---
# Inventory File for Two-Tier VPN Architecture
#
# This inventory is for managing VPN1, VPN2, VPN3 (user-facing VPN endpoints)
# from ValleyForge (admin control plane)
#
# Deploy this FROM ValleyForge server after:
# 1. ValleyForge is set up with WireGuard admin VPN
# 2. Ansible is installed on ValleyForge
# 3. SSH keys are configured from ValleyForge to VPN endpoints

all:
  children:
    # User-facing VPN endpoints
    vpn_servers:
      hosts:
        vpn1:
          ansible_host: 203.0.113.10  # VPN1 public IP (CHANGE THIS!)
          ansible_user: root
        
        vpn2:
          ansible_host: 203.0.113.11  # VPN2 public IP (CHANGE THIS!)
          ansible_user: root
        
        vpn3:
          ansible_host: 203.0.113.12  # VPN3 public IP (CHANGE THIS!)
          ansible_user: root
      
      vars:
        # Common variables for all VPN servers
        ansible_python_interpreter: /usr/bin/python3
        
        # ValleyForge public IP (for firewall rules)
        # IMPORTANT: Change this to your actual ValleyForge IP!
        valleyforge_public_ip: "185.112.147.205"

# Note: ValleyForge itself is NOT in this inventory
# ValleyForge is the control plane where you run Ansible FROM
# It should be configured separately with its own WireGuard admin VPN