Registering a new internal machine : 1. Register .pub.infra.hatecomputers.club A record -> public ipv4 2. Register .int.infra.hatecomputers.club A record -> internal ipv4 in 10.155.0.0/16 subnet 3. Put it on the internal VPN. i.e. add .pub... in the wireguard-mesh after allowing ssh to root and everything 4. Run the wireguard-mesh playbook 5. Update the inventory record in wireguard-mesh to .int... 6. Now run the deploy-common playbook to allow ssh only internally, debugging as necessary if needed ; it should just work :)) 7. Add your new roles!