Add config for new VMs

.gitignore

@@ -1,3 +1,4 @@
 *.retry
 tmp
 ldap-password.txt
+__pycache__/

all.yml

@@ -0,0 +1,11 @@
+#!/usr/bin/env ansible-playbook
+---
+- import_playbook: playbooks/base.yml
+- import_playbook: playbooks/root.yml
+- import_playbook: playbooks/ssh.yml
+- import_playbook: playbooks/chronyd.yml
+- import_playbook: playbooks/kresd.yml
+- import_playbook: playbooks/resolvconf.yml
+- import_playbook: playbooks/ifupdown2.yml
+- import_playbook: playbooks/keepalived.yml
+...

deploy_all.sh

@@ -1,3 +0,0 @@
-#!/usr/bin/env bash
-# Deploy all playbooks
-ansible-playbook playbooks/*.yml $@

playbooks/base.yml

@@ -1,10 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Put a common configuration on all servers
-- hosts: all,!unifi
+- hosts:
+    - pve_network
+    - vm_network
   roles:
-    - baseconfig
-    - basesecurity
-    - ldap_client
-    - logrotate
-    - update_motd
+    - base_utils
+...

playbooks/bird.yml

@@ -5,17 +5,9 @@
     - isp-2.rtr.infra.auro.re
   vars:
     bird__router_ids:
-      isp-1.rtr.infra.auro.re: 10.136.0.1
-      isp-2.rtr.infra.auro.re: 10.136.0.2
+      isp-1.rtr.infra.auro.re: 10.203.0.5
+      isp-2.rtr.infra.auro.re: 10.203.0.6
     bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
-    bird__ospf_broadcast_interfaces:
-      ens20: null
-    bird__ospf_stub_interfaces:
-      - client-0
-      - client-1
-      - client-2
-      - client-3
-      - client-4
     bird__radv_interfaces:
       client-0:
         prefix:
@@ -43,7 +35,7 @@
         domain_search:
           - client-4.isp.auro.re
     bird__radv_dns_servers:
-      - 2a09:6840:128::127
+      - 2a09:6840:128::10:3
   roles:
     - bird
 
@@ -52,19 +44,9 @@
     - infra-2.rtr.infra.auro.re
   vars:
     bird__router_ids:
-      infra-1.rtr.infra.auro.re: 10.203.1.3
-      infra-2.rtr.infra.auro.re: 10.203.1.4
+      infra-1.rtr.infra.auro.re: 10.203.0.3
+      infra-2.rtr.infra.auro.re: 10.203.0.4
     bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
-    bird__ospf_broadcast_interfaces:
-      ens19: null
-    bird__ospf_stub_interfaces:
-      - ens20
-      - ens21
-      - ens22
-      - ens23
-      - ens1
-      - ens2
-      - ens1s3
   roles:
     - bird
 
@@ -73,8 +55,8 @@
     - edge-2.rtr.infra.auro.re
   vars:
     bird__router_ids:
-      edge-1.rtr.infra.auro.re: 10.203.1.1
-      edge-2.rtr.infra.auro.re: 10.203.1.2
+      edge-1.rtr.infra.auro.re: 10.203.0.1
+      edge-2.rtr.infra.auro.re: 10.203.0.2
     bird__asn:
       aurore: 43619
       crans: 204515

playbooks/chronyd.yml

@@ -17,10 +17,10 @@
     - chronyd
 
 - hosts:
-    - all
+    - pve_network
+    - vm_network
     - "!ntp-1.int.infra.auro.re"
     - "!ntp-2.int.infra.auro.re"
-    - "!unifi"
   vars:
     chronyd__pools:
       - ntp-1.int.infra.auro.re

playbooks/ifupdown2.yml

@@ -1,48 +1,261 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
-    - ntp-1.int.infra.auro.re
-    - dns-1.int.infra.auro.re
-    - dhcp-1.isp.auro.re
-    - dhcp-2.isp.auro.re
-    - isp-1.rtr.infra.auro.re
-    - isp-2.rtr.infra.auro.re
-    - edge-1.rtr.infra.auro.re
-    - edge-2.rtr.infra.auro.re
-    - infra-1.rtr.infra.auro.re
-    - infra-2.rtr.infra.auro.re
+    - vm_network
   vars:
+    ifupdown2__gateways:
+      adm:
+        - 2a09:6840:128::254
+        - 10.128.0.254
     # TODO: netbox
     ifupdown2__hosts:
-      ntp-1.int.infra.auro.re:
+      edge-1.rtr.infra.auro.re:
         ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
           addresses:
-            - 2a09:6840:128::203/56
-            - 10.128.0.203/16
+            - 2a09:6840:128::10:2/56
+            - 10.128.10.2/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          ipv6_addrgen: false
+          forward: true
+        ens20:
+          ipv6_addrgen: false
+          forward: true
+        ens21:
+          ipv6_addrgen: false
+          forward: true
+        ens22:
+          addresses:
+            - 2a09:6840:203:0:1::1/56
+            - 10.203.0.1/16
+          forward: true
+      edge-2.rtr.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128:10:102/56
+            - 10.128.10.102/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          ipv6_addrgen: false
+          forward: true
+        ens20:
+          ipv6_addrgen: false
+          forward: true
+        ens21:
+          ipv6_addrgen: false
+          forward: true
+        ens22:
+          addresses:
+            - 2a09:6840:203:0:2::1/56
+            - 10.203.0.2/16
+          forward: true
       dns-1.int.infra.auro.re:
         ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
           addresses:
-            - 2a09:6840:128::127/56
-            - 10.128.0.127/16
-      dhcp-1.isp.auro.re:
+            - 2a09:6840:128::10:3/56
+            - 10.128.10.3/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:206:0:2::1/56
+            - 10.206.0.2/16
+      dns-2.int.infra.auro.re:
         ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
           addresses:
-            - 2a09:6840:128::204/56
-            - 10.128.0.204/16
-        ens19: null
+            - 2a09:6840:128::10:103/56
+            - 10.128.10.103/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:206:0:3::1/56
+            - 10.206.0.3/16
+      ssh-1.mgmt.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:1/56
+            - 10.128.10.1/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+            - 45.66.108.2/16
+      ssh-2.mgmt.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:101/56
+            - 10.128.10.101/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+            - 45.66.108.3/16
+      infra-1.rtr.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:4/56
+            - 10.128.10.4/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:203:1:3::1/56
+            - 10.203.1.3/16
+          forward: true
+        ens20:
+          ipv6_addrgen: false
+          forward: true
+        ens21:
+          ipv6_addrgen: false
+          forward: true
+        ens22:
+          ipv6_addrgen: false
+          forward: true
+        ens23:
+          ipv6_addrgen: false
+          forward: true
+        ens1:
+          ipv6_addrgen: false
+          forward: true
+        ens2:
+          ipv6_addrgen: false
+          forward: true
+        enp1s3:
+          ipv6_addrgen: false
+          forward: true
+      infra-2.rtr.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:104/56
+            - 10.128.10.104/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:203:4::1/64
+            - 10.203.1.4/16
+          forward: true
+        ens20:
+          ipv6_addrgen: false
+          forward: true
+        ens21:
+          ipv6_addrgen: false
+          forward: true
+        ens22:
+          ipv6_addrgen: false
+          forward: true
+        ens23:
+          ipv6_addrgen: false
+          forward: true
+        ens1:
+          ipv6_addrgen: false
+          forward: true
+        ens2:
+          ipv6_addrgen: false
+          forward: true
+        enp1s3:
+          ipv6_addrgen: false
+          forward: true
+      isp-1.rtr.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:5/56
+            - 10.128.10.5/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:203:0:5::1/56
+            - 10.203.0.5/16
+          forward: true
+        ens20:
+          ipv6_addrgen: false
         clients:
           bridge_vlan_aware: true
           bridge_ports:
-            - ens19
+            - ens20
+          bridge_vids:
+            - 1000-1004
+          bridge_disable_pvid: true
+          ipv6_addrgen: false
+          forward: true
+        client-0:
+          vlan_id: 1000
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+        client-1:
+          vlan_id: 1001
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+        client-2:
+          vlan_id: 1002
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+        client-3:
+          vlan_id: 1003
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+        client-4:
+          vlan_id: 1004
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+      isp-2.rtr.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:105/56
+            - 10.128.10.105/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:203:0:5::1/56
+            - 10.203.0.5/16
+          forward: true
+        ens20:
+          ipv6_addrgen: false
+        clients:
+          bridge_vlan_aware: true
+          bridge_ports:
+            - ens20
+          bridge_vids:
+            - 1000-1004
+          forward: true
+        client-0:
+          vlan_id: 1000
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+        client-1:
+          vlan_id: 1001
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+        client-2:
+          vlan_id: 1002
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+        client-3:
+          vlan_id: 1003
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+        client-4:
+          vlan_id: 1004
+          vlan_raw_device: clients
+          ipv6_addrgen: false
+          forward: true
+      dhcp-1.isp.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:6/56
+            - 10.128.10.6/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:210:1:1::1/56
+            - 10.210.1.1/16
+        ens20: null
+        clients:
+          bridge_vlan_aware: true
+          bridge_ports:
+            - ens20
           bridge_vids:
             - 1000-1004
         client-0:
@@ -70,19 +283,21 @@
             - 100.64.0.130/27
           vlan_id: 1004
           vlan_raw_device: clients
-      dhcp-2.isp.auro.re:
+      dhcp-2.isp.infra.auro.re:
         ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
           addresses:
-            - 2a09:6840:128::91/56
-            - 10.128.0.91/16
-        ens19: null
+            - 2a09:6840:128::10:106/56
+            - 10.128.10.106/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:210:1:2::1/56
+            - 10.210.1.2/16
+        ens20: null
         clients:
           bridge_vlan_aware: true
           bridge_ports:
-            - ens19
+            - ens20
           bridge_vids:
             - 1000-1004
         client-0:
@@ -110,204 +325,86 @@
             - 100.64.0.131/27
           vlan_id: 1004
           vlan_raw_device: clients
-      isp-1.rtr.infra.auro.re:
+      radius-1.isp.infra.auro.re:
         ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
           addresses:
-            - 2a09:6840:128::255/56
-            - 10.128.0.255/16
-        ens19: null
-        ens20:
-          forward: true
-          addresses:
-            - 2a09:6840:136:0:1::1/56
-            - 10.136.0.1/16
-        clients:
-          bridge_vlan_aware: true
-          bridge_ports:
-            - ens19
-          bridge_vids:
-            - 1000-1004
-          bridge_disable_pvid: true
-          forward: true
-          ipv6_addrgen: false
-        client-0:
-          forward: true
-          vlan_id: 1000
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-        client-1:
-          forward: true
-          vlan_id: 1001
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-        client-2:
-          forward: true
-          vlan_id: 1002
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-        client-3:
-          forward: true
-          vlan_id: 1003
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-        client-4:
-          forward: true
-          vlan_id: 1004
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-      isp-2.rtr.infra.auro.re:
-        ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
-          addresses:
-            - 2a09:6840:128::158/56
-            - 10.128.0.158/16
-        ens19: null
-        ens20:
-          forward: true
-          addresses:
-            - 2a09:6840:136:0:2::1/56
-            - 10.136.0.2/16
-        clients:
-          bridge_vlan_aware: true
-          bridge_ports:
-            - ens19
-          bridge_vids:
-            - 1000-1004
-        client-0:
-          forward: true
-          vlan_id: 1000
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-        client-1:
-          forward: true
-          vlan_id: 1001
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-        client-2:
-          forward: true
-          vlan_id: 1002
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-        client-3:
-          forward: true
-          vlan_id: 1003
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-        client-4:
-          forward: true
-          vlan_id: 1004
-          vlan_raw_device: clients
-          ipv6_addrgen: false
-      edge-1.rtr.infra.auro.re:
-        ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
-          addresses:
-            - 2a09:6840:128::186/56
-            - 10.128.0.186/16
-        ens19: null # crans
-        ens20: null # vr
-        ens21: null # zayo
-        ens22: # backbone
-          addresses:
-            - 2a09:6840:203:1:1::1/64
-            - 10.203.1.1/16
-      edge-2.rtr.infra.auro.re:
-        ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
-          addresses:
-            - 2a09:6840:128::228/56
-            - 10.128.0.228/16
-        ens19: null # crans
-        ens20: null # vr
-        ens21: null # zayo
-        ens22: # backbone
-          addresses:
-            - 2a09:6840:203:1:2::1/64
-            - 10.203.1.2/16
-      infra-1.rtr.infra.auro.re:
-        ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
-          addresses:
-            - 2a09:6840:128::2:76/56
-            - 10.128.2.76/16
+            - 2a09:6840:128::10:7/56
+            - 10.128.10.7/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
         ens19:
           addresses:
-            - 2a09:6840:1:3::1/64
-            - 10.203.1.3/16
-        ens20:
-          ipv6_addrgen: false
-        ens21:
-          ipv6_addrgen: false
-        ens22:
-          ipv6_addrgen: false
-        ens23:
-          ipv6_addrgen: false
-        ens1:
-          ipv6_addrgen: false
-        ens2:
-          ipv6_addrgen: false
-        enp1s3:
-          ipv6_addrgen: false
-      infra-2.rtr.infra.auro.re:
+            - 2a09:6840:210:1:1::1/56
+            - 10.210.1.1/16
+      radius-2.isp.infra.auro.re:
         ens18:
-          gateways:
-            - 2a09:6840:128::254
-            - 10.128.0.254
           addresses:
-            - 2a09:6840:128::2:27/56
-            - 10.128.2.27/16
+            - 2a09:6840:128::10:107/56
+            - 10.128.10.107/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
         ens19:
           addresses:
-            - 2a09:6840:1:4::1/64
-            - 10.203.1.4/16
-        ens20:
-          ipv6_addrgen: false
-        ens21:
-          ipv6_addrgen: false
-        ens22:
-          ipv6_addrgen: false
-        ens23:
-          ipv6_addrgen: false
-        ens1:
-          ipv6_addrgen: false
-        ens2:
-          ipv6_addrgen: false
-        enp1s3:
-          ipv6_addrgen: false
+            - 2a09:6840:210:1:2::1/56
+      ldap-1.int.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:8/56
+            - 10.128.10.8/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:206:1:3::1/56
+            - 10.206.1.3/16
+      ldap-2.int.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:108/56
+            - 10.128.10.108/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:206:1:4::1/56
+            - 10.206.1.4/16
+      ntp-1.int.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:9/56
+            - 10.128.10.9/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:206:1:5::1/56
+            - 10.206.1.5/16
+      ntp-2.int.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:109/56
+            - 10.128.10.109/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:206:1:6::1/56
+            - 10.206.1.6/16
+      prometheus-1.monit.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:10/56
+            - 10.128.10.10/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:204:1:1::1/56
+            - 10.204.1.1/16
+      prometheus-2.monit.infra.auro.re:
+        ens18:
+          addresses:
+            - 2a09:6840:128::10:110/56
+            - 10.128.10.110/16
+          gateways: "{{ ifupdown2__gateways.adm }}"
+        ens19:
+          addresses:
+            - 2a09:6840:204:1:2::1/56
+            - 10.204.1.2/16
     ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
   roles:
     - ifupdown2
-
-- hosts:
-    - ntp-1.int.infra.auro.re
-    - dns-1.int.infra.auro.re
-    - dhcp-1.isp.auro.re
-    - dhcp-2.isp.auro.re
-    - isp-1.rtr.infra.auro.re
-    - isp-2.rtr.infra.auro.re
-    - edge-1.rtr.infra.auro.re
-    - edge-2.rtr.infra.auro.re
-    - infra-1.rtr.infra.auro.re
-    - infra-2.rtr.infra.auro.re
-  vars:
-    resolvconf__nameservers:
-      - 2a09:6840:128::127
-      - 10.128.0.127
-    resolvconf__domain: auro.re
-    resolvconf__search:
-      - "{{ inventory_hostname | remove_domain_suffix }}"
-      - auro.re
-  roles:
-    - resolvconf
 ...

playbooks/keepalived.yml

@@ -5,7 +5,7 @@
     - isp-2.rtr.infra.auro.re
   vars:
     keepalived__virtual_router_id: 80
-    keepalived__interface: ens20
+    keepalived__interface: ens19
     keepalived__virtual_addresses:
       client-0:
         - 100.64.0.1/27
@@ -61,31 +61,31 @@
     keepalived__virtual_addresses:
       ens20:
         - 10.204.0.1/16
-        - 2a09:6840:204::1/64
+        - 2a09:6840:204::1/56
         - fe80::1/10
       ens21:
         - 10.205.0.1/16
-        - 2a09:6840:205::1/64
+        - 2a09:6840:205::1/56
         - fe80::1/10
       ens22:
         - 10.206.0.1/16
-        - 2a09:6840:206::1/64
+        - 2a09:6840:206::1/56
         - fe80::1/10
       ens23:
         - 10.207.0.1/16
-        - 2a09:6840:207::1/64
+        - 2a09:6840:207::1/56
         - fe80::1/10
       ens1:
         - 10.208.0.1/16
-        - 2a09:6840:208::1/64
+        - 2a09:6840:208::1/56
         - fe80::1/10
       ens2:
         - 10.209.0.1/16
-        - 2a09:6840:209::1/64
+        - 2a09:6840:209::1/56
         - fe80::1/10
       enp1s3:
         - 10.210.0.1/16
-        - 2a09:6840:210::1/64
+        - 2a09:6840:210::1/56
         - fe80::1/10
   roles:
     - keepalived

playbooks/knotd.yml

@@ -361,8 +361,8 @@
             - 10.128.10.1
             - 2a09:6840:128::10:1
           ssh-2.mgmt:
-            - 10.128.10.2
-            - 2a09:6840:128::10:2
+            - 10.128.10.101
+            - 2a09:6840:128::10:101
           infra-1.rtr:
             - 10.128.10.4
             - 2a09:6840:128::10:4

playbooks/radius.yml

@@ -1,10 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# Deploy Radius
-- hosts: radius-*.adm.auro.re
-  vars:
-    update_motd:
-      unbound: FreeRADIUS est déployé.
-  roles:
-    - radius
-    - update_motd

playbooks/resolvconf.yml

@@ -0,0 +1,16 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts:
+    - vm_network
+    - pve_network
+  vars:
+    resolvconf__nameservers:
+      - 2a09:6840:128::10:3
+      - 10.128.10.3
+    resolvconf__domain: auro.re.
+    resolvconf__search:
+      - "{{ inventory_hostname | remove_domain_suffix }}"
+      - auro.re.
+  roles:
+    - resolvconf
+...

playbooks/root.yml

@@ -1,6 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
-- hosts: all,!unifi
+- hosts:
+    - vm_network
+    - pve_network
   vars:
     root_shell: /bin/bash
     root_password: "{{ vault_root_password }}"

playbooks/router.yml

@@ -1,23 +0,0 @@
-#!/usr/bin/env ansible-playbook
----
-# Deploy firewall and keepalived
-# radvd: IPv6 SLAAC (/64 subnets, private IPs).
-#   Must NOT be on routeur-aurore-*, or will with DHCPv6!
-- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
-  vars:
-    update_motd:
-      unbound: Le routage (avec radvd) est déployé.
-  roles:
-    - router
-    - radvd
-    - update_motd
-
-# No radvd here
-- hosts: ~routeur-aurore.*\.adm\.auro\.re
-  vars:
-    update_motd:
-      unbound: Le routage (avec DHCPv6) est déployé.
-  roles:
-    - router
-    - ipv6_edge_router
-    - update_motd

playbooks/ssh.yml

@@ -1,6 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
-- hosts: all,!unifi
+- hosts:
+    - pve_network
+    - vm_network
   vars:
     openssh_users_ca_public_key:
       "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\

roles/base_utils/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+- name: Install base utils
+  apt:
+    name:
+      - htop
+      - vim
+      - dnsutils
+...