-wireguard_id = %x(systemd-id128 machine-id -a 3f36688c233848dfa84e4b176195622e)
-
default[:networking][:firewall][:enabled] = true
-default[:networking][:firewall][:inet] = []
-default[:networking][:firewall][:inet6] = []
-default[:networking][:firewall][:http_rate_limit] = "-"
-default[:networking][:firewall][:http_connection_limit] = "-"
-default[:networking][:firewall][:log] = true
-default[:networking][:firewall][:mark] = true
-default[:networking][:firewall][:raw] = true
-default[:networking][:firewall][:mangle] = true
+default[:networking][:firewall][:sets] = []
+default[:networking][:firewall][:helpers] = []
+default[:networking][:firewall][:incoming] = []
+default[:networking][:firewall][:outgoing] = []
+default[:networking][:firewall][:http_rate_limit] = nil
+default[:networking][:firewall][:http_connection_limit] = nil
+default[:networking][:firewall][:allowlist] = []
+default[:networking][:roles] = {}
default[:networking][:interfaces] = {}
-default[:networking][:nameservers] = []
+default[:networking][:nameservers] = %w[8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844]
default[:networking][:search] = []
default[:networking][:dnssec] = "allow-downgrade"
default[:networking][:hostname] = node.name
-default[:networking][:wireguard][:enabled] = false
-default[:networking][:wireguard][:address] = "fd43:e709:ea6d:1:#{wireguard_id[0,4]}:#{wireguard_id[4,4]}:#{wireguard_id[8,4]}:#{wireguard_id[12,4]}"
-default[:networking][:wireguard][:keepalive] = false
+default[:networking][:wireguard][:enabled] = true
+default[:networking][:wireguard][:keepalive] = 180
default[:networking][:wireguard][:peers] = []