misc
This commit is contained in:
parent
a004555681
commit
66e6c960d3
GPG key ID:
800882B66C0C3326
15 changed files with 115 additions and 31 deletions
|
|
@ -16,4 +16,7 @@ ifupdown2__gateways:
|
||||||
isp:
|
isp:
|
||||||
- 2a09:6840:210::1
|
- 2a09:6840:210::1
|
||||||
- 10.210.0.1
|
- 10.210.0.1
|
||||||
|
pub:
|
||||||
|
- 2a09:6840:215::1
|
||||||
|
- 45.66.111.204
|
||||||
...
|
...
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,8 @@ bird__ospf:
|
||||||
- pve0
|
- pve0
|
||||||
- isp0
|
- isp0
|
||||||
- ext0
|
- ext0
|
||||||
|
- pub0
|
||||||
|
- th30
|
||||||
- ups0
|
- ups0
|
||||||
1:
|
1:
|
||||||
broadcast:
|
broadcast:
|
||||||
|
|
@ -57,28 +59,28 @@ bird__bgp:
|
||||||
- pref_src: "{{ bird__pref_src_addr }}"
|
- pref_src: "{{ bird__pref_src_addr }}"
|
||||||
- accept
|
- accept
|
||||||
export: reject
|
export: reject
|
||||||
wg1:
|
#wg1:
|
||||||
local:
|
#local:
|
||||||
address: "{{ bird__bgp_addr.vpn }}"
|
#address: "{{ bird__bgp_addr.vpn }}"
|
||||||
as: "{{ bird__as.aurore }}"
|
#as: "{{ bird__as.aurore }}"
|
||||||
neighbor:
|
#neighbor:
|
||||||
address:
|
#address:
|
||||||
- 2a09:6840:213::1:3
|
# - 2a09:6840:213::1:3
|
||||||
- 10.213.1.3
|
# - 10.213.1.3
|
||||||
as: "{{ bird__as.aurore }}"
|
#as: "{{ bird__as.aurore }}"
|
||||||
rr_cluster_client: 10.203.1.1
|
#rr_cluster_client: 10.203.1.1
|
||||||
import: reject
|
#import: reject
|
||||||
export: accept
|
#export: accept
|
||||||
wg2:
|
#wg2:
|
||||||
local:
|
#local:
|
||||||
address: "{{ bird__bgp_addr.vpn }}"
|
#address: "{{ bird__bgp_addr.vpn }}"
|
||||||
as: "{{ bird__as.aurore }}"
|
#as: "{{ bird__as.aurore }}"
|
||||||
neighbor:
|
#neighbor:
|
||||||
address:
|
#address:
|
||||||
- 2a09:6840:213::1:4
|
# - 2a09:6840:213::1:4
|
||||||
- 10.203.1.4
|
# - 10.203.1.4
|
||||||
as: "{{ bird__as.aurore }}"
|
#as: "{{ bird__as.aurore }}"
|
||||||
rr_cluster_client: 10.203.1.1
|
#rr_cluster_client: 10.203.1.1
|
||||||
import: reject
|
#import: reject
|
||||||
export: accept
|
#export: accept
|
||||||
...
|
...
|
||||||
|
|
|
||||||
|
|
@ -43,8 +43,11 @@ firewall__zones:
|
||||||
ext:
|
ext:
|
||||||
addrs:
|
addrs:
|
||||||
- 2a09:6840:211::/64
|
- 2a09:6840:211::/64
|
||||||
- 45.66.111.0/24
|
|
||||||
- 10.211.0.0/16
|
- 10.211.0.0/16
|
||||||
|
pub:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:215::/64
|
||||||
|
- 45.66.111.204/30
|
||||||
vpn-clients:
|
vpn-clients:
|
||||||
addrs:
|
addrs:
|
||||||
- 2a09:6840:212::/64
|
- 2a09:6840:212::/64
|
||||||
|
|
@ -66,6 +69,7 @@ firewall__zones:
|
||||||
- pve
|
- pve
|
||||||
- isp
|
- isp
|
||||||
- ext
|
- ext
|
||||||
|
- pub
|
||||||
- vpn
|
- vpn
|
||||||
internet:
|
internet:
|
||||||
negate: true
|
negate: true
|
||||||
|
|
@ -106,6 +110,11 @@ firewall__zones:
|
||||||
addrs:
|
addrs:
|
||||||
- 2a09:6840:211::1:5
|
- 2a09:6840:211::1:5
|
||||||
- 45.66.111.205
|
- 45.66.111.205
|
||||||
|
- 10.128.1.5
|
||||||
|
proxy.pub:
|
||||||
|
addrs:
|
||||||
|
- 2a09:6840:214::1:1
|
||||||
|
- 45.66.111.206
|
||||||
|
|
||||||
firewall__input:
|
firewall__input:
|
||||||
- iif:
|
- iif:
|
||||||
|
|
@ -242,6 +251,19 @@ firewall__forward:
|
||||||
udp:
|
udp:
|
||||||
dport: 5121
|
dport: 5121
|
||||||
verdict: accept
|
verdict: accept
|
||||||
|
# Proxy web
|
||||||
|
- dst: proxy.pub
|
||||||
|
protocols:
|
||||||
|
tcp:
|
||||||
|
dport:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
verdict: accept
|
||||||
|
# ICMP to public vlan
|
||||||
|
- dst: pub
|
||||||
|
protocols:
|
||||||
|
icmp: true
|
||||||
|
verdict: accept
|
||||||
|
|
||||||
firewall__nat:
|
firewall__nat:
|
||||||
- src: 10.0.0.0/8
|
- src: 10.0.0.0/8
|
||||||
|
|
|
||||||
|
|
@ -40,13 +40,20 @@ keepalived__virtual_addresses:
|
||||||
- 10.211.0.1/16
|
- 10.211.0.1/16
|
||||||
- 2a09:6840:211::1/64
|
- 2a09:6840:211::1/64
|
||||||
- fe80::1/10
|
- fe80::1/10
|
||||||
|
th30:
|
||||||
keepalived__virtual_routes:
|
- 10.126.0.6/24
|
||||||
ext0:
|
- fe80::1/10
|
||||||
|
pub0:
|
||||||
|
- 2a09:6840:215::1/64
|
||||||
- 45.66.111.204/30
|
- 45.66.111.204/30
|
||||||
|
- fe80::1/10
|
||||||
|
|
||||||
|
#keepalived__virtual_routes:
|
||||||
|
# ext0:
|
||||||
|
# - 45.66.111.204/30
|
||||||
|
|
||||||
keepalived__virtual_blackholes:
|
keepalived__virtual_blackholes:
|
||||||
- 45.66.111.200/30
|
- 45.66.111.200/30 # NAT
|
||||||
|
|
||||||
keepalived__main: "{{ inventory_hostname_short == 'infra-1' }}"
|
keepalived__main: "{{ inventory_hostname_short == 'infra-1' }}"
|
||||||
...
|
...
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@ systemd_link__links:
|
||||||
isp0: 02:00:00:6b:53:14
|
isp0: 02:00:00:6b:53:14
|
||||||
ext0: 02:00:00:32:86:60
|
ext0: 02:00:00:32:86:60
|
||||||
vpn0: 02:00:00:52:5f:85
|
vpn0: 02:00:00:52:5f:85
|
||||||
|
th30: 02:00:00:23:a7:d3
|
||||||
|
pub0: 02:00:00:7d:34:06
|
||||||
|
|
||||||
ifupdown2__interfaces:
|
ifupdown2__interfaces:
|
||||||
back0:
|
back0:
|
||||||
|
|
@ -36,10 +38,14 @@ ifupdown2__interfaces:
|
||||||
ipv6_addrgen: false
|
ipv6_addrgen: false
|
||||||
ext0:
|
ext0:
|
||||||
ipv6_addrgen: false
|
ipv6_addrgen: false
|
||||||
|
pub0:
|
||||||
|
ipv6_addrgen: false
|
||||||
vpn0:
|
vpn0:
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:213::1:1/64
|
- 2a09:6840:213::1:1/64
|
||||||
- 10.213.1.1/16
|
- 10.213.1.1/16
|
||||||
|
th30:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
|
||||||
bird__router_id: 10.203.1.3
|
bird__router_id: 10.203.1.3
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -11,6 +11,8 @@ systemd_link__links:
|
||||||
isp0: 04:00:00:f4:4c:5d
|
isp0: 04:00:00:f4:4c:5d
|
||||||
ext0: 04:00:00:1d:0e:83
|
ext0: 04:00:00:1d:0e:83
|
||||||
vpn0: 04:00:00:02:ba:dd
|
vpn0: 04:00:00:02:ba:dd
|
||||||
|
th30: 04:00:00:9e:8d:4f
|
||||||
|
pub0: 04:00:00:f8:3b:9b
|
||||||
|
|
||||||
ifupdown2__interfaces:
|
ifupdown2__interfaces:
|
||||||
back0:
|
back0:
|
||||||
|
|
@ -40,6 +42,10 @@ ifupdown2__interfaces:
|
||||||
addresses:
|
addresses:
|
||||||
- 2a09:6840:213::1:2/64
|
- 2a09:6840:213::1:2/64
|
||||||
- 10.213.1.2/16
|
- 10.213.1.2/16
|
||||||
|
th30:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
pub0:
|
||||||
|
ipv6_addrgen: false
|
||||||
|
|
||||||
bird__router_id: 10.203.1.4
|
bird__router_id: 10.203.1.4
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -483,6 +483,9 @@ knotd__zones:
|
||||||
collabora.pub:
|
collabora.pub:
|
||||||
- 2a09:6840:128::220
|
- 2a09:6840:128::220
|
||||||
- 10.128.0.220
|
- 10.128.0.220
|
||||||
|
proxy.pub:
|
||||||
|
- 2a09:6840:214::1:1
|
||||||
|
- 45.66.111.206
|
||||||
|
|
||||||
108.66.45.in-addr.arpa:
|
108.66.45.in-addr.arpa:
|
||||||
dnssec_policy: ripe
|
dnssec_policy: ripe
|
||||||
|
|
|
||||||
11
host_vars/proxy.pub.infra.auro.re.yml
Normal file
11
host_vars/proxy.pub.infra.auro.re.yml
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
systemd_link__links:
|
||||||
|
pub0: ae:ae:ae:3a:71:0b
|
||||||
|
|
||||||
|
ifupdown2__interfaces:
|
||||||
|
pub0:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:215::1:1/64
|
||||||
|
- 45.66.111.206/30
|
||||||
|
gateways: "{{ ifupdown2__gateways.pub }}"
|
||||||
|
...
|
||||||
|
|
@ -1,7 +1,11 @@
|
||||||
---
|
---
|
||||||
systemd_link__links:
|
systemd_link__links:
|
||||||
vpn0: 02:00:00:b5:ca:c7
|
vpn0:
|
||||||
ext0: 02:00:00:e3:65:49
|
enabled: false
|
||||||
|
vpn: 02:00:00:b5:ca:c7
|
||||||
|
ext0:
|
||||||
|
enabled: false
|
||||||
|
ext: 02:00:00:e3:65:49
|
||||||
|
|
||||||
ifupdown2__interfaces:
|
ifupdown2__interfaces:
|
||||||
ext0:
|
ext0:
|
||||||
|
|
@ -16,6 +20,20 @@ ifupdown2__interfaces:
|
||||||
- 10.213.1.3/16
|
- 10.213.1.3/16
|
||||||
# FIXME: move to group_vars
|
# FIXME: move to group_vars
|
||||||
goto_table: "{{ iproute2__custom_tables.wireguard }}"
|
goto_table: "{{ iproute2__custom_tables.wireguard }}"
|
||||||
|
#vrf: wg-vrf
|
||||||
|
ext:
|
||||||
|
gateways: "{{ ifupdown2__gateways.ext }}"
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:211::1:1/64
|
||||||
|
- 10.211.1.1/16
|
||||||
|
- 45.66.111.204/30
|
||||||
|
vpn:
|
||||||
|
addresses:
|
||||||
|
- 2a09:6840:213::1:3/64
|
||||||
|
- 10.213.1.3/16
|
||||||
|
# FIXME: move to group_vars
|
||||||
|
goto_table: "{{ iproute2__custom_tables.wireguard }}"
|
||||||
|
#vrf: wg-vrf
|
||||||
|
|
||||||
bird__router_id: 10.213.1.3
|
bird__router_id: 10.213.1.3
|
||||||
|
|
||||||
|
|
|
||||||
1
hosts
1
hosts
|
|
@ -5,6 +5,7 @@ mx.test.infra.auro.re
|
||||||
|
|
||||||
[vm_services]
|
[vm_services]
|
||||||
collabora.pub.infra.auro.re
|
collabora.pub.infra.auro.re
|
||||||
|
proxy.pub.infra.auro.re
|
||||||
|
|
||||||
[aruba]
|
[aruba]
|
||||||
eb-1.acs.sw.infra.auro.re
|
eb-1.acs.sw.infra.auro.re
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
- hosts:
|
- hosts:
|
||||||
- pve_network
|
- pve_network
|
||||||
- vm_network
|
- vm_network
|
||||||
|
- vm_services
|
||||||
- ntp
|
- ntp
|
||||||
roles:
|
roles:
|
||||||
- chronyd
|
- chronyd
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
- hosts:
|
- hosts:
|
||||||
- pve_network
|
- pve_network
|
||||||
- vm_network
|
- vm_network
|
||||||
|
- vm_services
|
||||||
roles:
|
roles:
|
||||||
- hostname
|
- hostname
|
||||||
...
|
...
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
---
|
---
|
||||||
- hosts:
|
- hosts:
|
||||||
- vm_network
|
- vm_network
|
||||||
|
- vm_services
|
||||||
- vm_test
|
- vm_test
|
||||||
roles:
|
roles:
|
||||||
- qemu_guest
|
- qemu_guest
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@
|
||||||
- hosts:
|
- hosts:
|
||||||
- vm_network
|
- vm_network
|
||||||
- vm_test
|
- vm_test
|
||||||
|
- vm_services
|
||||||
- pve_network
|
- pve_network
|
||||||
roles:
|
roles:
|
||||||
- resolvconf
|
- resolvconf
|
||||||
|
|
|
||||||
|
|
@ -3,4 +3,5 @@ collections:
|
||||||
- name: community.general
|
- name: community.general
|
||||||
- name: community.postgresql
|
- name: community.postgresql
|
||||||
- name: ansible.utils
|
- name: ansible.utils
|
||||||
|
- name: ansible.netcommon
|
||||||
...
|
...
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue