X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/faf8ae12e85eabb050b0f5eceb2cb67ad1de5261..ec1ecc81ad6c862db39f4bfd0fd830f44909b61a:/cookbooks/networking/attributes/default.rb

diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb
index 9a03eb3fa..6881fcafe 100644
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -1,3 +1,20 @@
-default[:networking][:interfaces] = { }
-default[:networking][:nameservers] = [ ]
-default[:networking][:search] = [ ]
+wireguard_id = %x(systemd-id128 machine-id -a 3f36688c233848dfa84e4b176195622e)
+
+default[:networking][:firewall][:enabled] = true
+default[:networking][:firewall][:inet] = []
+default[:networking][:firewall][:inet6] = []
+default[:networking][:firewall][:http_rate_limit] = "-"
+default[:networking][:firewall][:http_connection_limit] = "-"
+default[:networking][:firewall][:log] = true
+default[:networking][:firewall][:mark] = true
+default[:networking][:firewall][:raw] = true
+default[:networking][:firewall][:mangle] = true
+default[:networking][:interfaces] = {}
+default[:networking][:nameservers] = []
+default[:networking][:search] = []
+default[:networking][:dnssec] = "allow-downgrade"
+default[:networking][:hostname] = node.name
+default[:networking][:wireguard][:enabled] = false
+default[:networking][:wireguard][:address] = "fd43:e709:ea6d:1:#{wireguard_id[0, 4]}:#{wireguard_id[4, 4]}:#{wireguard_id[8, 4]}:#{wireguard_id[12, 4]}"
+default[:networking][:wireguard][:keepalive] = false
+default[:networking][:wireguard][:peers] = []