366230356366386265336135373464666233623637396265643636613062626463376265373237
+31396139623439333531303564373062626130616561333363356138633530613136623765633663
+61633433646361316464643532356166356130626535623861663962663439313639646334643439
+34626462616561366138613436623031366265316232373065363736616136323134643261316335
+63356432313265643138366361303931343631643337393963313765623734656130373532373961
+33316630393564346661376566373437356138336565633566323133376136386438653964356331
+34633832383062656237373664303637356431613332353834373630373562346135303837623466
+61313035623536656537346666663036623566373535353562386130303064356636326631353432
+36666230383162623230383064623861383936326632343835313835303566353061323130663338
+31396330613531356364623666643733353666333331373935323230666438313538326533316364
+33636662366465346539343963643461316434363939653237326134363935373430663433633461
+32313961393736373363663239306336363962623737336538346135643064623135363263666634
+35336363633565353831666230613434353864656130316135653765356664616630313036303039
+39383062373033616537646237663233363335353863393733646465333430323564396137626230
+36333965353362373337323633366162633339343062333162643739363937636135363663646232
+33613636366138333233393132316534633334623462656436616235636237366566336536376637
+65643934613136653938626338376137646539386663646466653865336432386638383136646339
+63653036623338646539376366346639386236303730303061656534373431303838613535663033
+62303139613233613262636263323632396362613961323930616564313635393935636636663062
+38333361616435626438313332386265393866353633326465626466646236353733643161626131
+33663632626130396338303236656537353665653132353133323361393330633562313433633939
+62646165313033363635663739623130383034333234353335613262306339656362336137396630
+62633763623032336435383035303132643531663862333636303764353336643337353336333962
+34396339653966383637333534303732646330383431383936346363363337653863656335623962
+35326330333965623864386262306335353838383166633531373037636134386537323562343331
+64363532616265333363643636303466363838376464336262386131646365656636333761303836
+36373937643635663535313763363965303963363162393465643863653562383464346265303636
+61316335333064313335316430303635653030373564393261623532306232333139313735646631
+38613665303232313339663865303765393335643063393133666335613431376461663265323931
+65613365663134643663303261356534653765613266303562376433386333646666396230306536
+62613265616563393132363339336234633732373864353231316436663666383133306664653165
+31323937373334633439306466313330376432323166646662613239343436373230626235393736
+64613638626237643133323362383631623065373232623363363061643666396633393730366533
+33313434653964333762373939663664656636326165623938363430306361373434386134656666
+33336230376237646236376535343432343465633166643736623339373436663835303165313363
+37666538356633336431343833313438653534353065303336323830623165633962346435633032
+38313930366438313665353438323163356561393635666431366362646436313434363866396137
+36646565653065643231396430643865386165333038306435323764393264653936333762396531
+65383932643464343766613438336437626162366434643336396639636632656434396362636662
+66613565636236356661326131656561336564653966316362623632316263343630393136353436
+62646238646565313066643530313237353731326138613963656634633539363466313438303038
+62383464346166656230343863616264306366656439613038623434643330343930343439393063
+62346262626361653530393434633834383332383732623562613138643034643437643137366363
+39303439373561323831363463613231343530643730633764363132623466363536333563343962
+37353364363265333066313133643762633462326462346365666366383736313862376365353334
+62643234336430346132306132623365366639373562383466326365343735396337643535613332
+30653032336134623039333730613838666639373731616533376233643134356139373565303538
+34373732373133663561646137313662653764376637313235356632666661346162373333626438
+31656563356239373635653764336131386462363066633537643239356439636330383336373632
+65666163633264396333336665323930393966353438616564653035326565333064393166383837
+32643733626265666638306139353665373735656435353935353265663862333365333062353261
+37653130326565373765343035386463383263306630386434623131313239393463386437323937
+32333163373233336363633430353463623938613434643465376134393436333633356639383337
+62663335326130653035333561633664363461313038383262343330393066323165633631656561
+37633834343930623238343330373863323033396333343830366635396139306462313566376431
+37376437363365386461303763333732333632616533623561633930616332326264623061643734
+61336333656365343534643365356363316362313230313366613363333638336236333463386163
+39393061343932646633333062393764363238643838383833316434303364643039303662636134
+36303636333562336130303865616331386561393964666431303936646136356231363364653766
+35373064313363623632353232616563656561613434373232653163386437343736656330393838
+66613164646366653563383266633337653865613166666337636630643230363539376436336362
+36316431623136313137346664613333303066333337616335636631616361653866653331386531
+63613931666334373033633364316338393566313235616138356338353864666561663633373832
+39393030646230323032626562613333616566333665633636393537346139333036396338313961
+39303965343461383661363765303534343836346665616436626334646362666138636232643163
+32313336373735363237306337343637303365306563373433323834346133623837373737663761
+63316331333835303064343061303238666336653735353033356661323332613031396434346536
+38323931386364633565666231373061306438666331343536353065376437366639323663633762
+33353233363764366666333335646239653362393637663863336261626335333237653261623136
+30646137663531343531393431653735663933376365646166646134303537303235306533636462
+64376363363764326162666363363934363462643936323134326231636232643933623666336230
+37316134623963643666393966326636363838353933383361643465356239346539343739386339
+65303665333062303832393965363936373835356338326533656631326331663437386433303831
+33636339316462613165373238386634343261333464643636656130333236633733346537363733
+31363530383538616438323930353339383638643034646339363332356161306130633739643764
+65616535623863373632376539303161666363313133313739303936363635666538376635376539
+35663031663363376630666633383166393632636662333636326663623838663861623962393866
+32666161666531326535383364343865386333336432613038643537356331323763653631623063
+37373138333232363365313666353931356639326231633263333138626330396462386162356531
+38646336616266653437663137316438353963323231313937633137663730363236366630353866
+62323063343261393434333832623830623934386566303135386662363630326237653430663231
+31306162396262626636323539383662383735616134356236643832333266646635613163646364
+37326635666332383536393434653932363430363137643466393631303066356539626137633032
+62623431313534323836373935646665393239393262383563323530316465623436313862666236
+34656366316237313565336235323932306234646634653538393362666630386632356361323839
+31356534343436643966393161376436323363376166623962636531623330393834353834366662
+63646230376432376632326231363766383938666332626239633236376661363562313661346530
+37346262626436646436326137363438653237383030623032623435383537383463386461326232
+39313363353066323239353939356365303232323435313637346538366562333766386165653233
+34646331346265306631386264633564383466313230363962653537626334336164626439653030
+62343632666465373033306466356361643830386264316537376130356635363236663732343738
+36343934383764386138356238616134623364356662393262346566313735353439386330333963
+30666332396266376636303837616566303937303732343431343532373436613439383634316434
+33353363393664663535653062633665666662306166393234333230623737313836326263653130
+32313664323033653463326332356435373963323763396665643364356563636366323462333332
+33343935316462616136326136636364353664346264613431353838653731306636373962316539
+37383766366132343861626532633732343665656532653765393230336535633661643432326566
+62373834343664343039326630323539363634633866353437373739313862383035623236613032
+35383265663465663137353761623833343931326434636533333265383465313365646330653131
+66373631363630616564613431636336613030336461663339363930656333393166303063613562
+35396430663036313237363130393763343861383738323664323838316365623139306532333833
+65366233326638623833326230396463663864663233666565393333613166373130323666653139
+31306262306234373033313936626331303161316430383534646632343034366534643636613862
+30303739326164623430663130636130663066373230353937346631346662316134376433383738
+66346139623437326531383766336338346336636336316363666439666463666537376563633266
+37386231613730326536333136303735333664656461653830343130323266343164313131376338
+38306662343132653833313530363731393233633938666534326161666534613266336335336434
+65376165383737666466356133623764363961303234316531353639316332303264656666306635
+37313766383363323138663038373536316461303235373834376430383162373465356463613464
+62353063393333633635613566633536356131386563316130353566363363366437323631616166
+61333238363732373030336538663466353136663839303664336664653036376564313962323462
+65343431363962343631626139363762353831326162636164356562386361646538326137373631
+65613561316366363166363339313562396436346439376661636561373737363765663134366330
+39653232386561333264646666396164383361653634313338666335303937373435623466396238
+35663734363934303265343765356533386230383566656539393363333463363566306635386430
+64373533333637383035363337636331643061303165663364623431333665323862313539383063
+62396634633463656566666230373832396330646230316235343031346339383239656464386363
+34663536663664373538383161363535306363313538343065643335326436386433363838313261
+34353536663162356262316264363062663763323038363538656361626538656432646535666563
+63356562383332313162353265316631303137306338636531663938646633616239303266373633
+32303765393962303336336639383933373635363137303130643830396663303165643465386133
+62323032383534616565363637323464306131346363306233353933646538646233626130633431
+61666337326537386661303061383966616432623434316630613534626138383837303433326433
+38653939383732376266303731373264396331646437613430356236643938613434653263613063
+63386535663336633139646365393963656364303966396532323632366630656362313937633539
+62396366633530633135646431313837373631336361343065646239303636373563396666313931
+65363735653761656365323861316265663032373364363634643930656266323034396132613030
+31373665356539383437393830356531346162393162393139333762303038353130343136643266
+37353864643031616661643730623766613965626638376631636665343539336435363537363532
+35303034373239333237643763396564393862656139633533313432306431356565356534613837
+36383164396133353437363534343965643961346535663638366236303165616563633163363338
+65626564333230363332643863333233303565653166356131303735613266646562663863316565
+62653838303933626232663635316137366533353230633066633464646262313562666263353866
+66363434376237653262663938393361396437633864666261303936383436646330316639383233
+31313164633133333837356665666632306538313165353062646532373930383138346131386636
+30346261323562613262633535326236313961383532646166346636353864323565623739616262
+35616562363333376364626630383761333361653637393234373962616639343132346233336230
+39623331356331636436346134383935353138316364323030613030393561376631316539343732
+36616330376661623266333535633430343838613236633763393031303932386230373838323339
+38373036313932313136623739393132323161323662346333303338633163636631313961303665
+34616636346566303839623637633734663832636263346165363230333938633463633733646339
+65343431313833306561383635653833623139623637393537386630333564346438353731653736
+37343665656638663864303139383262643063316162616564303834666636346534653066613162
+39376264323462656232626339346564366430373031323835303965646534636461313437326236
+66336433393463316137343561366631666163356630616531663037396264613562383937633564
+34646164373133383736363537333432396264383166623464333631333939356132373239333266
+35333837303862656530353636346561333938316361353635306132323133653235373265613338
+38353839653731666338626438393466313034663931656261613166663938646664666661663766
+36333037636261306439653133376564646564616339656566346364373831353139663034643133
+65613835396265613837373738306238633161323234313963383063666364323932623433653465
+34663930616266633161666262326464306132333534373763626433336265323662666563363735
+64643635396366386262393637626435613934616530623537396338643133353565316263666535
+66656534623862643336636366653036623337386535356138616662373330613731666237306166
+37336432653538646266323638306638336638653661623734383565616633636332613339646632
+66623066346166303034633332343264616434616664663336653662343535353032633931373461
+36333436363834633262383138333263373036396462316563336539363362316461333930396132
+34633162306630323536653632316231306164663366646439653863623437373537393330656632
+65633163623662346464393038363636656331623465356135323663343636376234353466306535
+36346532633233363761316137376165313866643633646631646436336565326530373236386138
+63636264636532303035373539623661303639373462346565343433306465393930336666363962
+32386164623731646664366234383138633231376562646537323337636534623066643937623766
+63303366353261306539303337363638633263663839326530333332386234623437343639393362
+32343637626630616138376431313264356131393034313162303466396434303663613361393766
+33333732333134326366396532633530653739343866633862636636303865643663303131653964
+61633566313766646237613732326330323132363661343363363164663664336461363861633630
+37663266666262393434363838316432356633643130323633353132396432373066626635323937
+38343463323766373165333966313562613261633434376131643261346661353665373032376631
+64366134333762356564653961393535336263633836346666633132623765626364346563666330
+34363262666239393238636431386336373337313931386632656362363734373634306532373937
+35396266666335356361666264316363613934303462316431306561303231616135316461313765
+30393061626232363139373661363735346631306433323064343535666632663362383661316436
+3061313735313834393466373963633731643936663739323438
diff --git a/group_vars/git_servers/main.yaml b/group_vars/git_servers/main.yaml
new file mode 100644
index 0000000..326bfbe
--- /dev/null
+++ b/group_vars/git_servers/main.yaml
@@ -0,0 +1,14 @@
+---
+firewall_allowed_tcp_ports:
+  - 80
+  - 443
+
+gitea_domain: git.kill0.net
+
+restic_jobs:
+  - name: system
+    repo: b2
+    paths:
+      - /
+    hooks:
+      - gitea.sh
diff --git a/group_vars/jump_servers/main.yaml b/group_vars/jump_servers/main.yaml
new file mode 100644
index 0000000..e1b1fcd
--- /dev/null
+++ b/group_vars/jump_servers/main.yaml
@@ -0,0 +1,353 @@
+---
+firewall_allowed_tcp_ports:
+  - 443
+  - 80
+
+firewall_allowed_udp_ports:
+  - 1194
+
+firewall_ipset_syslog:
+  - 10.255.0.0/24
+
+autossh_authorized_keys:
+  - key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOvKqDI6VUYFgMUC54pVr5U8CX+Xl2ewV7PIYkTiQ70o
+  - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrte7/aVUhovxsFTF9olsO6V3TiHStlF5XFN1u8uKmYmJ9jfvosOLPAv4KHvVDuOww79JPUXrsSkemC/AM9tlHycBf4+4R8q9o7aL0MNzB1ZaiBCvgx+Wn54QgktM/V7e4yl4LCtjxbscspYCJFtqjWuC85c4d8p7Gwq3t7+wbO3TGZAx1ETdqKjhecTCJpjlvUIYDZlCkXMtmhB52ntTu9/GBXD5mAdTCqyq5aTAxGbt56LCmM0Z2qjAxVWRdJK93C2dQ4OPzWnvc2IWR2EazOLDep8jSz4XOzUlfQCeKfFsEvUJZJi7BtcgVKBvL+e8SmwZNG+SdCmFFJxoXVmat
+
+autossh_config: []
+
+rsyslog_inputs:
+  - name: imtcp
+    params:
+      port: 514
+  - name: imudp
+    params:
+      port: 514
+  - name: imrelp
+    params:
+      port: 2514
+
+rsyslog_outputs: []
+
+telegraf_config_d:
+  - name: ping
+    config:
+      inputs.ping:
+        - urls:
+            - ping-home.kill0.net
+          interface: eth0
+          count: 10
+          ipv6: false
+          binary: ping4
+        - urls:
+            - ping6-home.kill0.net
+          interface: eth0
+          count: 10
+          ipv6: true
+          name_override: ping6
+          binary: ping6
+        - urls:
+            - 10.255.0.1
+          count: 10
+          ipv6: false
+          binary: ping4
+
+openvpn_ip_forward: 1
+
+openvpn_config:
+  server:
+    port: 1194
+    proto: udp
+    dev: tun
+    server: 10.8.0.0 255.255.255.0
+    ifconfig-pool-persist: /var/log/openvpn/ipp.txt
+    keepalive: 10 120
+    cipher: AES-256-CBC
+    persist-key:
+    persist-tun:
+    tun-ipv6:
+    status: /var/log/openvpn/openvpn-status.log
+    verb: 3
+    explicit-exit-notify: 1
+    ca: "{{ openvpn_etc_path }}/server/ca.pem"
+    cert: "{{ openvpn_etc_path }}/server/cert.pem"
+    key: "{{ openvpn_etc_path }}/server/key.pem"
+    dh: "{{ openvpn_etc_path }}/server/dh.pem"
+    tls-auth: "{{ openvpn_etc_path }}/server/ta.key 0"
+    client-config-dir: "{{ openvpn_etc_path }}/server/ccd"
+    route:
+      - 172.16.0.0 255.255.0.0
+      - 192.168.255.0 255.255.255.0
+      - 10.8.0.0 255.255.255.0
+    push:
+      - route 10.8.0.0 255.255.255.0
+
+openvpn_dh_params:
+  server:
+    dh.pem: |
+      -----BEGIN DH PARAMETERS-----
+      MIIBCAKCAQEAwmTargQ4ki0rYdoPifubzjBWklJXYzsQUU2TbGvuP0ug2weMOA4D
+      XSmlyJFUmSsSEUxDCG5PXcIdvNHISTX2PiUqf3OhCGghxIbAQwbCdqqs/VnZYt0C
+      P/M5DJD4hsF8OTrdDG9b5mK3XmB40o9K3xkptfQvoN1ecjhRQ+zgNZcnkOfd0XFB
+      myPPSBy/9fK6e6N1SnGN7Ao7AJ3VFLpT77hHaW6wZ+hOxWlmjroIlT5FRyvtEATE
+      2N697E6kWV+1jfyfd8ocu+QfnFbccshJY88OhZ4xddHquFhKMT68TCg43nefQCk7
+      tnJAVcpUfS6AqhwZRysWNRJfG/NiPsMxIwIBAg==
+      -----END DH PARAMETERS-----
+
+openvpn_certificates:
+  server:
+    cert.pem: |
+      subject=C = US, CN = jump0.kill0.net
+      issuer=C = US, O = chill9, CN = chill9 Sub CA
+      notBefore=May 18 01:58:38 2020 GMT
+      notAfter=May 18 01:58:38 2021 GMT
+      X509v3 Subject Alternative Name: 
+          DNS:jump0.kill0.net, DNS:vpn-jump0.kill0.net
+      -----BEGIN CERTIFICATE-----
+      MIIGPzCCBCegAwIBAgIQc/QIYhesJteIltoVW79aOzANBgkqhkiG9w0BAQsFADA2
+      MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRYwFAYDVQQDDA1jaGlsbDkg
+      U3ViIENBMB4XDTIwMDUxODAxNTgzOFoXDTIxMDUxODAxNTgzOFowJzELMAkGA1UE
+      BhMCVVMxGDAWBgNVBAMMD2p1bXAwLmtpbGwwLm5ldDCCAiIwDQYJKoZIhvcNAQEB
+      BQADggIPADCCAgoCggIBAOsnQorA2CsepW3m/Sv+7H4ngosGHw/t9LfxAdx+og7t
+      LNAZ/CIvO4bSjfkRQtCF3+FX7dXPAgkzL0RgDDRD3e3tt54Vo/solxBfHHhkHaWf
+      JifN8icpkMWukc0pzY+H3XW28rWDYdrBmCkHGoebnf51BcoIJ5mVBMgOE3E86Kih
+      615NhXg5pF58+Myz5xFdaTOmoj4J0F1ccZGwJWJrkh2YdMGUHH3YSRASP5N2P5Pb
+      mJ0pLo7C3MH3tZ6Nl8K+RUvtwXCBouthkbs0e02HsQFuLEv2f32NMZU7OUB9Vi8N
+      wxUQ0I/2t3T3BaNxFLlEAzjqAzZr5pwOpSasBTbxsglWaYou8DhIwLEUOUzIh/xN
+      kd+9EVymZ2yqYOlWaPvCmgmhZPeqipd3WAPdtHiYxWfgG0obtVh3qH+JI4P0u7Tu
+      Mb8+TcL3tAfyJDkmY7qepdd3zVj0ldcIQ9k9DRu76WE11aXjSl9YYSBvTuHPN6sd
+      3c+oJ5Ew74hI3AtDf5M6FsqTTdTgkNiqV+f7IRr2+4yip5o4Ez6YZCSSjeUHN9AJ
+      DqVhO3Ar7/vVcq0eFVvUTWVuQD+52sNvCeWh9Skayar2Yw51+gAlh4UGJTR+21jp
+      cnOk4+FT6VOCN/4nmJ9NkwZCCEmj76ygnJ1Ldovc9S8ijf/K103axwweXK9jU3FT
+      AgMBAAGjggFWMIIBUjBtBggrBgEFBQcBAQRhMF8wLgYIKwYBBQUHMAKGImh0dHA6
+      Ly9zdWItY2Eua2lsbDAubmV0L3N1Yi1jYS5jcnQwLQYIKwYBBQUHMAGGIWh0dHA6
+      Ly9vY3NwLnN1Yi1jYS5raWxsMC5uZXQ6OTA4MTAfBgNVHSMEGDAWgBSThtPAfR0F
+      GyRrzaVVpnRPYVvpJTAMBgNVHRMBAf8EAjAAMDMGA1UdHwQsMCowKKAmoCSGImh0
+      dHA6Ly9zdWItY2Eua2lsbDAubmV0L3N1Yi1jYS5jcmwwHQYDVR0lBBYwFAYIKwYB
+      BQUHAwIGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIFoDAdBgNVHQ4EFgQUvXkDkHzz
+      QVyDDrfckIPVGVmKjGgwLwYDVR0RBCgwJoIPanVtcDAua2lsbDAubmV0ghN2cG4t
+      anVtcDAua2lsbDAubmV0MA0GCSqGSIb3DQEBCwUAA4ICAQBNhV+pSeuYyo7bL4KU
+      4u4Q5tqfnqAz67skUhL+T3D5unA3WLg/SlUYUM1qfPolej4J+sFf6HWJrsXeayhR
+      kcork3NlHTjxB9G3aVvG63FJHr0zB9t5whnyepGsmF8lxwK47pXz9CCYEKcsSByD
+      eSBiibCqBaxj4N72yFIuIq5QN4AkXUM+WzIVlC98OqKB/IDtzcTRTBmWmIJIWHuC
+      hr3Emz8s1RNhpsLBlfP2CqsI+RXxGYNS+6VEGnNLRdm+oqa/jTdTyuPQ6TMmNOfx
+      b9JYr41j7Ps0451NzSyWoyxYc8sg58X/t3cPmsx4mgW4qlo9q72kkkKAkiO600C6
+      pKKcyFVj4i8VakrUOGRf/jWB76X08ub67pShXYW3ItqPP39zZJ6KvFYCOldVyltJ
+      /yP18KtFOnkPJ2VxZD+O3MlHA1RILhach3gCICS/VSaJHuPs4dFaiQrc9MxTkzt0
+      QikPvNgkprOIj1BU+VtBIM5eInyfFDVM+hRvp7zOoPQRUqwCn6iBkcgYhTD/cgPh
+      45BsmsOC5Z9NfNlpEzE0u6ObZFcwAp9fg9mPeU/wbW1M8JgcWXjGN37D6gT6cVGk
+      oKUidap16UL6NLgFlIcMSZcfMM0oI2JZyaOCLGvdKmZibpx237SrAnFLYXBJx9Ny
+      cjkBmYeslLjtUPqu9OrqjuiiLw==
+      -----END CERTIFICATE-----
+      subject=C = US, O = chill9, CN = chill9 Sub CA
+      issuer=C = US, O = chill9, CN = chill9 Root CA
+      notBefore=May 17 01:19:29 2020 GMT
+      notAfter=May 15 01:19:29 2030 GMT
+      -----BEGIN CERTIFICATE-----
+      MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
+      MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
+      Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
+      BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
+      ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
+      dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
+      A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
+      km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
+      t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
+      Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
+      vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
+      gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
+      K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
+      dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
+      pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
+      e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
+      CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
+      LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
+      HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
+      /wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
+      cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
+      DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
+      bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
+      BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
+      x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
+      TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
+      TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
+      jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
+      EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
+      uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
+      F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
+      USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
+      ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
+      qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
+      utoYQ7uVeeWbAD+clJpc2kky
+      -----END CERTIFICATE-----
+    ca.pem: |
+      subject=C = US, O = chill9, CN = chill9 Sub CA
+      issuer=C = US, O = chill9, CN = chill9 Root CA
+      notBefore=May 17 01:19:29 2020 GMT
+      notAfter=May 15 01:19:29 2030 GMT
+      -----BEGIN CERTIFICATE-----
+      MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
+      MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
+      Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
+      BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
+      ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
+      dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
+      A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
+      km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
+      t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
+      Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
+      vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
+      gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
+      K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
+      dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
+      pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
+      e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
+      CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
+      LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
+      HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
+      /wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
+      cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
+      DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
+      bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
+      BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
+      x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
+      TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
+      TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
+      jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
+      EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
+      uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
+      F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
+      USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
+      ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
+      qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
+      utoYQ7uVeeWbAD+clJpc2kky
+      -----END CERTIFICATE-----
+      subject=C = US, O = chill9, CN = chill9 Root CA
+      issuer=C = US, O = chill9, CN = chill9 Root CA
+      notBefore=May 16 17:36:20 2020 GMT
+      notAfter=May 14 17:36:20 2030 GMT
+      -----BEGIN CERTIFICATE-----
+      MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3
+      MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
+      Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV
+      BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB
+      MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5
+      LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX
+      +U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd
+      m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0
+      VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM
+      d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft
+      9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS
+      Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5
+      aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR
+      0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS
+      hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo
+      DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+      HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG
+      SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P
+      /3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0
+      jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP
+      oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t
+      /BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu
+      UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ
+      u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/
+      Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ
+      NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM
+      MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs
+      ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA==
+      -----END CERTIFICATE-----
+
+openvpn_ccd:
+  server:
+    fw0:
+      ifconfig-push: 10.8.0.16 10.8.0.1
+      iroute:
+        - 172.16.0.0 255.255.0.0
+        - 192.168.255.0 255.255.255.0
+    mine0:
+      ifconfig-push: 10.8.0.17 10.8.0.1
+      push:
+        - route 172.16.0.0 255.255.0.0
+    "Ryan Cavicchioni":
+      ifconfig-push: 10.8.0.200 10.8.0.1
+
+firewall_teleport_node_enabled: false
+firewall_teleport_proxy_enabled: false
+firewall_teleport_auth_enabled: false
+
+teleport_service_state: stopped
+teleport_service_enabled: true
+
+teleport_roles: [ auth, node, proxy ]
+teleport_config:
+  auth_service:
+    cluster_name: main
+    enabled: true
+    tokens:
+      - "node:{{ vault_teleport_static_token }}"
+      - "trusted_cluster:{{ vault_teleport_trusted_cluster_static_token }}"
+  teleport:
+    auth_token: "{{ vault_teleport_static_token }}"
+    ca_pin: sha256:4ef484a5949aadedf983bc1f1d43f6f31356ca37f9608267424ddc0d9b68e010
+    auth_servers:
+      - "jump0.kill0.net:3025"
+  proxy_service:
+    enabled: "yes"
+    https_key_file: /etc/letsencrypt/live/jump0.kill0.net/privkey.pem
+    https_cert_file: /etc/letsencrypt/live/jump0.kill0.net/fullchain.pem
+
+wireguard_iptables:
+  wg0:
+    input: true
+  wg1:
+    forward: true
+    nat:
+      source: 192.168.255.0/24
+      out_iface: eth0
+    dns: true
+
+wireguard_peers:
+  wg0:
+    - comment: mine0.kill0.net
+      public_key: Cm9yZNczjghAh4hV4fSvy3rsmuLsQFZk+ET5CoWxVnI=
+      #endpoint: "{{ lookup('dig', 'mine0.kill0.net./A') }}:{{ wireguard_port }}"
+      endpoint: "mine0.kill0.net:{{ wireguard_port }}"
+      allowed_ips: "{{ hostvars['mine0.kill0.net'].wireguard_interfaces.wg0.address }}"
+    - comment: vpn-home.kill0.net
+      public_key: j5AgKWcXx8we7QVkt6//oQWsGfXj+5IJKt9mx0EpTW0=
+      endpoint: "vpn-home.kill0.net:{{ wireguard_port }}"
+      allowed_ips: 172.16.0.0/16, 10.255.0.2/32
+  wg1:
+    - comment: pixel-2
+      public_key: GzQOU0x1POvkY4+6smBGkE/B1XytoVxIJa6zGX8j6Bc=
+      allowed_ips:
+        - 192.168.255.16/32
+        - 2600:3c00:e000:343::10/128
+    - comment: work laptop
+      public_key: TRT1SRQd3mFJDJK9tdglqsydXJmkzyrNdUOm4nr7M3k=
+      allowed_ips:
+        - 192.168.255.17/32
+        - 2600:3c00:e000:343::11/128
+    - comment: home workstation
+      public_key: ISvgu8zZWjmKyKrJi2mbqoJg2mrvIjPbQRs0Sp+dLzc=
+      allowed_ips:
+        - 192.168.255.18/32
+        - 2600:3c00:e000:343::12/128
+    - comment: rick
+      public_key: oFJcRhs7tQ4vPHTjbKwwWirpjx9T9ng7PFj3+iAVYWo=
+      allowed_ips:
+        - 192.168.255.32/32
+        - 2600:3c00:e000:343::20/128
+
+unbound_interfaces:
+  - 127.0.0.1
+  - 192.168.255.1
+  - ::1
+  - 2600:3c00:e000:343::1
+
+unbound_access_control:
+  - 127.0.0.1 allow
+  - 192.168.255.0/24 allow
+  - ::1 allow
+  - 2600:3c00:e000:343::/64 allow
diff --git a/group_vars/jump_servers/vault.yaml b/group_vars/jump_servers/vault.yaml
new file mode 100644
index 0000000..185ed23
--- /dev/null
+++ b/group_vars/jump_servers/vault.yaml
@@ -0,0 +1,223 @@
+$ANSIBLE_VAULT;1.1;AES256
+36396137393836323465386631643461656431316666376562623633383965393863383866663764
+3664343734343065343236303365373962333162306564620a623362326163393766343735653061
+64393932383066323264636530613036353637343231666439346234663430326366396532663765
+3536663666643838360a316462376363613562373965653536333763386635343362393938386331
+39663266616365383166393232646530656135373234646166393365343233666635393430313136
+66616361636638323430343334643230623331623334343162333335353265333436326239626664
+30623039333737383531663738616337396136353836383537343337316565623562393235303566
+63656234663765313062666435313431633861646137313330386633383062656335336639633631
+31386561376365623634666231643134663230643736376662356361313464666638363961366437
+61323033386661356561653961623333353637613439666437333164643532343863333434613061
+63646432396333303965663730623061333065653432326136333337633862393339363130373138
+36366163316635383336316537393761633962336138643139386638373134313635336666303765
+62316531336165323965343232636339313462633536623139303865663862376364363261363865
+31353064646338646662386639343462386639393162363334363937363337613963313135663365
+66343365363232623564613035303139663937356430336537346564643134313763393462323638
+30616462363661623466663162333834323937623335316261646533316137613564316532653165
+33343133376538643961656364656666346533316336626464663939313137643461303232666162
+32353131353864373738396335613763366639633837653636386139393862616364613265313935
+62353134303733393836666337393530643465343333373230346133396163623332336131323730
+39383264303935343763343033303864316433613334633137333031626563393233663932376434
+66303638643232376633636331613234316339666630393534333136306639616662613361663031
+31316630323338383061346333633063393261353463623039633063633132623730303161663531
+65353030303763336639636265663333333639306432306662386232303439626235663433376437
+37336461376662663035373336663937333132383964396561626337626632303064656365313633
+61663630316163323163383436636636313333353437646330346532656236626562663332323636
+65303430663133363464323262313531376531303739613364336262393965376533343136323034
+65376461326362313732323730353137663036393835333939353962643338326162306163626536
+37316262623265633363356435316632653466636137303131303664636433376236613237376339
+36616639643232356330393134333364303137633736633764346233636330386232316566366435
+30613261613936343738303763623966653936323661383164613933333633653339363535306138
+32326466306634633965666466393435656432336163663130666266363230653730396665623531
+36643364306537306663303537333063363565386337663061623661343838303638393965373165
+38613939613061376161626163336164656237356164303562376137633135613738386331323262
+30373539633630646339323930373737346136633465616535643439643134306430653062383664
+61313138376138373961376561303162616438663263653561363339396132393834373566663436
+62356331323465616134656237356434633830666231646434363664623139373737393830616338
+36353066613464353739336462623966356330653534366332663735663937306462393233383939
+36363066633563393463303363653631646464323937613234333835306139373462366661643961
+30316462636638353531336266633061663933316266303335623837376239633835663265336338
+39313334396565653262613736616536646461656438373839316337363963663135353261353133
+32373366366236353663393065306338373961636432353533386436666532313637306433373236
+38383037663037643763383465313862336334326637346338383235663061316232613365656266
+31616136373135323039313633373538353761663439323839313365313462663063373339623530
+61313731303861333631613464343232303763316462643935626366346130366531313631626630
+39636630663866336161623835666261366337376239653139613230616231353636616266663238
+31653466363530346262326630353661366635616162313733323032633736653362306665363565
+31653731343465373736646338383830393735643736646266323965356336393939366537386566
+35613561333834653834626233396133323337303439643432373931616237613439343665343061
+39666661353532326435373332393739356636636433623163383337663165613834393864303533
+32356336366336353261653235663666633335626331663964636263656136366232373838613962
+37393464376137663630333334363234393464313062353366656435646633653265616265383535
+61333061303633623065666366643037333139356465343932376664333163623532626331336139
+33373732613264636331623964393336383665613264343131613138386362386362343539346234
+30336237356436623262393139363538306530356530353237666339386565613931303131666262
+30363866393061663437633532356238383530363066623862393531366530613731393137343434
+33386434613632383066636638356161323837653630363830336233653830343261303933616565
+65313334633838663264623032656131646331613539666436343334663061313837353030626161
+63303362666662356235343065373231646334656565316564626234363431346664373036303333
+39343363346365323237356365323062313630323736323737643432353262366534653131313033
+63383638333334333361383461626361333766343861653538343562326366623332626131613136
+62643537636233383263656564306430386333346432353434623433373638366536393438333434
+37656539303736633938316462366230613131633936363034386639623330653535326264333861
+35616537623461316662636166613530373963316236393938363932616566333430613366626363
+66383139323565353830303466356233353066316663653732303534383765346636653132363130
+32303563353232616537613966663836623832383335646331616364353336313363313234323362
+66616136636533346339363563623734623239626230636565623338363861393338613337623530
+64626363343533303333626234326666623136333332323532383662663635633538313433303835
+34623134386631376639623639313164393033616664346338633033656630623436633130373665
+38356635396238613633333738326233663933666562356630613063303230353462653264393531
+31303736633030663761376134366631646130363139623465653661366335363830633566333237
+33376631343334376435386135653330343832353339313931323434303265343361336231643638
+66623539313162643337353432393865626538633265633363353830306663393233333962313636
+33333565356536376464653131376633353363316663336563323230326537613165353134366365
+61363030326334656139353938613531643864316434383266353633373735326562306239323961
+37336638663837333738313230316236346262326135346536343331356234313130353661383464
+35376236346366373363326138383430323132626663303138353938383263643665393839363162
+31366166613037383166313264373035663066336138623535313035303533613132613436313136
+66393764333732356333363462333366346363613262316130636235353361313731383839653563
+63383134643262636262666237356233393430336163613135623264633336396139646231363562
+34393031663961643562396234666437356665356331633834396637336264653265353065306233
+30393461313663313564373236663362353435393535306465353136613730333866636639633161
+30666566393266616134636264366666356438616632336661393639366635356262653832353633
+32623466303835633065613936373063626432326463336163303838613836646332643035653933
+63363630663161373039653330633631643638313036633537323364373739363736656231636535
+35396466373666353361366535366334313538313639663131336662386166316162326331373838
+34386232653930383133613164393435346661643466343762343463376537633036393366656164
+34366465613839623533363235343737333565326165633634386230323938646166643737333261
+64333139663463666432346461613033616539643463323263343563303361373539303834353434
+61306635323463383238633738303830646263663036396566336534623237636234303566643533
+39663462663063386137326630353164633561653936343665326665306665326238303230346436
+31633138303236666362306162663036386334623339656565353730643630396263363738306139
+64323230616164303638643263396432646438356534313433633536656432333738303038323266
+31643965383036326134653030333932323231313363336263656534303839346631636230323032
+61303033383932626238353466353631326633633565343065306561396636393835373966383032
+61363061653662373731313862326461373133343930393963343062623663633033323865323565
+62633736623365613631326464373662393861663737623836666532353339363232363630333662
+65333265386561336337353838353238316466336162393738623034376339653864393733643837
+38313763656431323261366634386331366262653838613036646633326464383565353136356566
+32313131313466613266643435663933646132646339353239343535363333393535346565383331
+32326566383337323662663438316639366139386433316639633463333661396337393837646435
+66313637653939626536326332306139393438333137323532316130636439313066383633396335
+38373062353930623661306339653234336135396233383965303861363535616633366666656562
+37336331316534656465613536313364346633393066323839393833393864363234356330663264
+65336263613861383837373533646430666539316638323966623761373633666437306432386235
+66353531303533323662613565363065356236383939623237363835616262326536373962343538
+30316631656465313264393932626232346637356531336536613561383434663934643432613164
+33313833613532613365393637323262346437343933353138623765626665656663306263393862
+39303865316537643063363665626465356631653534393462353830653931636563653333323733
+31343864333630366566613731366333323631313337636236653662613832626464626333363537
+33303762363332306266323538323366383863383033616563376231303937316163396638663162
+64386664313863636535366331646238626437353664313731346633353738343733626263666230
+30616161333061393061366430656330613737333133656637656664316265616365313436373939
+65653564326165303761326236343436326363383538613734303539363363316135653630666138
+38663333323863363163353838653765353937313166316230323961376136326438653866346665
+34306561356536663363666162643362316139313438323632366136366461663230613563613434
+37333838663239356236343731313430363232623633626364336664613839393036393566656366
+61616332666262336231363262333832613937313330373231383830343130323966333261353661
+34633661363731613430393262373839333863393730613730323866623837363936333039383535
+36353763313565633037393032386135376537343430363535376238376131653935366434346431
+33353338323935613638306234353963653438323031643735613035613335393834343961373037
+37653131333336353230636136633431333463316137333636363338333230656131346633326162
+33303635613033333730663162623965343230303533393065306539666439656361306634646662
+38616234326637393364303731303566363661633462393836633237353139616634373933356462
+66303864333133643238313061386538313430636231653265336463633437396134626238386365
+38646135363764373837376534386132616139396238373765316633336135396462646230396233
+38393432373736343236646364313037633032666631313462356164656465333837383037353038
+39343962646236363633323465636638656266323966393635373163323330613937656266326636
+64633666323061623266643939366630396237643731343531623031663363663963376336316334
+31323836366665386336313139613836353764343066633231306433363538393438366162376537
+38306436346662336262623832323964663138383262393262396366656465343731373135663562
+63316230366236376238346639613034656662623166306536303031313930343938363363626333
+35353837326134646535626164663762306431306464323230663763616465636435643064393830
+65663439343166376163346137666431653731313738623630623263643133353439363730623230
+34303265383164623530366334343066316361313533323831343833623634326661366532313265
+64333034636663383437666238346434313761366262626231666163373433343230623662653762
+37363234623932636536356565313062633131313334623364333262336561616334643534316666
+38623032376432616339343939646638303630326235316163363530326238306335656630336462
+36313234643064333737613661393164306263353438666334646164346430333665396665386436
+32643136323431303063306135363131373966343666616163326466656233386532383930343764
+34313536643663623031326236663866396165656539313461313933343035306336643631363261
+65333934333231373435376134643237343237636230386465663832363665333334316663303761
+32616133386637303437376639316261643938383563636433633035353138343137623838313466
+65643835643562303234373137323037643165393738366262633638323939653233666163646630
+31613863393832336663326266306430663864323031383161663762636535636238363663343066
+38306533663931623537363964323733666563663765656331306236353436646566343766313039
+37646334643839326531326132633433653030376437373734643038653732346335653161323932
+36616533346437373665636166313337353136616466383237396266373131353136313535323666
+63373034613961643531643936633566383231336166323762316539373334323134636332383232
+36383336656538386631393665336661393432373339323432636565613963656232623034656635
+63376161306631326632636232653831643636396365303762323661366166353539343939313561
+39616233643564656538303764366365326338303436303261656433313766373766383638333634
+66346464623565366530663163666339333636363463336564393034373564633565623535646136
+37613133346565363230653666356631343037636638343832663866613461333061313464373736
+37323563663634373931396232626436626533323566323463346535353362333262633764366664
+30373337666366313866656362613562656239653565613035323936383861663931616266313637
+31636631326630393834346237613965396534323366313039643566343133363537393632663264
+66366265623962353164336463373031323262323936383163613834643433616333306661613430
+62366464353464326636656234336433656633376636366139343338373161303965333637626661
+30336337343936356131303237393264363232653033363163363036376163336639353961343563
+35346336666335636266373861626465633733613032393438616434313735316132313665663635
+34326438316632346666636265633035383336336462656331353737623066313765373366396636
+37383366303764386566316261316232663163616234663966396665313138303839646262306338
+63363365333735626165373735333631363761663735356635386139393739313764623531326561
+61663936363437376261613266633163326366333730323063633436643037663631303537656363
+66633334623064643239336439613735333431363631333435373532316230623065316332336438
+37346336366466366335653562646265613033656466306632646566626666323337353336366366
+62346163383439363933633763376639386132313333616261346234343439653533333462663436
+65353165313865313635383538633432613565343136383665303064636434313135383236636436
+30626538303437623837343663396464666232393139656335613739356165616136316263323337
+38386537326132386264363066333730653863353430643633656533663262613963633231383533
+65623032356131313936623931333234303532626533316636633763393631313139326562616530
+37343965373835393564613630373632666437393738666633636536366135316336333565336538
+61636635633861353561353063666433343837313733653837653239393061313732373930323339
+33653965346230616336323766363434643030633166313562366561363963396663626239343834
+34663933373832666635643961613461643331346564323431343365343439626135613638343866
+65333732653366343032373833623566613865323539666463623163623937343338386632646330
+34393865333864343666376265353062383966653839316263376434636531366561316433373835
+63343264383465336439356565313130373736376532376538336533323134666565346261353435
+62343534313866343331346439303164633539336537613130353364353430323361383938323137
+38353862663730343234333566643936356562383632313238303166646438646435623765373362
+66323339656466653235346661353266383339616364613562656233653935653739323262353661
+35356338363035373066323238323364336438643839313435313163383935316163396335303231
+36303133636539316661396664376639653265376266366432326633323734313165356537656337
+61633835303735366332336134613733336534646531393265633437373862316262663066393262
+61646663363239633430363165346534386639383562316161363532396266613837346230323663
+33623539633637666362346332323833316165643436353332363038343436666536336461636130
+37383839393866386139343565373164626639326530666662323230373030333938393531326435
+61306436623362373363623135336139343162393236326463666664323465646436366561323331
+30396663643765396234346265353831623634343963393234306532613336353732373630363830
+31613561353464306363316136383463396361353933313239643732353335656232636230323539
+64316163316461666564353637626532363966313332353362383936643661363066353734666631
+62363562613362333436313534326135393665663930376535646562646635326236363163626632
+31376334336265323737326138373532323363393937303635373663653862393730646532616637
+34643235636165343063633836623936666564313566303861356332636130393635353438613637
+64303430653061356533373235336661363139643537633337386164303236613934313566643431
+65393664333233326565653634656566393738366566613137383436366638656561376135626364
+38303633343737633464356134616331366266613164386439346338373036666337386632376638
+62316566646539633961353865636165313966663339336436316165323966326561363166613134
+32373764333839313338353162326363373430393031333038646631333836323237643537376462
+33623836396536343335333665366561363737333864363963383836353234633739626466316561
+63346638316365363364316530656563343537326534353137396433646333626666313735366331
+31373465303032306636373437393366316639393065336336306130346234313038316539353037
+36333164306566313539633464373132643234306335633361386637393231306566333832386566
+35356661633535306531623961346635613730653566663536393234373839613961626632313837
+62363062346534623961373266363561326666316161643366386133323163636532363437623266
+38646464366463353162376635313764353338616439633566633862636238643265663465396161
+65333238623833346631653264336430656539623561353135353363326139323234376333346436
+31633365613730663133656532653937373334386335643138663666626230343339663232656336
+36613931623233303164646630363966353730643531356130643265363332386333313132343433
+37653233336337373533313839393365623532376439656537326439663864326639636462613830
+38323832333865613139336632363534616639313566303131326339353934396534336261333839
+63303730363732613037386265663132326264613435666138633639303761623361623836616163
+62663263376231383036663062376333656362303666383962333762653066396339393231636533
+37386538636635366463663434653564656664316230653836646639333736316434356339393435
+39656564333330393436336135656262363862353263613664643063633365336161366664353765
+36356232613234386265396436346130353763636538346636663234633237663133323066316563
+31636237643538376632663462626363386234306334303062343530306161306265633031366161
+63393830656333633864376335623231653230396635616331666236666661643330356135343931
+35356335323332346361666538343065643565333133393137323536363438326563313531336336
+39613330653331356436326437653936386531663037336539643165316131663435363766326435
+37316466666166303262383265653833633437313732363632636235363037326561353032623134
+6239663434363939386230356530333036656637303161626465
diff --git a/group_vars/linode.yaml b/group_vars/linode.yaml
new file mode 100644
index 0000000..2a249bb
--- /dev/null
+++ b/group_vars/linode.yaml
@@ -0,0 +1,33 @@
+---
+#dns_servers:
+#  - 173.255.199.5
+#  - 66.228.53.5
+#  - 96.126.122.5
+#  - 96.126.124.5
+#  - 96.126.127.5
+#  - 198.58.107.5
+#  - 198.58.111.5
+#  - 23.239.24.5
+#  - 72.14.179.5
+#  - 72.14.188.5
+#  - 2600:3c00::5
+#  - 2600:3c00::6
+#  - 2600:3c00::7
+#  - 2600:3c00::8
+#  - 2600:3c00::9
+#  - 2600:3c00::b
+#  - 2600:3c00::c
+
+dns_servers:
+  - 127.0.0.1
+  - ::1
+
+timezone: Etc/UTC
+
+#vm_guest_qemu_agent_package_state: absent
+vm_guest_qemu_agent_service_state: stopped
+vm_guest_qemu_agent_service_enabled: false
+
+#vm_guest_spice_agent_package_state: absent
+vm_guest_spice_agent_service_state: stopped
+vm_guest_spice_agent_service_enabled: false
diff --git a/group_vars/minecraft_servers/main.yaml b/group_vars/minecraft_servers/main.yaml
new file mode 100644
index 0000000..c64d7aa
--- /dev/null
+++ b/group_vars/minecraft_servers/main.yaml
@@ -0,0 +1,142 @@
+---
+node_exporter_machine_roles:
+  - minecraft
+
+firewall_allowed_tcp_ports:
+  - 25565
+  - 8123
+
+firewall_minecraft_enabled: true
+
+minecraft_worlds:
+  - name: vanilla
+  - name: skyblock
+    port: 25566
+    state: stopped
+    enabled: no
+
+minecraft_ops:
+  - uuid: ce962d5b-590a-46b8-8372-f3254ca52a57
+    name: chill9
+    level: 4
+    bypassesPlayerLimit: true
+  - uuid: cfb8c434-98da-460a-91e5-2321fa8bdc5e
+    name: totums
+    level: 3
+    bypassesPlayerLimit: true
+
+minecraft_whitelist:
+  - uuid: ce962d5b-590a-46b8-8372-f3254ca52a57
+    name: rcavicchioni
+  - uuid: cfb8c434-98da-460a-91e5-2321fa8bdc5e
+    name: totums
+  - uuid: 70f36187-6e2e-4c24-9dd6-1addc477760a
+    name: Vandic
+
+#firewall_ipset_bogons: []
+
+users_authorized_keys:
+  - name: ryan
+    keys: "{{ user_authorized_keys_hash['ryan'] }}"
+  - name: root
+    keys: "{{ user_authorized_keys_hash['ryan'] }}"
+
+rclone_config:
+  - name: mine0-b2
+    type: b2
+    account: "{{ vault_rclone_minecraft_b2_account }}"
+    key: "{{ vault_rclone_minecraft_b2_key }}"
+
+rclone_cron:
+  - name: minecraft-rclone
+    hour: 10 
+    minute: 0
+    job: "rclone --config {{ rclone_config_path }}/mine0-b2.conf copy --skip-links {{ minecraft_backup_path }} mine0-b2:kill0-minecraft-backup"
+    state: absent
+
+restic_jobs:
+  - name: system
+    repo: b2
+    paths:
+      - /
+    exclude:
+      - /opt/minecraft
+      - /var/opt/minecraft
+      - /var/opt/craftbukkit
+  - name: minecraft
+    repo: b2
+    paths:
+      - /var/opt/minecraft
+    hooks:
+      - minecraft.sh
+    cron:
+      hour: 11
+      minute: 0
+  - name: craftbukkit
+    repo: b2
+    paths:
+      - /var/opt/craftbukkit
+    hooks:
+      - craftbukkit.sh
+    cron:
+      hour: 11
+      minute: 0
+      state: absent
+
+minecraft_discord_config:
+  webhook_id: "{{ vault_minecraft_discord_webhook_id }}"
+  webhook_token: "{{ vault_minecraft_discord_webhook_token }}"
+
+craftbukkit_discord_config:
+  webhook_id: "{{ vault_craftbukkit_discord_webhook_id }}"
+  webhook_token: "{{ vault_craftbukkit_discord_webhook_token }}"
+
+craftbukkit_port: 25565
+craftbukkit_service_state: stopped
+craftbukkit_service_enabled: no
+
+minecraft_port: 25566
+minecraft_service_state: started
+minecraft_service_enabled: yes
+
+telegraf_config_d:
+  - name: filecount
+    config:
+      inputs.filecount:
+        - directories:
+          - /var/opt/craftbukkit
+          - /var/opt/craftbukkit/world
+          - /var/opt/craftbukkit/world_nether
+          - /var/opt/craftbukkit/world_the_end
+          - /var/opt/minecraft
+          - /var/opt/minecraft/world
+          - /var/opt/minecraft/world/DIM1
+          - /var/opt/minecraft/world/DIM-1
+  - name: craftbukkit
+    config:
+      inputs.procstat:
+        - systemd_unit: craftbukkit.service
+  - name: ping
+    config:
+      inputs.ping:
+        - urls:
+            - 10.255.0.1
+          count: 10
+          ipv6: false
+          binary: ping4
+
+minecraft_config:
+  white-list: true
+  enforce-whitelist: true
+  server-port: 25565
+  motd: chill9's world
+
+node_exporter_du_directories:
+  - /var/log/syslog
+  - /var/spool/rsyslog
+  - /var/opt/minecraft/world
+
+minecraft_java_xms: 2g
+minecraft_java_xmx: 2g
+
+# vim:ft=yaml.ansible:
diff --git a/group_vars/minecraft_servers/vault.yaml b/group_vars/minecraft_servers/vault.yaml
new file mode 100644
index 0000000..e512b2f
--- /dev/null
+++ b/group_vars/minecraft_servers/vault.yaml
@@ -0,0 +1,30 @@
+$ANSIBLE_VAULT;1.1;AES256
+31636365373462663962383861643161353262323632303936643232393865663838663563333834
+3462313431356236353765386634396464633864343462330a616231393633326461666535663034
+33373639343662396336616239396133626166663838633537303563616532633661363238333331
+6463393063323334310a363762336431376238656137373934623661353665336265373630623735
+35323230656662313737626438333862653938393133386532353531376161663730313830343136
+39643565623339626436313037323630376335623066383136376437386331633166636437393030
+31303462623336643437623965643236356163373164346533663263623338353866646437616261
+37633164353231353061383739366534643231306465633162353461333536396263393831616637
+39303866643661333737333735636465373562306334653533343732656233353661333634663230
+35616564303333353866636538343538396137333636383762613739616633353430386564643939
+33353133613032336434353038663266376264656336346537363065326430643635636338383432
+31326263333863346136373131663666323363343830653366616139393237393537626137363165
+33366339396130653463356561646464356264623363663239613833353033383464346134636237
+38356261313839623739376563613161313534346434393066356165636464313938353439383762
+39623436366262366463326639646337343637303837626636613361613565383464623361316331
+39633733663535323336616638336234323531656332373531356435363363656566663034613330
+61326565326361393033396130353137313965363539323533396537383734333162346365636138
+35623366316565343032646366333962636635613230623331393736363933323965623830323464
+31636137623064616534346431333538333231393837313830343962613738363261636364626165
+33313939383532623935643363616465613561353866623138366664643064373635386635613538
+66356465376432336564303462313435383365663231626361336364633132623039383130663365
+33333731356465646332623834663530396536336335343462343738383862633734666436353662
+32663366663264623134393536396439633764353937303733393332633135623233653065623761
+61323830323662623939386265303263356662643464613363343230636531343537333561646239
+64316630393466373066646262653332373038376561363166396436313737386165656563376265
+35353563656430616265326261656237383532643261633034363437386637633838333638313534
+36623337663330303465353061376136656161373465323131373636613933373838623466313965
+36333465386363363437653739323733633032396437376262656133643639653161643335386463
+3330
diff --git a/group_vars/monitor_servers/main.yaml b/group_vars/monitor_servers/main.yaml
new file mode 100644
index 0000000..428c881
--- /dev/null
+++ b/group_vars/monitor_servers/main.yaml
@@ -0,0 +1,419 @@
+---
+node_exporter_machine_roles:
+  - monitor
+  - stats
+
+prometheus_web_external_url: https://monitor.kill0.net/prometheus
+alertmanager_web_external_url: https://monitor.kill0.net/alertmanager
+prometheus_web_route_prefix: /
+alertmanager_web_route_prefix: /
+
+prometheus_config:
+  global:
+    scrape_interval: 15s
+    external_labels:
+      cluster: 1
+      region: dallas
+      provider: linode
+      replica: A
+  alerting:
+    alertmanagers:
+      - static_configs:
+        - targets:
+          - localhost:9093
+  scrape_configs:
+    - job_name: prometheus
+      scrape_interval: 5s
+      static_configs:
+        - targets:
+          - localhost:9090
+    - job_name: alertmanager
+      scrape_interval: 5s
+      static_configs:
+        - targets:
+          - localhost:9093
+    - job_name: pushgateway
+      scrape_interval: 5s
+      static_configs:
+        - targets:
+          - jump0.kill0.net:9091
+    - job_name: node
+      scrape_interval: 5s
+      static_configs:
+        - targets:
+          - jump0.kill0.net:9100
+          - mine0.kill0.net:9100
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: instance
+          regex: (.+):\d+
+          replacement: $1
+    - job_name: mtail
+      scrape_interval: 5s
+      static_configs:
+        - targets:
+          - jump0.kill0.net:3903
+          - mine0.kill0.net:3903
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: instance
+          regex: (.+):\d+
+          replacement: $1
+    - job_name: blackbox
+      scrape_interval: 5s
+      static_configs:
+        - targets:
+          - jump0.kill0.net:9115
+          - mine0.kill0.net:9115
+    - job_name: blackbox-icmp4
+      metrics_path: /probe
+      params:
+        module:
+          - icmpv4
+      static_configs:
+        - targets:
+          - dns.google
+          - vpn-home.kill0.net
+          - ping-home.kill0.net
+          - 10.255.0.16
+          - vpn1-sch.corp.nmi.com
+          - vpn-chi.ops.nmi.com
+          - vpn-ash.ops.nmi.com
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: __param_target
+        - source_labels: [__param_target]
+          target_label: instance
+        - target_label: __address__
+          replacement: 127.0.0.1:9115  # The blackbox exporter's real hostname:port.
+    - job_name: blackbox-icmp6
+      metrics_path: /probe
+      params:
+        module:
+          - icmpv6
+      static_configs:
+        - targets:
+          - dns.google
+          - ping-home.kill0.net
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: __param_target
+        - source_labels: [__param_target]
+          target_label: instance
+        - target_label: __address__
+          replacement: 127.0.0.1:9115  # The blackbox exporter's real hostname:port.
+    - job_name: blackbox-tcp4
+      metrics_path: /probe
+      params:
+        module:
+          - tcp_connect4
+      static_configs:
+        - targets:
+          - mine0.kill0.net:25565
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: __param_target
+        - source_labels: [__param_target]
+          target_label: instance
+        - target_label: __address__
+          replacement: 127.0.0.1:9115  # The blackbox exporter's real hostname:port.
+    - job_name: blackbox-tcp6
+      metrics_path: /probe
+      params:
+        module:
+          - tcp_connect6
+      static_configs:
+        - targets:
+          - mine0.kill0.net:25565
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: __param_target
+        - source_labels: [__param_target]
+          target_label: instance
+        - target_label: __address__
+          replacement: 127.0.0.1:9115  # The blackbox exporter's real hostname:port.
+    - job_name: blackbox-http
+      metrics_path: /probe
+      params:
+        module:
+          - http_2xx
+      static_configs:
+        - targets:
+          - https://cavi.cc
+          - https://git.kill0.net
+          - https://stats.kill0.net
+      relabel_configs:
+        - source_labels: [__address__]
+          target_label: __param_target
+        - source_labels: [__param_target]
+          target_label: instance
+        - target_label: __address__
+          replacement: 127.0.0.1:9115  # The blackbox exporter's real hostname:port.
+    - job_name: thanos-sidecar
+      scrape_interval: 5s
+      static_configs:
+      - targets:
+        - "localhost:10902"
+    - job_name: thanos-query
+      scrape_interval: 5s
+      static_configs:
+      - targets:
+        - "localhost:10904"
+    - job_name: thanos-store
+      scrape_interval: 5s
+      static_configs:
+      - targets:
+        - "localhost:10902"
+    - job_name: thanos-compact
+      scrape_interval: 5s
+      static_configs:
+      - targets:
+        - "localhost:10912"
+  rule_files:
+    - rules.yaml
+
+prometheus_rules_config:
+  groups:
+    - name: alertmanager.rules
+      rules:
+        - alert: PrometheusAlertmanagerJobMissing
+          expr: absent(up{job="alertmanager"})
+          for: 0m
+          labels:
+            severity: warning
+          annotations:
+            summary: "{% raw %} Prometheus AlertManager job missing (instance {{ $labels.instance }}){% endraw %}"
+            description: "{% raw %}A Prometheus AlertManager job has disappeared\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}{% endraw %}"
+        - alert: PrometheusAlertmanagerE2eDeadManSwitch
+          expr: vector(1)
+          for: 0m
+          labels:
+            severity: critical
+          annotations:
+            summary: "{% raw %}Prometheus AlertManager E2E dead man switch (instance {{ $labels.instance }}){% endraw %}"
+            description: "{% raw %}Prometheus DeadManSwitch is an always-firing alert. It's used as an end-to-end test of Prometheus through the Alertmanager.\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}{% endraw %}"
+    - name: node.rules
+      rules:
+        - record: is_dst
+          expr: |
+            (vector(0) and (month() < 3 or month() > 11))
+            or
+            (vector(1) and (month() > 3 and month() < 11))
+            or
+            (vector(1) and month() == 3 and (day_of_month() - day_of_week()) >= 8 and absent(day_of_week() == 0 and day_of_month() >= 8 and day_of_month() <= 14))
+            or
+            (vector(1) and month() == 11 and (day_of_month() - day_of_week()) <= 0)
+            or
+            (vector(1) and month() == 3 and day_of_month() >= 8 and day_of_month() <= 14 and day_of_week() == 0 and hour() >= 8)
+            or
+            (vector(1) and month() == 11 and day_of_month() >= 1 and day_of_month() <= 7 and day_of_week() == 0 and hour() < 7)
+            or
+            vector(0)
+        - record: america_chicago_time
+          expr: time() - ((6 * 3600) - (3600 * is_dst))
+        - record: america_chicago_hour
+          expr: hour(america_chicago_time)
+        - alert: InstanceDown
+          expr: up{job="node"} == 0
+          for: 1m
+        - alert: ThanosServiceDown
+          expr: up{job=~"thanos.+"} == 0
+          labels:
+            severity: critical
+        - alert: FileSystemUsage
+          expr: ((node_filesystem_size_bytes{mountpoint!~"fuse.lxcfs|tmpfs"} - node_filesystem_free_bytes) / node_filesystem_size_bytes) > 0.80
+          for: 1m
+        - alert: FileSystemReadOnly
+          expr: node_filesystem_readonly{fstype!~"fuse.lxcfs|tmpfs"} == 1
+        - alert: RebootRequired
+          expr: node_reboot_required > 0
+          for: 15m
+        - alert: AptUpgradesPending
+          expr: apt_upgrades_pending > 0
+          for: 1d
+        - alert: ResticSystemJobLastRun
+          expr: (time() - node_restic_last_run_time{restic_job="system"}) > 7200
+          for: 2h
+        - alert: ResticMinecraftJobLastRun
+          expr: (time() - node_restic_last_run_time{restic_job=~"minecraft"}) > 86400
+          for: 2h
+        - alert: MinecraftUnitInactive
+          expr: node_systemd_unit_state{name="minecraft.service",state="inactive"} == 1 
+          for: 15m
+        - alert: GiteaUnitInactive
+          expr: node_systemd_unit_state{name="gitea.service",state="inactive"} == 1 
+          for: 15m
+        - alert: MaintenanceMode
+          expr: maintenance_mode == 1
+          for: 1m
+        #- alert: QuietHours
+        #  expr: america_chicago_hour >= 22 or america_chicago_hour < 10
+        #  for: 1m
+    - name: blackbox.rules
+      rules:
+        - alert: ServiceDown
+          expr: probe_success{job!~"blackbox-icmp[0-9]"} == 0
+          for: 1m
+        - alert: PingDown 
+          expr: probe_success{job=~"blackbox-icmp[0-9]"} == 0
+          for: 15s
+        - alert: CertExpiry
+          expr: ((probe_ssl_earliest_cert_expiry{job="blackbox-http"} - time()) / 86400) < 30
+          for: 15s
+          labels:
+            severity: warning
+          annotations:
+            # summary: Certificates expiring in < 30 days
+            summary: "{% raw %}Blackbox SSL certificate will expire soon (instance {{ $labels.instance }}){% endraw %}"
+            description: "{% raw %}SSL certificate expires in 30 days\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}{% endraw %}"
+        - alert: CertExpiry 
+          expr: ((probe_ssl_earliest_cert_expiry{job="blackbox-http"} - time()) / 86400) < 14
+          for: 15s
+          labels:
+            severity: critical
+          annotations:
+            # summary: Certificates expiring in < 14 days
+            summary: "{% raw %}Blackbox SSL certificate will expire soon (instance {{ $labels.instance }}){% endraw %}"
+            description: "{% raw %}SSL certificate expires in 14 days\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}{% endraw %}"
+
+blackbox_exporter_config:
+  modules:
+    icmpv4:
+      prober: icmp
+      timeout: 5s
+      icmp:
+        preferred_ip_protocol: ip4
+    icmpv6:
+      prober: icmp
+      timeout: 5s
+      icmp:
+        preferred_ip_protocol: ip6
+    tcp_connect4:
+      prober: tcp
+      timeout: 5s
+      tcp:
+        preferred_ip_protocol: ip4
+    tcp_connect6:
+      prober: tcp
+      timeout: 5s
+      tcp:
+        preferred_ip_protocol: ip6
+    http_2xx:
+      prober: http
+      timeout: 5s
+      http:
+        method: GET
+
+#  route:
+#    receiver: pushover-receiver
+#    mute_time_intervals:
+#      - quiet_hours
+#    routes:
+#      - receiver: blackhole
+#        match:
+#          alertname: MaintenanceMode
+#      #- receiver: blackhole
+#      #  match:
+#      #    alertname: QuietHours
+#  receivers:
+#    - name: blackhole
+#    - name: pushover-receiver
+#      pushover_configs:
+#        - token: "{{ vault_pushover_token }}"
+#          user_key: "{{ vault_pushover_user_key }}"
+#  inhibit_rules:
+#    - source_match:
+#        alertname: MaintenanceMode
+#    #- source_match:
+#    #    alertname: QuietHours
+#  time_intervals:
+#    - name: quiet_hours
+#      times:
+#        - start_time: 03:00
+#          end_time: 15:00
+
+alertmanager_config:
+  inhibit_rules:
+    - source_match:
+        alertname: MaintenanceMode
+  receivers:
+    - name: blackhole
+    - name: pushover-receiver
+      pushover_configs:
+        - token: agwd6wv7xveakykb8e5rz7rw3eg2v3
+          user_key: 28G1x3lT4oUtlck50R1H3e6j8kDHjb
+  route:
+    receiver: pushover-receiver
+    routes:
+      - match:
+          alertname: MaintenanceMode
+        receiver: blackhole
+      - match:
+          alertname: PrometheusAlertmanagerE2eDeadManSwitch
+        receiver: blackhole
+      - receiver: pushover-receiver
+        mute_time_intervals:
+          - quiet_hours
+  time_intervals:
+    - name: quiet_hours
+      time_intervals:
+        - times:
+            - start_time: "03:00"
+              end_time: "15:00"
+  
+node_exporter_du_directories:
+  - /var/log/syslog
+  - /var/spool/rsyslog
+  - /var/lib/influxdb
+  - /var/lib/prometheus
+  - /var/lib/loki
+
+firewall_ipset_loki:
+  - 10.255.0.0/24
+
+karma_config:
+  alertmanager:
+    interval: 60s
+    servers:
+      - name: local
+        uri: http://localhost:9093
+        timeout: 10s
+        proxy: true
+        readonly: false
+        healthcheck:
+          filters:
+            dms:
+              - alertname=PrometheusAlertmanagerE2eDeadManSwitch
+  grid:
+    sorting:
+      order: label
+      reverse: false
+      label: cluster
+      customValues:
+        labels:
+          severity:
+            critical: 1
+            warning: 2
+            info: 3
+    auto:
+      order:
+        - severity
+  labels:
+    color:
+      custom:
+        severity:
+          - value: info
+            color: "#87c4e0"
+          - value: warning
+            color: "#ffae42"
+          - value: critical
+            color: "#ff220c"
+  alertAcknowledgement:
+    enabled: true
+    #duration: 15m0s
+    #author: karma
+    #comment: ACK! This alert was acknowledged using karma on %NOW%
+
+thanos_bucket_config: "{{ vault_thanos_bucket_config }}"
+
+kthxbye_listen: :8081
diff --git a/group_vars/name_servers/main.yaml b/group_vars/name_servers/main.yaml
new file mode 100644
index 0000000..50c4839
--- /dev/null
+++ b/group_vars/name_servers/main.yaml
@@ -0,0 +1,57 @@
+---
+nsd_linode_xfr:
+  - "{{ lookup('dig', 'axfr1.linode.com.') }}"
+  - "{{ lookup('dig', 'axfr2.linode.com.') }}"
+  - "{{ lookup('dig', 'axfr3.linode.com.') }}"
+  - "{{ lookup('dig', 'axfr4.linode.com.') }}"
+  - "{{ lookup('dig', 'axfr5.linode.com.') }}"
+  - "{{ lookup('dig', 'axfr1.linode.com./AAAA') }}"
+  - "{{ lookup('dig', 'axfr2.linode.com./AAAA') }}"
+  - "{{ lookup('dig', 'axfr3.linode.com./AAAA') }}"
+  - "{{ lookup('dig', 'axfr4.linode.com./AAAA') }}"
+  - "{{ lookup('dig', 'axfr5.linode.com./AAAA') }}"
+
+nsd_provide_xfr:
+  - "{{ lookup('dig', 'axfr1.linode.com.') }} NOKEY"
+  - "{{ lookup('dig', 'axfr2.linode.com.') }} NOKEY"
+  - "{{ lookup('dig', 'axfr3.linode.com.') }} NOKEY"
+  - "{{ lookup('dig', 'axfr4.linode.com.') }} NOKEY"
+  - "{{ lookup('dig', 'axfr5.linode.com.') }} NOKEY"
+  - "{{ lookup('dig', 'axfr1.linode.com./AAAA') }} NOKEY"
+  - "{{ lookup('dig', 'axfr2.linode.com./AAAA') }} NOKEY"
+  - "{{ lookup('dig', 'axfr3.linode.com./AAAA') }} NOKEY"
+  - "{{ lookup('dig', 'axfr4.linode.com./AAAA') }} NOKEY"
+  - "{{ lookup('dig', 'axfr5.linode.com./AAAA') }} NOKEY"
+
+firewall_dns_whitelist: "{{ nsd_linode_xfr }}"
+firewall_ipset_dns: "{{ nsd_linode_xfr }}"
+
+nsd_zones:
+  - name: cavi.cc
+    zonefile: cavi.cc.zone
+    provide-xfr: "{{ nsd_provide_xfr }}"
+    notify: "{{ nsd_provide_xfr }}"
+  - name: kill0.net
+    zonefile: kill0.net.zone
+    provide-xfr: "{{ nsd_provide_xfr }}"
+    notify: "{{ nsd_provide_xfr }}"
+  - name: kill0.com
+    zonefile: kill0.com.zone
+    provide-xfr: "{{ nsd_provide_xfr }}"
+    notify: "{{ nsd_provide_xfr }}"
+  - name: chill9.com
+    zonefile: chill9.com.zone
+    provide-xfr: "{{ nsd_provide_xfr }}"
+    notify: "{{ nsd_provide_xfr }}"
+  - name: chill9.net
+    zonefile: chill9.net.zone
+    provide-xfr: "{{ nsd_provide_xfr }}"
+    notify: "{{ nsd_provide_xfr }}"
+  - name: confabulator.net
+    zonefile: confabulator.net.zone
+    provide-xfr: "{{ nsd_provide_xfr }}"
+    notify: "{{ nsd_provide_xfr }}"
+  - name: ctrl-v.org
+    zonefile: ctrl-v.org.zone
+    provide-xfr: "{{ nsd_provide_xfr }}"
+    notify: "{{ nsd_provide_xfr }}"
diff --git a/group_vars/rabbitmq_servers/main.yaml b/group_vars/rabbitmq_servers/main.yaml
new file mode 100644
index 0000000..d872b87
--- /dev/null
+++ b/group_vars/rabbitmq_servers/main.yaml
@@ -0,0 +1,29 @@
+---
+keepalived_vrrp_scripts:
+  chk_rabbitmq:
+    script: rabbitmq-diagnostics -q check_running
+    interval: 15
+    weight: -2
+    #    script: /usr/bin/systemctl is-active --quiet rabbitmq-server
+    #    interval: 2
+    #    weight: -4
+    #  chk_amqp_port:
+    #    script: </dev/tcp/127.0.0.1/5672
+    #    interval: 1
+    #    weight: -2
+
+keepalived_vrrp_instances:
+  VI_1:
+    state: BACKUP
+    interface: eth0
+    virtual_router_id: 51
+    authentication:
+      auth_type: PASS
+      auth_pass: asdf
+    unicast_peer: |
+      {{ groups['rabbitmq_servers'] | map('extract', hostvars, ['ansible_eth0', 'ipv4', 'address']) | difference([ansible_default_ipv4.address])| list }}
+    virtual_ipaddress:
+      - 10.100.100.20/24
+    track_script:
+      - chk_rabbitmq
+      - chk_amqp_port
diff --git a/group_vars/stats_servers/main.yaml b/group_vars/stats_servers/main.yaml
new file mode 100644
index 0000000..a13959d
--- /dev/null
+++ b/group_vars/stats_servers/main.yaml
@@ -0,0 +1,68 @@
+---
+grafana_package_version:
+grafana_package_name: "grafana{{grafana_package_version}}"
+grafana_package_state: present
+
+grafana_service_name: grafana-server.service
+grafana_service_state: started
+grafana_service_enabled: yes
+
+grafana_etc_path: /etc/grafana
+grafana_config_path: "{{ grafana_etc_path }}/grafana.ini"
+grafana_provisioning_path: /etc/grafana/provisioning
+
+grafana_domain: "stats.{{ ansible_domain }}"
+grafana_port: 3002
+grafana_user: grafana
+grafana_group: grafana
+
+grafana_config:
+  server:
+    domain: "{{ grafana_domain }}"
+    root_url: "https://{{ grafana_domain }}"
+    http_addr: localhost
+    http_port: "{{ grafana_port }}"
+
+grafana_ssl_enabled: yes
+grafana_ssl_certificate: "/etc/letsencrypt/live/{{ grafana_domain }}/fullchain.pem"
+grafana_ssl_certificate_key: "/etc/letsencrypt/live/{{ grafana_domain }}/privkey.pem"
+#grafana_ssl_dhparam: "/etc/letsencrypt/ssl-dhparams.pem"
+
+grafana_datasources:
+  apiVersion: 1
+  datasources:
+    - name: influxdb
+      type: influxdb
+      access: proxy
+      url: http://localhost:8086
+      database: telegraf
+      isDefault: yes
+      version: 1
+
+grafana_dashboards:
+  apiVersion: 1
+  providers:
+    - name: ansible
+      folder: Built-in
+      type: file
+      options:
+        path: /var/lib/grafana/dashboards
+
+grafana_dashboard_files:
+  - connectivity.json
+  - home-networking.json
+  - iptables.json
+  - nginx.json
+  - processes.json
+  - switching.json
+  - system.json
+  - ups.json
+
+firewall_ipset_influxdb:
+  - 172.16.100.16
+  - 10.255.0.17
+
+telegraf_config_outputs:
+  influxdb:
+    urls:
+      - http://localhost:8086
diff --git a/host_vars/jump0.kill0.net/all.yaml b/host_vars/jump0.kill0.net/all.yaml
new file mode 100644
index 0000000..80ddfc7
--- /dev/null
+++ b/host_vars/jump0.kill0.net/all.yaml
@@ -0,0 +1,55 @@
+---
+certbot_certificates:
+  - domains:
+      - monitor.kill0.net
+    email: rcavicchioni@gmail.com
+  - domains:
+      - git.kill0.net
+    email: rcavicchioni@gmail.com
+  - domains:
+      - stats.kill0.net
+    email: rcavicchioni@gmail.com
+  - domains:
+      - jump0.kill0.net
+    email: rcavicchioni@gmail.com
+  - domains:
+      - dl.kill0.net
+    email: rcavicchioni@gmail.com
+  - domains:
+      - cavi.cc
+    email: rcavicchioni@gmail.com
+
+autossh_config: []
+
+wireguard_interfaces:
+  wg0:
+    address: 10.255.0.1/32
+    private_key: "{{ vault_wireguard_private_keys.wg0 }}"
+    listen_port: 51820
+  wg1:
+    address:
+      - 192.168.255.1/24
+      - 2600:3c00:e000:343::1/128
+    private_key: "{{ vault_wireguard_private_keys.wg1 }}"
+    listen_port: 51821
+
+restic_tidy_enabled: true
+
+nginx_vhosts:
+  cavicc:
+    - server_name: cavi.cc
+      root: /var/www/cavicc
+      listen:
+        - 80
+        - "[::]:80"
+      raw: |
+        location / {
+            return 301 https://$server_name$request_uri;
+        }
+    - server_name: cavi.cc
+      root: /var/www/cavicc
+      listen:
+        - 443 ssl http2
+        - "[::]:443 ssl http2"
+      ssl_certificate: /etc/letsencrypt/live/cavi.cc/fullchain.pem
+      ssl_certificate_key: /etc/letsencrypt/live/cavi.cc/privkey.pem
diff --git a/host_vars/jump0.kill0.net/vault.yaml b/host_vars/jump0.kill0.net/vault.yaml
new file mode 100644
index 0000000..a575187
--- /dev/null
+++ b/host_vars/jump0.kill0.net/vault.yaml
@@ -0,0 +1,12 @@
+$ANSIBLE_VAULT;1.1;AES256
+31636532353835333639653466626338653961343335623738346631646264356432626638363566
+6332343266313539393332353439666437373536383262380a643366376136666231323665363334
+36646636326666346163313961653235343533656333346662376338663564376536306638336236
+3864626562383134630a363236626532636138363761636661333065663539376166656665656635
+64653365646439313633626235313061646264666436653837343964373465303664323438363633
+63363633373065663865343138396134333966333438316664626439303962363039356135363562
+66646565323435626639376163396337366433636535376337636135383834346138663138646163
+39373361333961386466306464383930336637326465353938313339626538326564623739333534
+38363561383566393439353536383134363239653835373138383733363438666261616565346137
+62303436353566343832646264383437323762613163616138346134653238303562373336633866
+646138316531636237613063633163373966
diff --git a/host_vars/mine0.kill0.net/main.yaml b/host_vars/mine0.kill0.net/main.yaml
new file mode 100644
index 0000000..b1d229c
--- /dev/null
+++ b/host_vars/mine0.kill0.net/main.yaml
@@ -0,0 +1,166 @@
+openvpn_certificates:
+  client:
+    cert.pem: |
+      subject=C = US, CN = mine0
+      issuer=C = US, O = chill9, CN = chill9 Sub CA
+      notBefore=May 22 21:05:36 2020 GMT
+      notAfter=May 22 21:05:36 2021 GMT
+      -----BEGIN CERTIFICATE-----
+      MIIF+jCCA+KgAwIBAgIQc/QIYhesJteIltoVW79aPTANBgkqhkiG9w0BAQsFADA2
+      MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRYwFAYDVQQDDA1jaGlsbDkg
+      U3ViIENBMB4XDTIwMDUyMjIxMDUzNloXDTIxMDUyMjIxMDUzNlowHTELMAkGA1UE
+      BhMCVVMxDjAMBgNVBAMMBW1pbmUwMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC
+      CgKCAgEA6Hy3MAmQHNNLFOxs4KWQr6I/m+SLhsGGcLiwp8cxfxpjj6N0S/BuzaaS
+      rhKwFF0/BwlFzixUVUmLhEpxS+PCtRncPZ42XmnWn60zG1QvUnRh3o9viG0MB/8m
+      nkWFFn1Xxu5iwQhdGHrltj/f4gx1BmzwKJrsE06dMnmDfrg53r7YlQSbQQXUaCzu
+      rVc5IsZ60xuHTOke4MpO4qxjYH7BCjl1iPszUUDkOYu5/IbdbKcVq2zGszwRr+wn
+      v/qnzM8QX2BpHgckK09rxTuLjBXZpHof5HQgx47nkwRMQ/FpJ9VoIMfjJgatCJX1
+      TEi4KHH6+h7wNX1kuDTBGlZ+Qt6y7dQ6zPBh/1twfnb4G1BNGoY8h1/8rlBUZ7xS
+      thedf+8xRB4g2VPjvdnPf0S2Dc/9LRdIXNBdEORC7KvViAaa0kHhsnPgUj76/4fD
+      WN1BPdzc8cyhpim5ujzhMP+7UOORFGYR/PzVAG6/+cR8oJLV+xhSxYQ4mK98m5WI
+      moz2ByR4H5AJGJDCksRir8UWUlU1cvfaN0LUa32+nwfEYmePivDg9ZqT/pHNP3HM
+      vAi4CpHDISHDpcEOmvMqBu+WjR6RXsJgIOAWve0ss52RgDmRnLKcEPO0JlSclnYP
+      aQ7Wd1U8tjSQ0eVFpZTwcSgJa/qlWAPoZKeEu4ZP2f2fOyIt8ikCAwEAAaOCARsw
+      ggEXMG0GCCsGAQUFBwEBBGEwXzAuBggrBgEFBQcwAoYiaHR0cDovL3N1Yi1jYS5r
+      aWxsMC5uZXQvc3ViLWNhLmNydDAtBggrBgEFBQcwAYYhaHR0cDovL29jc3Auc3Vi
+      LWNhLmtpbGwwLm5ldDo5MDgxMB8GA1UdIwQYMBaAFJOG08B9HQUbJGvNpVWmdE9h
+      W+klMAwGA1UdEwEB/wQCMAAwMwYDVR0fBCwwKjAooCagJIYiaHR0cDovL3N1Yi1j
+      YS5raWxsMC5uZXQvc3ViLWNhLmNybDATBgNVHSUEDDAKBggrBgEFBQcDAjAOBgNV
+      HQ8BAf8EBAMCB4AwHQYDVR0OBBYEFJgxGGFAhajXuZjJXBmyUTqcYmMZMA0GCSqG
+      SIb3DQEBCwUAA4ICAQBV1xYKgGLHg+JuHvKruwV1c0pSvlk5Z+NH0xsras7z1piV
+      F63/TzBJG5HuE7UXBXuEtG1venO/x6HHDEMYnxetHGwk7FuOuP+T/Nz4htupHe9/
+      nwITmBjOp6znf4s/3DiJL4z+XSx/HY4GjRt2g5sfDYYYg8sidABJDjKD9Rz5Gdga
+      gqF7wIZreCpwHzuajoo+AkcrKxzraOxXPkWlKMqJklNGhg28jHu/U99pcH5hw3Eu
+      gEfuBvYTp5fEGlKXb8U2kBRguaZh2iWxZqqnC6ECybIeMK3Sf+6lMA6VkiZT8Rzi
+      /BCHCjEJq0PuMFrQk9z9+jGJRst3R9i9OH6MAkaVD695C3TK2xtPo5U5DcMhq5DY
+      TXbCMkwLBnaPr9vM/XdD9pTlnMiMaPa3ZB/k6ianTADuSdqBZgqR2/h5URUXzyFz
+      L/rcl90WhTm68K8O6yIKAOMC2udTArvPHbvBMPtTPFoT1sFSn3JIOSiLS5fvGWv+
+      eyFwTgIJbfCDR/aNxl7u5XZ/RcoOMifYSwEufsZtsEJi8/QvSr//L03Pdhz/kDaK
+      rVZKRytoGoJM1A1ydMhcFjmwdxB/n6j6Kg8Eve4O7YDVYHOkfbPUM19BVG4snIMl
+      lKE0IC7wIfa/gHWKxRt/QBaojwQEbViILR2QZ4PXULNVSrNKeRQouZyfbXZdUg==
+      -----END CERTIFICATE-----
+      subject=C = US, O = chill9, CN = chill9 Sub CA
+      issuer=C = US, O = chill9, CN = chill9 Root CA
+      notBefore=May 17 01:19:29 2020 GMT
+      notAfter=May 15 01:19:29 2030 GMT
+      -----BEGIN CERTIFICATE-----
+      MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
+      MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
+      Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
+      BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
+      ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
+      dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
+      A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
+      km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
+      t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
+      Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
+      vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
+      gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
+      K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
+      dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
+      pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
+      e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
+      CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
+      LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
+      HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
+      /wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
+      cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
+      DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
+      bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
+      BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
+      x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
+      TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
+      TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
+      jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
+      EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
+      uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
+      F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
+      USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
+      ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
+      qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
+      utoYQ7uVeeWbAD+clJpc2kky
+      -----END CERTIFICATE-----
+    ca.pem: |
+      subject=C = US, O = chill9, CN = chill9 Sub CA
+      issuer=C = US, O = chill9, CN = chill9 Root CA
+      notBefore=May 17 01:19:29 2020 GMT
+      notAfter=May 15 01:19:29 2030 GMT
+      -----BEGIN CERTIFICATE-----
+      MIIGnjCCBIagAwIBAgIQdRhWyOcUQ+uIEypQfJLvqjANBgkqhkiG9w0BAQsFADA3
+      MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
+      Um9vdCBDQTAeFw0yMDA1MTcwMTE5MjlaFw0zMDA1MTUwMTE5MjlaMDYxCzAJBgNV
+      BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFjAUBgNVBAMMDWNoaWxsOSBTdWIgQ0Ew
+      ggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCsP549Xs/Dzfw3HHGhDlIT
+      dFun9cqsCmyaXJSMOFZqZSyGJg4WASJRW797lnQlsOfLk7x8fR7I1CkWF9x3KDVi
+      A9MvJTlFgdYGF27LNGP7zo3ZNB99oA+NtHhoIhclprzT4qmHSk6tz31uJV42jNBH
+      km3m4wqH3NlqOqWbkw8nC9yF0/qCz1UyG/wSIQr3UpN5c96WWE3Bt6rKW7vEZ//i
+      t4nDzRV+pttv5O/L5DQdhG01NKD0XxH0q8SocdTPIsDO0ZUQwVFYcxJYB0pPab8V
+      Uk4+bzb8hN+mO2vyO5DK01efiNVfMZ7NDxQXvU6cMs4c+S/BtC9PWO0hR0hJm/hw
+      vg1RdhyfOVATVfviiEG8YQdl8sIHk3qYGdGJyrZHIOlssgnKdeGlLHbYXtHPFAk/
+      gvZMtR2t0VKXVQR03Yz5llF9okKCAbmHmntLFcM5hHJxEl0phqbLLcBh+130Qb7q
+      K/CRSHnPfzL04KW9cw5b0cNOn728M5Fj2Q8IQvY5m0NYDbaZf0qF34OyixtGIE8n
+      dJupLDSp6KkHlrIfedpgNwi16y5cy4Uw/aTCGcIO/WZZO6Q59R+xlobw8VQc4V/i
+      pqSiQK0wEuDtq9uw7r+GV9BDoxfmbHygeKFV+Ee9UXQ/FMPhItSQTMlFhrci6U75
+      e+iOnmh3AkldPZ3Z6TpfsQIDAQABo4IBpTCCAaEwcAYIKwYBBQUHAQEEZDBiMDAG
+      CCsGAQUFBzAChiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQvcm9vdC1jYS5jcnQw
+      LgYIKwYBBQUHMAGGImh0dHA6Ly9vY3NwLnJvb3QtY2Eua2lsbDAubmV0OjkwODAw
+      HwYDVR0jBBgwFoAUcUb1TFf68x7gTS4RnYurKV2YeRswEgYDVR0TAQH/BAgwBgEB
+      /wIBADA1BgNVHR8ELjAsMCqgKKAmhiRodHRwOi8vcm9vdC1jYS5raWxsMC5uZXQv
+      cm9vdC1jYS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1Ud
+      DwEB/wQEAwIBBjBzBgNVHR4EbDBqoDYwC4IJa2lsbDAubmV0MAuCCWtpbGwwLmNv
+      bTAMggpjaGlsbDkubmV0MAyCCmNoaWxsOS5jb22hMDAKhwgAAAAAAAAAADAihyAA
+      AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAdBgNVHQ4EFgQUk4bTwH0d
+      BRska82lVaZ0T2Fb6SUwDQYJKoZIhvcNAQELBQADggIBAENgGWgn3geR6Ciz9YsE
+      x4594ew+JJ9uiiPoHSUxw95NuVa2WpB1/UZoL93lm3sEqqzR6FYEeP5JWuvlrw4Q
+      TJpzXBo/0Ik5BX2eTcW1HlhXxHV0HnzjKd8eldxDsY78ve46d9DfHLYk4zdn7OVj
+      TLVokJvbL9jEIOfH2OJu8Ow+5jNmKQzmv4aNmG9RHoqDkgBmRgbrWJkhZ9xVqSb4
+      jKBDsNovLkkW2Xm0RxJVc9B3sE15aDq06UeT1BfCXL7xH1ABjX5tV4LegJUsaTlU
+      EMOyXYdxoEnqKw/f7Qns/lsq6Gzbx+RDXnShBPsrJX/TTcqc/KETu1z6zwxnb4PO
+      uwK1VHUcOB27hA6STfe9HqiJwdSSQG1aFmk+nCN0IqeC7oXS8z27Lbjzx182osAZ
+      F7oLtdctWav9sAo03M3MLapdgzM66weNzdfw7z6vsxE6qxB+4U95IplVAaWCqFfr
+      USrr4BmYi6yD9xbGT8f0diQ7DsA0ki8QPpZD6bzlUoO5pZ+qv49wFh+1wb4gjEYi
+      ReBLvIHjVYL1GPSR1vrCzP+/i0Rhc+8sHgC2lpuUj4E2swBBuHhUsgSpaCcvV5ID
+      qCBR4ak3EYuWzKYJCakhauIW8G7QDhO1XuPKqOk93qRpwZveUFMQjDa2xDEElxZJ
+      utoYQ7uVeeWbAD+clJpc2kky
+      -----END CERTIFICATE-----
+      subject=C = US, O = chill9, CN = chill9 Root CA
+      issuer=C = US, O = chill9, CN = chill9 Root CA
+      notBefore=May 16 17:36:20 2020 GMT
+      notAfter=May 14 17:36:20 2030 GMT
+      -----BEGIN CERTIFICATE-----
+      MIIFOjCCAyKgAwIBAgIQdRhWyOcUQ+uIEypQfJLvqTANBgkqhkiG9w0BAQsFADA3
+      MQswCQYDVQQGEwJVUzEPMA0GA1UECgwGY2hpbGw5MRcwFQYDVQQDDA5jaGlsbDkg
+      Um9vdCBDQTAeFw0yMDA1MTYxNzM2MjBaFw0zMDA1MTQxNzM2MjBaMDcxCzAJBgNV
+      BAYTAlVTMQ8wDQYDVQQKDAZjaGlsbDkxFzAVBgNVBAMMDmNoaWxsOSBSb290IENB
+      MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAswTensn+vA45WGRp3o/5
+      LX+wh6PTHAGNluLaZRyUNOg+EunnXAvMBF912D587wLAiC1G9FGOn+8JVws2QITX
+      +U8Y8L2vhnfGQNCQYvqBfJc5PJt3ZZ35to5tdTRJTeVhNWzIA7qOZh8ualFbCDYd
+      m6K74SlfEbvKzS02pYWN6wCVXtGOPl7VoOtjg8cOUX6u1pZpBKQfzq3lgLS2oMp0
+      VuBJeUMiki/O8nCC10VCXcZ9q4bsUvWH9lJB/IqlKt+bG9TjO+vigb9eOSfaILkM
+      d7NMziP5OQXMjv6NwmJQY7N5TiKWdh9h4G3KS41dr2Oeo+A1FcMEP9nkZb1lX3Ft
+      9Xzw8jJ99SD36mCEiqndvKA66/pcgMCvPAkkDwoSS+Er4LPcNmY2TVN+mIaF1OaS
+      Dc1EAXUfjnX8mZlclS/AfCg8TIPCc8o6Neg3DECT2j+IC9bgeoLqZLIuzzLNFrG5
+      aPNhG+24phHqdZvAkdhHWeEh1GS5uMutvV02hF5MrZLz8ou+56feFpUmeuPzQAfR
+      0Xbz0ot2JdETmcCTcmZBQ+9oP5DIszJt85wCHJ5S5FewUzsXJs1MQue3NLSM5FBS
+      hhOq+w6Pp64aaGKKyPi1GeZ1m31sM6w1yFVTQsqqy28GSjd/fQu55ESQ1sM0UhIo
+      DCUBbNPxycJGh9Ivxii1RqMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+      HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHFG9UxX+vMe4E0uEZ2LqyldmHkbMA0GCSqG
+      SIb3DQEBCwUAA4ICAQCC1jksFZp38JTGFIrNJJ6PgI6xXigtD2Z3KstS1cAIJi/P
+      /3NPu8iTgoyhNiq7a20tojPJGPlumezy3R5twA16UCq8guGFVEEEkJX+wOM0T4p0
+      jwtcMOeA6GchzS3+u74kk8oIvvw41K5gU2VU/W2axxnejt/HQMAYaMsD/zcNPXrP
+      oHAgEP5i7G7fX0FXqERnLU9lgbtTTTuszBnZHIdaUKSoK0Oji46y15pEdhxkVB6t
+      /BiNPAYM1Pc/Hi366eb6yuY8eJCK94QMQBvYpIjNwThAKclFh8n62KF6gXqj7Hcu
+      UQr1Z55KOuAlAM7fIBsqL4G2Ihs8yBeJe4YZrkdBqBzpJwOYNj7IsUnxgXYQpkVQ
+      u5coTbrB8w4Mw8ak+L2McMAYhG5FIndy9GAFEEanrmyiHJW96MHqTD1xY9TyvdN/
+      Kt/lsYt0W/y6jknv7hU9uP4X/xkZk8z1D+m4jZHRQpnUPL1eSOUPSJ0t+68GQUVJ
+      NJFmTx/qv1/9lXNy40jecX6sO4ZPLoQydMjwRmSerxki7MP4gxGNuBEpOvoj+ABM
+      MBlD7BhUn5++BZQOLUU+JYr5kNi0WmFFN1v2SpoMyDydTgA+cJsS/TiOeMrY9Szs
+      ZEFa3PSiA1fP03SRKC9tqjc7d6vQU0fE93wzcUCgyyf5mln6NV7cxOfDJNO8gA==
+      -----END CERTIFICATE-----
+
+wireguard_interfaces:
+  wg0:
+    address: 10.255.0.16/32
+    private_key: "{{ vault_wireguard_private_keys.wg0 }}"
+    listen_port: 51820
diff --git a/host_vars/mine0.kill0.net/vault.yaml b/host_vars/mine0.kill0.net/vault.yaml
new file mode 100644
index 0000000..539ee69
--- /dev/null
+++ b/host_vars/mine0.kill0.net/vault.yaml
@@ -0,0 +1,189 @@
+$ANSIBLE_VAULT;1.1;AES256
+62393037616134373462303762386538343037326532666432666664386461616265346236393165
+6532336638376637656132623039616665633866303639370a643466346332363464636134663665
+33383432353735303465353665393136313733313764333966313536366337326638313361353963
+3232343939393333390a303963363662386566313865396239643137643735366131313934376663
+37306334626165333630656137306233366232326535383434636231303239653062303865383834
+31396365313336356534316332306265623134333839346432366235366130333461353435346238
+63303163623163303263653536333537333635613839356566396533396633303262363061613132
+31656136366361366363646632666664373436313834383137323037653931323430386364343931
+65363732333436323035656465323335396130613562306436356135373862326232333735393433
+66303666663336636661383664373431373433366534643335343139623336623636306561306337
+62353939376162373165306665376265323664303534663034666233633734376235616630613939
+31666261643564646438303333363735306261353738616537306365613164366436393461613862
+39633165376633363731666235333765613563613065653836363532373966306630326236646665
+32643461343230393166366334633665643463383935656331353431343764373535366465326239
+63343131383230356234393732396232393665303734636230643338373032383731373366633538
+33636162306165653365363436303839316465376233383738376237656239396432333038333431
+64373039393636316461623439336364636466346533636663616663343264373365323061636238
+65633138313930376532393635616165326132316434616232663234373331336630306661383962
+35623263663666663665336565376161373735616532363664373936373635643032333162303730
+38316166306164323134323039336464383839303566393564343162366239326265356262666465
+62653461393366373037386433623362663936353738646633353263663235646666646464663661
+30316230643764306236656139643363663532336430366239663663613536316365326437323062
+32323937393230316263386234626336653663343636313764653234373137656434343134386332
+34376630313462653336376133313338643265613066373363343365316339343234653837633935
+34636632366661636633376130336234316134626266303734663039316534303837373239633533
+35633331663065663664373331636137666139333537633539353264633638383338653061633737
+38363162393832363833343532343634623738326431616162366632323931613163326237653763
+35326130393762363634366237653836656361396332376265653431313031353539633437303837
+35626335653230386163643061356139373731333630623231656533366166343038626665623933
+35303935643964656139323938643438313161366430303861626663393635636333383261643837
+61663464663239666537616233383761353866633432343965376364316636616530393733313938
+62396631626566396231306230393535653732646331623164333032316261646334383763343063
+63643361323834383838303134386635663430363935396135663230633037353161326133313535
+64333664336331316662666461383939653666613530666161623035363065313834326437373638
+32663838373432653030333961383538393164386663333937636566613036363266613536396330
+62303738643065346364633430323838663430666231353135396238653762656234653830373966
+30326537303564616130386464653165336338343033396338396538336132386363373662396564
+33366135303662663735393337636334313433633865376461343065663466616664343338623430
+34393538326333646338313439383666653564656264333562363532636439393934623564313530
+64643733333837333039666237366531346233333636386264363261646333393962643736373932
+61313262353936393736396139643064656436366565633566353430373630613965373335313762
+35636163613563666235353531396333323861326137333136616365333232333234623434656139
+35663666323836633430616362353362396534316661363565376264633132623833363333333362
+61653839326665353739353165366430306364663031336530393231353166663834363166613136
+65653934653866373932303262383434383034663734653139336364323364386231323039643966
+33393862356365306266616534656132353262393834613836393764356362303762333831326531
+39306363636130636565326433353430373531336236633838633133333233316564306537306235
+33663835646434643134303631386262343064613334626662373164663139396161373933626334
+37663134356530366436306164366564336363336261363265613732623033323732383962353465
+34383530626531666466643164626530366135313566313634363038333335636563643138346437
+64313431613635373433353663343236613732636263353761336166333038303232306437613463
+39323438386339633566373162653334326162313730323563323930373537333164303562653238
+62636434326434663565346138306630643466386435643865656666613835316164663236356432
+65316434316161373366303264353561303232633332383564323438356564313530343665346662
+36313463323663663962653863326132626236626566313337306534343935666662653437313936
+38646164393038356636633336366661363537386161613861393939376134363063643938323564
+65383337373936356230626666636639636665323132313736666133313530633737666231636530
+62303738313262626332643936303162376563633863303336613539306461613037653535373966
+63303635333237623232353838633033316666323330343736313833306664353330616435336235
+39353433653462653631393634313039396431333630363934633065313061353631356131656566
+32353066663030313536653639613134303238643332646436663666633432333439366130383832
+30313335346237343363653330383164303533346538653861323938303133653235376537376433
+35643732666364653532346338383562393733346633333138653433383234323166633435336439
+63343761386535656435376435326630363733633531633331393565333966626330303939336462
+33343766613865333434366535323261313961323762306434626562373561343636366163393731
+33343335376636653638376336633939626431343835613538393333363563616164363734316361
+39316230376336353531343936383465323463396161333231393533646133653731376561316166
+65353238396462633564346462313836613538313864613133356336343161626538356165366438
+37353534626133316539313736323037623635663431353330373131383334643966353433383330
+38343937363434623339613166353339313466666161346331643631303636373132313332643334
+32623437646439633065393464326135636464343765666533396365396266346332383032303861
+64376530386637323233393030643539376238616433343065383034356331336436643836666566
+65656563653133633665636633626339613937646430393232356161343665653362336464633062
+63323130393061353338383763356237313236353539306230373461663261613661373834623130
+38326164363231633364306161346339353966653436346166363630303530666263643933383262
+33643661326462323337623534316263323637326137383936303934336130343130323165373738
+34363137333661666333303963303661313565656135383161306536346631373563653763333738
+63656131626434646162366135396132656564306166626366373131653630366434333639336138
+61363630313561646661613337666335353437343262333865353562343137363163623733343062
+64353162313037356330343735353238396162666333666338343835626164383937623638353138
+65623765383838386366373266363236653662376539613236383563643137373336653636623762
+61333464633362363338363862333139343661623038396432346665613566303761363037346133
+32633437643164373039613231333537306537373037383036656139636534386635613666636333
+62373066616336353837643763383435336232646563316365623962646661363962343532356436
+39343061633637633334633061646365343234623761303737363533356130333330366432303839
+31333931353761646535356534323161666365303535323862326533633135353331346461393764
+61316632656138363839643362653132353663336433396464653464616433373339383164363038
+37396639646134323163323930353931313737383835363732636236366238366237313833373131
+33346533323830343736366435646337333637303433383561663466346139316566633739363032
+63316436363438373864363536373663393130313565303538646239363432393266303662386539
+36656631373133616130663031333565633337356237313265616163396330316462373233326663
+33623937323366323335313030623833626239316463373864346431313235356634653862613966
+39343830313535333333343362393938376639626262323262383333663538656437353133303038
+31306566623537353533313463333066353561313462373136616464356532313835353834383039
+64346563373830373134313662633961353632323366636638346239633639613034643730383231
+65666336353230303939643963373934663863343366663864643665383432326538303866396364
+33313664313965313732653831303730346535326130396232653061613766336335316433663333
+33366365396337323263383764396130343262663362333066356434613561376461646531656164
+63303762623737643937383562313732353866616566373061376430333731386461303164366232
+35656166343262623437393039383939306234333366626465653734393962376133316532333239
+36616635643132643534343062353764363462326261613566323362386435636431333130386166
+36623961333066353231383466626633363835656634613863376666313463383939346364636438
+64653038366265363264383638333834626132336430386261393462616631343936323361336566
+39363135313364303863326662663565306565303732373965353763346631316431303663316166
+66306336646633646131373436373037613234643861656332643864353363316564343530316137
+35353262626130376637343137356564343662633738346461353033396433653538363835396265
+31363636323264353961393639313665373666633865393866333838336233616137363961386237
+32616239613863353564333061626436383862333563633136303765383863633634633665623136
+62643761636230633037643061386630303936613864346366346363346163663931333365363235
+32636133663364376265376334326132333533383830393362366436663062656335396563633566
+38366464336136396335366464363630373131363634373764386134383935643632333761343033
+34356337623563623539396330643866386537636463643235626465356231373233633430386163
+37656561613131613339643665656135363830626333313434656333343832666137323961656165
+63333532643463383865663361346661613437646566373735366339393637636130343633396466
+34333861633539623731336430376664663332303331363836386465383062396436646533633835
+38306538303063643938366231356261353138316534653637623433656639363032326262363238
+32643836353962316665323335313838623638663333386136323337656331333734633337626333
+37366663373766303061356333623839313734613765326538393365663162353066666135363333
+65326530363739356533646337656132616236323261303734373133613361616534663433313636
+64343333333163316363373861656639343838643837656135666266623332313437353162636431
+37373565613666356637656430643937613138633663303666313630316331636230343339323433
+62656238363330393366623332363964333361326638613734383433653833613334656433343536
+38656431666361386136313736363661653333623364356336663566356365633764633930656163
+39396533633066393337613661306135633232366137303166386639373538336362383161353230
+38383261393437366266343635646265323561666437393334373037376533303335663239316363
+37383334653361653336323434393034396232303363373835393764366235653334363632313364
+37336464363639663565636236613435393036393464306465306431636466306436656238303739
+61393839663365353437343235666361623733333762363739646361333863373331613466343165
+37633839353231383435326232323232306631646538393937653134663465326165353230326463
+33306234626432323137663139623165306165636361333031636665653339323439303532373865
+64393439383833316233333536633831313336386664333239633866383833353339353239346266
+37663339663737353565363635636137353937306434373438356337626565353736643637333839
+36666664633935396161306236613962363263343331326664363666613863396231653635626661
+63383836313738613561666566306534626230626334393334656163313239373165633135323338
+38333239633131306239323634613633663964383832303336383864353930636333646565633539
+32343031366632316163623364636261376364646161393062643137363533306338313465376637
+63656337396238376462333665643032643137643132383365613937633938363065636631333036
+66313435303131353362313737393636306563623036666234393533653563393835326332666131
+65316461393333336461373364356262363732653866353066323864383963356365363638656336
+63653062376265616461636332353238323038636337383137343133386138643161653831393831
+66643239643262643338666433636636303031643266343562303561376531633533363935386461
+30363730626437643966636363636333613139386137633463306462363536333164333934306164
+35353538326239303035343231623535613537383139376365623933323237303733363534373732
+64333762623531373530656161326566353363323735356666386361616339323232346162316363
+63303165323031656539623432383230653861376436373665613434336538653131363937343535
+35653265323236303863353033653734616231323333326465393239313035343063396434366231
+65646165616465376165383635316163616162653338383137346166316465333935383130323130
+61396232623138396333313836386435663462643463363962316461633932376466366633343661
+66623461393035626635633865393131663633666361316264396364353064613631316564383063
+33623163636436373936393531353135323532626666386465653035396439653138633336313339
+62623137643937653939303436383837643336306332353262366564323133333165626230346163
+35643161333562306137363938663534643930363263646439383965363739616139333734326262
+37623033333466306566356639383638303138343433376434396634323434626137656435346562
+35336339363136626630353365303430323330306363353230386162653462623162653564633239
+32346665633634383563396131383334643863623531383164613035633763613332633062393932
+64656366333132383535333365363161303930333763616636363764306537613965643062346630
+30623065303066363737323838336563386661633161306534616136363664336564393430393939
+35333833633164383338363536393033613361643562383238363466396631633632643636653234
+38346163656266396266393664333633646264333936386531336131356231326262616562356465
+64653637336532343634663562396233326163376362316230383662396139303830353763383835
+30623364376264303435643334633331343662663439393437663663333238313838636565303663
+32326263316364363265646262666638616635663535653135313532663362316637323332336264
+37643165333439613562666132613066353564323162303766393331333139636137316632356535
+64363737313065333638646431626561646239376661343562373934663834376237633330633665
+32343933396338653438313766326231316666626438353636336535633266666265623132333034
+65356233623862346438313537343431653465353735313431383433393233643739323237323762
+37336139393033383932646336623065326232653434313732666463643731316231643265373263
+37656665323831346664613462396161636335346430313438653864643532336637333231376633
+33623930333236616236363039646162393030613935646635363333336363643930356362336662
+34663739373266306162333637623066383335313839363465656463386261316639363636326135
+38303732373838666535643666633564373735356164373236343761376131396265343930643235
+38343030383330343462633239623032333865313034613664393136646437633138663862616336
+64663465323538333362313539313566373735343634626634663665663133393963366534643630
+37343733633438643666613237333335633161326431303933323662386432653137396663343962
+39323162313363643432393335383033653039653261356235623137633434306439633434386539
+37363663663233343337626639656437313338383736323736656664396431373965613639326338
+66303364323266333233663837643665353762633532373731383163346363396439373233376639
+35383764343833663164646662613262643236303438393862396330306539313732363465366338
+39633738653462633030316466643530666538633437613161663666326164613332386536643931
+30636262623633343265623535373062356561393730633130373364643838393962653462333134
+30666263306436383436623135626162623163613730376161393161653936303432376237346639
+65616437343865633964613761656338323630393332393034643537643033613237393336313836
+30643531393038616364373731643962383136366165353764323431633934616538393363313161
+62646365646233626262656331666130306534386139333134306532346662343133346536393339
+65383263663932636334343862663366343661333136336337633366356161653432343239613133
+66643331376262616432653666323065353931663363656266313664346338323336383030646634
+39616164366365616238333437633436633366613238626461613661326363356235633064346264
+66323761383335636135
diff --git a/host_vars/nal-hutta.yaml b/host_vars/nal-hutta.yaml
new file mode 100644
index 0000000..97c20ff
--- /dev/null
+++ b/host_vars/nal-hutta.yaml
@@ -0,0 +1,22 @@
+---
+#network_interfaces:
+#  - name: eth0
+#    address:
+#      - 45.56.123.101/24
+#      - 2600:3c00::f03c:91ff:fed5:eeec/64
+#    gateway:
+#      - 45.56.123.1
+#      - fe80::1
+
+firewall_allowed_tcp_ports:
+  v4:
+    - 443
+    - 80
+    - 8186
+  v6:
+    - 443
+    - 80
+    - 8186
+
+postfix_sasl_passwd_map:
+  "[smtp.fastmail.com]:465": "foo:bar"
diff --git a/host_vars/rmq1.yaml b/host_vars/rmq1.yaml
new file mode 100644
index 0000000..50e7fce
--- /dev/null
+++ b/host_vars/rmq1.yaml
@@ -0,0 +1,17 @@
+---
+keepalived_vrrp_instances:
+  VI_1:
+    state: MASTER
+    interface: eth0
+    virtual_router_id: 51
+    priority: 254
+    authentication:
+      auth_type: PASS
+      auth_pass: asdf
+    unicast_peer: |
+      {{ groups['rabbitmq_servers'] | map('extract', hostvars, ['ansible_eth0', 'ipv4', 'address']) | difference([ansible_default_ipv4.address])| list }}
+    virtual_ipaddress:
+      - 10.100.100.20/24
+    track_script:
+      - chk_rabbitmq
+      - chk_amqp_port
diff --git a/host_vars/rmq2.yaml b/host_vars/rmq2.yaml
new file mode 100644
index 0000000..ffe7e01
--- /dev/null
+++ b/host_vars/rmq2.yaml
@@ -0,0 +1,17 @@
+---
+keepalived_vrrp_instances:
+  VI_1:
+    state: BACKUP
+    interface: eth0
+    virtual_router_id: 51
+    priority: 253
+    authentication:
+      auth_type: PASS
+      auth_pass: asdf
+    unicast_peer: |
+      {{ groups['rabbitmq_servers'] | map('extract', hostvars, ['ansible_eth0', 'ipv4', 'address']) | difference([ansible_default_ipv4.address])| list }}
+    virtual_ipaddress:
+      - 10.100.100.20/24
+    track_script:
+      - chk_rabbitmq
+      - chk_amqp_port
diff --git a/host_vars/rmq3.yaml b/host_vars/rmq3.yaml
new file mode 100644
index 0000000..a1807d3
--- /dev/null
+++ b/host_vars/rmq3.yaml
@@ -0,0 +1,17 @@
+---
+keepalived_vrrp_instances:
+  VI_1:
+    state: BACKUP
+    interface: eth0
+    virtual_router_id: 51
+    priority: 252
+    authentication:
+      auth_type: PASS
+      auth_pass: asdf
+    unicast_peer: |
+      {{ groups['rabbitmq_servers'] | map('extract', hostvars, ['ansible_eth0', 'ipv4', 'address']) | difference([ansible_default_ipv4.address])| list }}
+    virtual_ipaddress:
+      - 10.100.100.20/24
+    track_script:
+      - chk_rabbitmq
+      - chk_amqp_port
diff --git a/host_vars/ubuntu.yaml b/host_vars/ubuntu.yaml
new file mode 100644
index 0000000..5d98f23
--- /dev/null
+++ b/host_vars/ubuntu.yaml
@@ -0,0 +1,7 @@
+---
+#network_interfaces:
+#  - name: enp1s0
+#    address:
+#      - 192.168.124.124/24
+#    gateway4: 192.168.124.1
+#