misc: dns + locales + pve + …

collabora: misc
collabora: migrate to new infra
2024-06-22 20:27:15 +02:00 · 2024-05-19 16:30:50 +02:00 · 2024-05-19 15:26:16 +02:00 · 2024-05-19 13:59:17 +02:00 · 2024-05-02 22:43:25 +02:00 · 2024-05-02 22:40:45 +02:00
283 changed files with 32308 additions and 4116 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 *.retry
 tmp
 ldap-password.txt
 __pycache__/
--- a/all.yml
+++ b/all.yml
@ -0,0 +1,18 @@
 #!/usr/bin/env ansible-playbook
 ---
 - import_playbook: playbooks/base.yml
 - import_playbook: playbooks/root.yml
 - import_playbook: playbooks/ssh.yml
 - import_playbook: playbooks/chronyd.yml
 - import_playbook: playbooks/kresd.yml
 - import_playbook: playbooks/knotd.yml
 - import_playbook: playbooks/resolvconf.yml
 - import_playbook: playbooks/ifupdown2.yml
 - import_playbook: playbooks/systemd_link.yml
 - import_playbook: playbooks/keepalived.yml
 - import_playbook: playbooks/ip_forward.yml
 - import_playbook: playbooks/dhcpd.yml
 - import_playbook: playbooks/bird.yml
 - import_playbook: playbooks/pve.yml
 - import_playbook: playbooks/prometheus.yml
 ...
--- a/ansible.cfg
+++ b/ansible.cfg
@ -3,8 +3,10 @@ ask_vault_pass = True
 roles_path = ./roles
 retry_files_enabled = False
 inventory = ./hosts
 stdout_callback = debug
 library = ./library
 filter_plugins = ./filter_plugins
-ansible_managed = Ansible managed, modified on %Y-%m-%d %H:%M:%S
+ansible_managed = Ansible managed
 nocows = 1
 forks = 15
 timeout = 60
@ -15,3 +17,4 @@ always = yes
 [ssh_connection]
 pipelining = True
 retries = 3
--- a/deploy_all.sh
+++ b/deploy_all.sh
@ -1,3 +0,0 @@
 #!/usr/bin/env bash
 # Deploy all playbooks
 ansible-playbook playbooks/*.yml $@
--- a/filter_plugins/enquote.py
+++ b/filter_plugins/enquote.py
@ -0,0 +1,16 @@
 class FilterModule:
    def filters(self):
        return {
            "enquote": enquote,
        }
 def enquote(string, delimiter='"', escape="\\"):
    translation = str.maketrans(
        {
            delimiter: f"{escape}{delimiter}",
            escape: f"{escape}{escape}",
        }
    )
    escaped = string.translate(translation)
    return f"{delimiter}{escaped}{delimiter}"
--- a/filter_plugins/format_rev.py
+++ b/filter_plugins/format_rev.py
@ -0,0 +1,9 @@
 class FilterModule:
    def filters(self):
        return {
            "format_rev": format_rev,
        }
 def format_rev(text, fmt, *args, **kwargs):
    return fmt.format(text, *args, **kwargs)
--- a/filter_plugins/net_utils.py
+++ b/filter_plugins/net_utils.py
@ -7,11 +7,39 @@ import dns.name
 class FilterModule:
    def filters(self):
        return {
            "add_origin": add_origin,
            "add_origin_keys": add_origin_keys,
            "ip_filter": ip_filter,
            "remove_domain_suffix": remove_domain_suffix,
            "ipaddr_sort": ipaddr_sort,
        }
 def first_addr(addresses, ipv4 = True):
    version = ipaddress.IPv4Address if ipv4 else ipaddress.IPv6Address
    for addr in addresses:
        parsed = ipaddress.ip_address(xx)
        if isinstance(parsed, version):
            return parsed
    raise ValueError("missing address")
 def ip_filter(addresses, networks):
    if isinstance(addresses, dict):
        return {k: ip_filter(v, networks) for k, v in addresses.items()}
    ip_networks = [ipaddress.ip_network(n) for n in networks]
    ip_addresses = [ipaddress.ip_address(a) for a in addresses]
    return [str(a) for a in ip_addresses if any(a in n for n in ip_networks)]
 def add_origin(name, origin="."):
    return dns.name.from_text(name, dns.name.from_text(origin)).to_text()
 def add_origin_keys(dct, origin="."):
    return {add_origin(k, origin): v for k, v in dct.items()}
 def remove_domain_suffix(name):
    parent = dns.name.from_text(name).parent()
    return parent.to_text()
--- a/filter_plugins/suffix.py
+++ b/filter_plugins/suffix.py
@ -0,0 +1,9 @@
 class FilterModule:
    def filters(self):
        return {
            "suffix": suffix,
        }
 def suffix(value, suffix):
    return value + suffix
--- a/group_vars/all/bird.yml
+++ b/group_vars/all/bird.yml
@ -0,0 +1,4 @@
 ---
 bird__as:
  aurore: 43619
 ...
--- a/group_vars/all/chronyd.yml
+++ b/group_vars/all/chronyd.yml
@ -0,0 +1,5 @@
 ---
 chronyd__pools:
  - ntp-1.int.infra.auro.re
  - ntp-2.int.infra.auro.re
 ...
--- a/group_vars/all/ifupdown2.yml
+++ b/group_vars/all/ifupdown2.yml
@ -0,0 +1,24 @@
 ---
 ifupdown2__wireguard_proto: wireguard
 ifupdown2__gateways:
  adm:
    - 2a09:6840:128::254
    - 10.128.0.254
  int:
    - 2a09:6840:206::1
    - 10.206.0.1
  ext:
    - 2a09:6840:211::1
    - 10.211.0.1
  monit:
    - 2a09:6840:204::1
    - 10.204.0.1
  isp:
    - 2a09:6840:210::1
    - 10.210.0.1
  pub:
    - 2a09:6840:215::1
    - 45.66.111.204
  ovh:
    - 92.222.211.254
 ...
--- a/group_vars/all/openssh.yml
+++ b/group_vars/all/openssh.yml
@ -0,0 +1,10 @@
 ---
 openssh__users_ca_public_key:
  "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAAB\
  hBIpT7d7WeR88bs53KkNkZNOzkPJ7CQ5Ui6Wl9LXzAjjIdH+hKJieBMHrKew7+kzxGYaTqXW\
  F1fQWsACG6aniy7VZpsdgTaNw7qr9frGfmo950V7IlU6w1HRc5c+3oVBWpg=="
 openssh__authorized_principals:
  - any
  - "{{ inventory_hostname }}"
 ...
--- a/group_vars/all/prometheus.yml
+++ b/group_vars/all/prometheus.yml
@ -0,0 +1,3 @@
 ---
 prometheus_node__text_dir: /var/run/prometheus-node-exporter
 ...
--- a/group_vars/all/resolvconf.yml
+++ b/group_vars/all/resolvconf.yml
@ -0,0 +1,13 @@
 ---
 resolvconf__nameservers:
  - 2a09:6840:206::1:1
  - 2a09:6840:206::1:2
  - 10.206.1.1
  - 10.206.1.2
 resolvconf__domain: auro.re.
 resolvconf__search:
  - "{{ inventory_hostname | remove_domain_suffix }}"
  - auro.re.
 ...
--- a/group_vars/all/root.yml
+++ b/group_vars/all/root.yml
@ -0,0 +1,5 @@
 ---
 root__shell: /bin/bash
 root__password: "{{ vault_root_password }}"
 ...
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@ -1,246 +1,298 @@
 $ANSIBLE_VAULT;1.1;AES256
-64313161633263303464663933363265373935633862653634643862343232643432343966376438
+61343966306561383238303434393933613538616662326430626564353466356235666537646263
-6134633764383937373966346538306530316539303966320a363035303038616435383366656532
+3464666132613834306435376533353564633634643931310a376435336364333437633633643537
-39346463396563626166333362306464343836386365303836356461323663633831636562393039
+30636165313433333039616337633765346232326362663834396462653637636438356638616263
-3832636432626238350a666566323435623834396166656233306639333830343130326265616234
+6333336530663764660a316331363464616132383835646362306635623261643333313639303132
-61666365663963643437386530363261306438376665386463376366363662656161316263303831
+66303137623563343066363933633939306432383331643662626130393865346237353432343035
-61393136363934316462616131326463333736656136643038623061313363386538393833663637
+39643562343231623539393833386461363362363566366339323066316463363334353430666564
-36373565333566306632313865646538633532393731313430633462666334323762653337383338
+62313039306234346663343934333435303636643632353336643638343532306330316238636663
-63313433333835653366363061343839326131666139346563306366656365316663333438363837
+39646366396136303663343662313264363831636232303466353536643362396139346138333934
-33323165353936343165646464306434303161313139653561346461653537616164623434376534
+65323463366438333838343265396261366136643662633733343737376466643636643265323964
-33666662343734633766356230383761353239333632613031396365346536373432363433633564
+63323735643965653637393031323166356335623838616562366238366337636131363333613666
-61633762393033343336373864653438336436613630366539333731383336346665313732396265
+64313963643138613831633436313262336431336563323337663035373138323439396231613361
-32356138666135383562656366353131366436363464643630656130303437623131333239386363
+33653538336633353432623632373730666437306265616631363235646633313565316663303435
-66373866393064306565306565386230373638633733326661333065633136633130323963323765
+38373933323439366664383334326364393838366436616563663062356635333635613966656262
-30353262323835313365383562326363343965636634376133613331363133313030346561653931
+32343063666132646638343965336336386265623566613662313634366235363235636139396362
-39363636636235646131353034663861336362383263613165323230366439383561653165363764
+33383334613032643030366433653164313538313239623062356161386535303163656637323639
-65366130623362623539393461363832353435616266393036386439303834316635366438393936
+34653162386338626430643662376263316264306133323038353362386239623939333365633964
-33383933366262636232383066663130383965306137356363363539633661373664613738336539
+61646264383834663038303464633334373639383961616665653362626464336136353662333630
-31363131616135623039346465623530376533386263343836376662316562386530336266303062
+38343033386361626339653239363266383866656466656335633763353539333732393438616365
-64386531303938623939653635313163633261336339366139666135323130653862346132646636
+31623030653365643166323230646533333563633935626436356165643036663530323331616461
-30363065303235346331333434653331646333616337623562643564366435613938643235333664
+32376265393139666161643330343530643036366666336639666265613138646561393931613661
-30626164373030303237656366623631396138333265383566333664663061613536666363623630
+35383839336539613738343638333636313063613935633833656564303535653831653033623131
-61623362383439636239336234333161366635306432363230366630383836326330343932303863
+61343466353461656338396364313531323865333338346364363463393666656265386166303834
-39393232373831363863333332636362396639663831656266336430313837666463336439353332
+36633164383839613830316434356632356436353630363666376330373762306632386533643636
-63303036633433323439613535326663633332346565646338353761363733643766363132666365
+33343934313936323439393530633563666463323761363737396537336666626639376562633833
-34303865656262303563323665363730663062626537363461646363636461633762663237366366
+38376434363662623136386238373339613235386361386566636563323433343431353234303732
-64393133656464643065633634313261336662646435313735306266316132636530393631353830
+65663530336261656466636536393763393537613665383261636234366263393039616337343235
-61303939373363323131316463333136326365333430626266376636356130396239323464353937
+31313636393166386634643635316135326264636134323032646462343861346231656237653131
-64616232373532396334343433636332353530386662633164353235626361623164313039336666
+61646662343330623266613064313632636238323166616463613132353761303662633163313562
-31636434666437393839393133633961373139313663616366373239386163623064373836376164
+63373361623935383466623236633232323130343064393765633038643638323437353735643832
-62316638366366376134386231306435616138656461373633393339653532363434393834393430
+30333763396565376266343434646263316333336130626463336365306132663036353133316266
-37363335623934306661333135343266663464623438353665613330356236323036363139643064
+39333962353862626638623464363634316239653233316435306332383934303239363930363363
-62383934363465316338393065383935646134353230376131613935613431656333383565353134
+36313931643730373865393665613633333064333530663937636438306164386533623138333665
-34643866353131653061623236306536363163373639396564336434653839346263303930633663
+30646239316633313164386339326132306666346633363865303861666536333662666263393034
-39393935636235313431303032336361313730373238333732626465346662363038636361383631
+38363638393435633238616232363763366237653530613763333762333330353531613036336164
-65393433346363366337383233646166306339653533646632623262376630383265393438326135
+36653536316532356337316262663863346333636336613830383363356537353038653065633163
-31643039333835666338383762336163336337343532393063323165636531353361613731363065
+63323937306431303435343135636562323939383434666363303631313461643038313235366437
-65303637396332613432663636326334646635346237396461636366356133303333306239393739
+34316563356365623130623664346435373066633832363639306237396233343531313965356232
-34353966653662346230383865643231313239626533643761366162613164333132373636623237
+65323537376535313261656663316265326661316237363336656536646535666334326663623237
-32356335643766646266646266633366363165373861306433316561363166363865303133633939
+64373234646261303463306362633762623735376465323536316638373165623264656135333761
-34633132343438363034323638376666313061383965323566646463653163313235373364386666
+62323761626231663263363764643465303133646531386165366266636266306338353665343732
-62393865373137343237306637363536383939303833663532396333313931336162333837613935
+36623765393538353139646362616638363365306565353662396638376133663761396663383533
-66383266343735396337663936333162323738383264376533316536376563396333343263643931
+35353165396261346665626431613838653763613331323262613864663437323235386337323961
-65646535363337373865353265306434356432353066656665366638353331366334366339613538
+34356564366230313062316139616366343132393261363564333632383934646435386261326131
-32373637633564613861626538373365336362313434633137613966353861393462623862663330
+33313438663631393466343633386637396463373838363938333131666137316235343136373936
-64386431373066306334383863366133333564373163386433313231363366393830343230323734
+65323235643130643638383661383837343636363266633165373436363165386264613631323261
-61633962356637326538336663386330653563353763663236623539363630626363323237333237
+66353133313637376638396465323533373934383135323831363266613931336361616139313766
-30656139626561313064323330373032323031343137366638303966313832646365666238326337
+61346436383330353265336330633234313334643566363066303835306263663630336439366164
-63306363613361653933306234386163383837666430616663383664386563323839326232383761
+62616139663666353861313265316463323932306364386637326438633861666231626539303638
-35373539626438356539393266653864353066633365383437623437356464383335383039343137
+33663361376131306365316537316637653661376637633438613366313230323138663030643061
-61373539343631373932373033656233323964353666626162386537616333366562346265656238
+61393965306133353434346531656632383735363232346531636338393561396461633431373133
-35396130356166303564303036383664656435626534303064653363316464616335303965376330
+35646166353538396534636663313564646339363866656336326131366465303239663363393464
-61646638383138323265313631613037396561626162306661653231646230343139656135333236
+31346130353139633363393161653637353838623131393536383235393161393562356239633038
-63303838316266333665636335663361656262353066666430656162323236633564313337353665
+65653933373130326466633163383066346332666662393862633334356333353032363135663834
-35363565303736633564356632346632343832363934343962313030646132663566346664313632
+36323638346134343131396538646334613463383362656261623834623162623664393261663562
-38393061613163356265643434626166393366366634343032626637333332316361663639623534
+37643238343461366531653761653466343165373838656566636664376435343665333534613766
-62323239373639393337373537646232663531653835356165313264663561623633633830373734
+36633763656563653363376462336336343530646166313333313064666264633337643733356364
-31336234613633666538373961626430316530346462343061323661353564323938353338373961
+33363865353232656464396562626530653833316233313562353137373038643165643465653430
-64616637303734303333626166306330613238646265636136653939363936356165356232396436
+62633865616265363036373737366336626436396133363062313032323634323864363465353361
-65353731633836363433616534636330663565643561363233396538386430393964353433616437
+32646431353733323134616162306337646332363631613563666334396131623764653463363634
-36343936313936303165396236393463646363383338366238363961666530623335653234656139
+35383732623164623532303036656337373166326366313037326133353465393937353266343765
-65346337663437623134376137326166323933613861663032623965643538343638376234316232
+37323965343632326361346632616161653261616333336561333730613664663133633933623835
-36333065323234663263343630353739313661373536316162366532336438373263303730626464
+61303037333739316333313763653466646436363239653361653864643335646435313362343632
-38613136393166626663636631363064303736666235333036616435373063363762666565363136
+35633931376562326165613236393134623235313961336332643936373835326238326633396563
-38333966303831313333613831313132633062616235353365313533386236613338373130303836
+64313937623034313738303764326337666239666266613131306133386265643039393864393465
-61326262313833306437366364316433393931353265326131653563656131333436376338613266
+66393964393437353965663764666338383033326633376232326565346236636136666464383861
-39326632613366666136643137303635336631353230396435313537656366326239626362313833
+39363265653166643239363861353839373038336636376366346430353263323136386565313865
-62653039343261613265306362323234623264366664306561663839306631663465303962386462
+62343730353265396338326463353535653939383336626630393838626132636230363139663536
-39353934643562383762623937643034383534393962333466613636346637323235346438666636
+38383962323763653464656233373163343463346638363334616534373235353334623732396565
-31613838313535666166663063373333653439313035346266666463623666613837313933623837
+31373162623035343938336564363964613135393435396430626232653230646239336635373735
-63343565663739393764353761316432626237346234663032316131306262356233333439323961
+62363931623235303839663433323236346633366465643961303730633865316536373938303339
-38646664383030303832646563393836643135303731306435383338623633626638306165386637
+63356165353538626337306130663035363432323836626136356466376362333834393937643463
-65393238653464623032336437643838333932366131656332333165376261383539386466343139
+30323036623239373031396237623964373037396462363833323565393230396636633963366564
-65613733383837323832303738363664653138613830376333363038383839623463623631666237
+30636330393735666563623730376336646462613365303330643634386236623436656666313862
-63363263396533353763373934373034643763376665316638353435663635346135333265363235
+61333334323230383061303730353963396466356335343532656533623264373462656265633635
-62663432343935343964626432353563313036303761393039386231343530663737633466643035
+32636437393866626434633066643566376334633963326465363763386665396530306462366664
-65343835353037643539316439666666633866356530363237373230373439373133313337653237
+39313533656536376435386438396666323963393663356331373435616532353139656561393161
-66613631373637313534353862653437393234363365323032393035376438616264336661616262
+64333838336365366164663864363263633630336162303866343434306433656263616432363735
-37336435326135373065353564383637626637343532396331623334643139386364316431376435
+33373136626230363234316534316230353836623033336639643235653731623934376639643435
-36356566363033636539363430356565373039363863396565643730656531346364626334393436
+36333037343636326438366531336165633064396334623334663835303736336564666132613839
-33343839303538383530363231366166623233333730323163323432373831313639626337346230
+30626239343930393864663635663765343233396134326364393236666636353630303561316263
-30333930333064393337616564386163623436613933623466353933393733346339383534633239
+62616639626666326631333734643665366262636531373138613930393366393762383637343435
-30633365313364666566643533326163336330323232353533316633313739343035383465376330
+63363365363062376339393966613134643731376531336230633536626330306633383834646266
-65356139386463633565366132383832643032333234633964373437633836343435393631396166
+34636363383734633065303336383362643130313732653436393133393963653361376561666334
-34633439643764623936366536353931646132373539326238303761383339643661616266646130
+33346664353861353136643733363335646336613637666236653765383235636233356533643930
-30393166393465326365393130636136336433623262346435353936306133616135653734383635
+35303361626634343565616361326233643135393963356632316663626137653733376433663565
-65393530633836613937346430366337626365363361663533313837363063396538663766646566
+63303865343032383364636431363736633463373739316662386663613139306638656664636234
-63373639653732353135343562353266316164303863336365303635653464393232613939396131
+35313562323234663730343162313364656231656164313766653635653961396330363536343062
-30636361343932663233663566656131363938656161623966316366656561343166336532613666
+31333065633665326132326532356632353931363735313134346362616562313839306539383139
-65613534663762353662353262623634616264373964316336626166353330303539356130646166
+38383463393035323462623035306464363631626361373439393632336436383931643861663263
-63643435353765633766626165643465386331333637366562393861613834323464363932306430
+63366238353732643365346462636364373739613364623939326337363437643965626365383934
-32643836646266643031396262626136313363623663366430376432373036643835653863323631
+62656661343538396461313634663030383336643362623637363631643766643762646364656331
-30613164326430633664306630333632363931656135643465363439376263386561383534633666
+39613763616464663866373732343431656331316231393234333163366561663665303634653938
-64323763656466343064396639313264386239356664663461333166626332326536623132333434
+61396161616131623166313266646632373338623966656635306635393730613238636339633734
-62303261643164643330333662623935383037353338306135613737306563326336336162633138
+37363838666137386637343261643733336134396233323761396333363761613634393833636433
-33623066373265663362303133363032343933306336396466383034636131333837313333326531
+33346230323066643136393165376638306235636635383632643137646335656565663039363337
-39336163313633623639303462313763656632633030336236643030343262653366633939643536
+37346264333232616462643332363736653439653764386663343933633966366631363739313731
-31636535393864663363353930363761623264343630396336396431663330323436613462633136
+63653532666165663161353065323866613461383162653639376666623739316361313139313935
-37336464353730643566393432343762333336653932333366636265343663323462626232623635
+65626633633732313562656332643735643663313334333566643632376261396364643334303865
-34346136333630363539633666316561376266373032373961313437653564636537656630303261
+30363462373036633839323833313930633862326263363634653736626330366235353635636631
-37313639333233333365383763333061373730623939303530303832646365323739356564626137
+65643532633239303061393332363264643336653365626634363339303538623230373035343837
-35633366393636376463393961333830343232363266633931613332643134643234303733373466
+61326662326631386234653833313663646232653939383833316266343530373166633339326135
-35323831623931633436626636346431303965663639666566623433383736633834626330303265
+63366235356334343130663832346238386133663364386266373932663036346565373964376433
-37353337656233663938663839373931623137666662623266336537383631626631306235363064
+65343931363538323734383339323131343337323332353163373338633634613036663331326533
-33313564316438633139336261623736336336326239376630316335313631376132646563333430
+62343663646537636534386631333230396235383961303538643433343037363065356137336133
-33656432643130643832343065353834633366363339353964623762666564633835633636313731
+61636462343335336431386538623037383639333735663465663864653337616534626634656138
-63353637636165663136623736343234393038313235333363643237643566623766393838386635
+31616634653863663935356432313839346666326361383631613936303231323930653666306331
-33646233623032653233336266636335666233353032303837663162303939383262373761623261
+36646265373538353038313563653739353030636637613930353866623433626633656532643039
-35366661363966346233633739663635353361303264356534366235616164316138623730623632
+65386563373064613263663935386337623938383936396336313538326131313530643565333065
-62316362623736396264366632373661373835393434343364353431316362666235616635633566
+36383334613961323237336362633833383438326331623565383966636330656163656431336537
-64353530633334393737346663653562346335323065356665643132353738363132623031353664
+32326238663236326536363862396134343565336432656233663631343264653639643732313734
-66666639326238386634363664356664343161386435323736316636343536326435303066353035
+30356537386439383639376165313639666237356433333964646662663032643834383930366565
-37363731613138393333636562386363333932386362303139643262386237353863363764643139
+36323063653366373132623664663664313434336463653361373636313964343939633036383730
-64616561373239346464623165616332623434303433626638376232333733646136376431626438
+33343261363334396639623035663436373431653366313866353263373036373733393035613531
-66613134343639656331626630303030366133356636663735353466353834613430356265386162
+35636433303132356333343539393236353331653932356530616662353939663961656137616634
-66613332663232623438636661306332613162666561353537313336643134663664306630636639
+61383538656363333437346535643132333163333936643361613835333861363561313930323862
-61613363353264373831393962333631383236666130646333336431303735333165656438363432
+64623439383335386565396130323366383962333833383238393361636562366361316563333731
-38396530333631636135653534393531326434306362396237366430383166323832336434376364
+62613037396236623461373432653261663261316530353434376665663339623464616265393931
-38393431646338316232373431613930326532646333386435303034356564336665346133393866
+35646463373262366564663034333038633733353032363331643265643836643136613233653065
-61643533643361646265313334633463616437393437653935613261366635616430313064346532
+32646537643562353565326332633230396235653234666637313535346530383766386130396539
-32363831613565313836376338646466323130373032613863323037323566643164653132633735
+65663661323934646630373361656262643231333465653138626266663161653831303230656561
-65636562653535626461396666643330386333663137613333643165656336633038323036373162
+37613431323333343936616430343434323366643535663562336535666536623365613361303861
-31376338613862333334643561313332326237646565633934323032626662633631633033623063
+33613035616139363537646239376563393165373363643037383639326362383963653736616631
-63306664656437663732323339383735306132616531373865323835633264333639336163366466
+63633239333265646430383630613462313933353566663765333533363863323861366566386331
-33373433653839393638323034623835643531393266306331313563613265616633353763653438
+34356133333635343866613063313738393733633965663739336663316231623038623736633264
-65363532653163303861383531356639316331343531666666636336373634636134633331366364
+35336631613165313532666161303265616365653038306333346136386162653861633036356664
-62366230366435323435613964636533353236373935626632623536396664313264653031623062
+64616136663430623562646132306262366362353861613239663563633234386366626564333537
-33366166343630313839366262313234346262343336386538336335393835646138666330656361
+65623439666139396634376534316630613461336666343162333139376461636235613639626663
-61313936323838653832633130346539636363613838343363663431623063333933383466353938
+34346232643764643065313130333765363766616631373265336234386664616334633261663631
-65383361333561383631643938613862343236346233363466333237316339616362366565306639
+62343439363163623731356538623061343935313366353839323665346266376631383234656135
-39356563656132303463346138356435303038303165363935343266396462326365363262393336
+37343536313136656633343938336465373131313033643136666164623338313063653262383961
-37396235366639623761366239386165613065626431633733306234343866663266633631656237
+61386336363932336131323735626162386264396236376330306336326331643834626537333164
-63643430383433393835663635356265636635363137613064353066313338346436356632346265
+62303237333538326432363137653261333937326234373665313135643465613734333065306463
-38393730336465396263373137383238653337396364643061303234666266663064663265383434
+66363662373165363337386534373965666466366566663832363433616334376139623937333435
-36636138643432373633313038393737663735363838396164366234643533633762383062353831
+62363433343330643763613435303839313665393162313737313439356331376137613635383630
-66326231363337323666386263373438656630346336663239643030386434636264666634393631
+38333032636564623236656236633031313838396131356431303133386364333763613534316264
-39313364333761343532346165396365306463393037643935666363323630326664616638313338
+66376665656535636331663333626163633035663332653139636262613031336532353336393131
-39396336653738353333343835363861643166376565346463303135376439336134666235623230
+66373861343332656131366265326230376662326162336638396365643532303666616630353537
-32363031303732666133386164313437366164326539373564623236356432303132633436323563
+35656433353765333531303464323166323538656437646564393039626337303361306564333234
-36323634373538376133613736633133356638323861636434646465643432636366376138636232
+62353666613439613565623932373937306130303730626332653333396631393031313031636535
-63633830613462613831313938326339343632393038376639623131366364623536353338363439
+31636263303632666466346263343232306262623231323161393866376165353938616536633662
-32613331623863336165636364616634303264356630303665383638663737343836663831363263
+39623962313465363561393434313331313065323665656266306338626665323863663362313264
-63366562393734323030306436346534626530656465396535323835316139633562363830373437
+32346136613339306539326561383333376632643365663834646465376364643965323934303835
-63626530326530383538623165356532303862353763326432373966626436303465373431373762
+39323935613463363431663333383638346665633434376232363163396664336335303866336563
-38613539623164353732623636376630643465343839666531306438326633343362306665366132
+37303435393962313061303365313261633037636165663339333534383461363335353533303133
-39396537366266353864656232616334336130333337306463313932393832653661343036396261
+65393834666431343630366461313563646162346232323838373834626334666532303062373236
-64613461633433356334623631643861303133383963336635623138326139613564343838366565
+64653662623362363535363962333561396131613638613237643164636335346231373539376232
-36343130353462333162313736636139306233366466626231306561626335396262663531333839
+61633731373632366461343630306662343130373665626138376434633963653932336233613336
-61336437343137356335633764373730306466326133356331333530353537616661373062656438
+32326237363063663233616533306337373331613234376264353531633034616638323462373264
-35356235666464656466323937353837623535643937383866666133383633396563333338633034
+66643238363838366430316135663161616663316165343334343533376637373632373634636339
-38366531613164363966323137646237393135383164643230663331306335636432656565633636
+64386230616139316435666661306237633434623638373235646161623538363132363833646532
-34343031633632346533353666353034666266666561346464306665386634313263323333653330
+65346431373439343434656630636164653766356439303530306432333931303539666131333332
-66323033393531343633356466613837346164393332613037636465343230623731616361336338
+31663039303133306436373531333831633461623635663332376438326133303538636137386263
-61373332373636646435353734386366613334323161626437396232613534613330613532323534
+37396263663737373264653863396233623333313930353661333264326230613466376535653933
-65653065386432313733663165616333663666363733623162306536303833663136353334656466
+32363232336531323034316637663061616136613038383966346337313534623738306662326533
-64353931363838613761663561666639373865393438396565626661343934353662363834636535
+34616464336239363431626537396164623562303662316564623964613630613065333630376633
-65363664393433313036383438643864663339626331343230343337316437336634636363303563
+36663864646463393333616539613731653339343332363061393664613563633836383331343836
-35373539383535353235633730386232363539616632336566376264393832383637663330613133
+66636538613265666430346634386561343538653730336130326333393733343866646430373930
-37643261363966633138373935333438393536373938383265373261363232343030373539366335
+36313730313338303538633739316365366364333563393432336565623330313734343030393364
-61633162663137643061363366653135323639363838626266386262666133306461333432313738
+32383434356330336234303666326464656537643664356565666661396161623234383262396465
-30313332626166303630363839396663396564633961383863326663356230343938643833303933
+31346130386635336136666335346431303061326538633361613763656166646266666330616266
-34333032353935323565346633363537656639613663356130383264373739636231363364613066
+36663662663739323032653935313766343330313133306661623237373836363863646135666434
-36653664346434393933383337313630623131396461343930383537633536643365306564396665
+64373036343639306337353465656631643566373561333464323630633466373462626131356234
-31353861643335353538623838393335326364393738376239623431306231363739656438626265
+38613231663833393732333663653162336466346130313833633630663965626130363065313031
-37666532336661306262303761616238666239623265663231386165353437366631376234343035
+32343465623932643036373830623965356437383864383037346430393065376530353133333030
-33393037316563373534373765616238616639303031346430623561663430393536303163613338
+61653032643238303338636638613464316539373761636662343935353363646434656131663435
-65353062336164626335376235656235343637366438353334356436653266333062663838316263
+65326135656366666436313661303065376137333462366537643666326664323735303939643961
-32623732306462356162623437393035626433336631643833626463656634366332613936346465
+37373764623733356633353236623534323734383664306166303762353135346237366462646131
-34653331363133373635633330363564333264623566613432383439396537343963653239336265
+63306533663930393665333864666530666232353562373436333034626236653462336638663438
-33326132663434363065646265646130333935303662623037363938313464366564323734333437
+64613564636537306530353839373366646136353039626264646463306539336261613735623461
-36336335303738643634653164306332636130316161393335656536386131396662616366383139
+38323735393166383861613065386466626534373034353130653731666138643837663662383130
-36663863343736666665363337663537326330323437346565346465326231366563643136366365
+66303363663635333530363630653937633332316535643261346238663932363963323932373266
-37636361343961326261336437616266373962643765346438333766306537303137353764396330
+66663436343361656464333533663633633564326234363062613433346536323731333438636633
-39626635373631353635313935363834363730386132376363663462653330623130663266373432
+37316464326432616432616661323635623236636361313166353230306362383437323231626237
-65343237326535613535386363396236336536366165306463643162346638623638373433646163
+62663338383461613239306339323336626361656165353532633834326337656533303334613661
-62613935363636353639623839396231393838303135346536383037353636613563323234626131
+65626565613337636238653031356635393062643739666661623463643633386233633634353265
-64373666303436393861373164376564646235366131343433623733663832653039393738343537
+37396363636339653765643435303535393738303637313835653564306463306637353132303735
-65323534343464613230346532623966616462353532373064623566626563336464326336393364
+65333236663733333262663336393266346134613435636535376462363033383062356263333263
-39626237646431313135323036303065343138616632343237396136366332636132303037376132
+39356561333435643639666562363338616133386338353837336230666232646135386436343265
-33623031623635653162616265316366663262373666636638386130643336383130643232643662
+35666537313862643466313635643834363138653735633364636138376162623463343330336163
-34326663343562613962343033396332303261636230353331313730336630633461333736626333
+30333832663438396531333136396362636263343430393732396433316132616238333034353634
-66636430643330383032646634396133626339623036333963396662313234623466366634636334
+62326133303466373662616237353865396363363932363161643939333564663335363661653939
-33373762386662613966353664346239666133656435353365653536356331613632666132376264
+35356362653163613966313063326630616339373133333236636138383662616236643262393332
-62613433366633663065306166396166633836306139376533396165393966323465303638373563
+39633962336366666331343537643032303337326637303466346435643730626361376132393962
-63326330323161303065643365343363313338326238363137663139613463613434643834613662
+33303932373136613261396639636264353832643531653635306231616531636462616238363038
-64663365633965653363633165653038333335333232633434323037643936646561376431626230
+38316439373637316465663833356539383839393236313639326364303861656333613663353231
-66356138373136366134373533386634373061666330663364376336383433306331386162393633
+62323533363534363165313462656230623930373361373039313362613861363832396638386630
-33636330643531396464313736363061303466393861613730323563626363643731333633366532
+65636266303661336331383562626561633035376135383164343265383432326438303163623338
-64646130636234653566346533323962353332653335336239353630633535623935396638663366
+63303432663664363232333838343937353535346131613762386338346131643865333139616161
-37383661343636613261623833653032373764653164346634663431653664636233323734666166
+66306237303331623339396162663966666336366632313034366130353762373031366664376639
-36373664306566663930353338366431623563396166356638626166333165623263636336613138
+34346432616334356565633438346134336363386434656238343830346661326465623235656165
-34343936393964666564306637346561393538383137663162663630336462656663316338376236
+30366565316666633433393663646139623234303735386430346132616239303365666432313533
-63633666333263663734353861633164653132663334306664643133663736663766626639393236
+34653336303334663433303438303137313939343535303332306163346562643033653632633639
-32653430333163313363343731666135656662363838366132383732346130313130363365656263
+33633632376433346333663665666339653334623934636231616637613837633731383963356434
-32643533393163376264653632663262353966306630333064313932616262323134326361633764
+65316566666666666233363965303961366338653632313265353137383332633138383133363166
-63383837303936616434616630653833653833623263623532306363373836323431393335623530
+37343262393330663130346361336233656361376334353332636566373339623133346264376430
-34316562343035326265333164643163356230643639373431326431303538346363376332373434
+36323334326633623430353837346638653931333033373230303238303132333838373835626130
-31313666313663343363353130306561646136393732663164393232636330663635346434343134
+30636639363936383236366130646331356333623132303630336263373062653230633034363431
-33663138663336636430373763396435323138373633666438623234363631336232366635366532
+65333037656332353930396461633938303534396464613433393566363136366232653363313636
-62616239663934653462656163326134303261376635323864633435383666363065656665303538
+31623637326163356236393732646361633134373330303166316138313630343535643863323163
-62626538343638366236646136363232373437336630383739656438636465326531646664366462
+63626237313131653838303035643863663863646561343463653331393762663336346362346135
-36353663626634386538336239623734323234393463313034303837363164363263623065613061
+38303134643233623134326434643534663637626466396533386464353038663561336236636237
-38333162646232366339333662313965663336613238386530393162346266636532353433656136
+62313562646365346531346331646537326534366137313230386663623537623465373834646438
-66326436323836376432313238613165373565643233333435393361636637653361616435393438
+35356539376565633065306134356366306563306235643132393763343164373633313463663136
-32383763393561343734643438346635613663393736613839623263663866336165343235663933
+39376663623963323063636631626264356230636434386666666366333561393430613264396164
-66623137616561313462653631613830363666653635336534643935373739353138363934656134
+36306436366366666461306239663438323764363130346534336334346265313631363033363134
-35663063396162623432373534333463376231666466393963336231653939326663396336383735
+32346434346263343933343236306432666434653035313638626637626664383836613964353761
-34633763336163313432616163313638623963306666643432306661393632346339373963633265
+66303539663239313766343661396233333236633763313037396235626136323432313236623339
-32303862643661376433356661383335313365306534663534396638313531373538326236636363
+65343931343035663636363062626432613836303861653236363736356163396264633032306132
-37626138333437393363323261336663653163643565303063313231346131376261653763356631
+32366238623464633031343261616665393530633264633664333063313736363331653032313164
-62306262336337366134626632333663363139393131306666303235303761623665356431646234
+35313939333035373663353063633066323137336233616131623565313365373563363563623861
-33666461663035303066353137623762653565353533613435663839396238336337333463636465
+38336532396531343834623330336264303964383564336664396139663765376635313333663034
-38353135356634626137376232613330393235383432356436393030313564306537616363383136
+35353961663562333137613864346234326261626630623861326533323435663561663165383132
-66356463373138313661373565326565343066643133633630313031303132313031663739316631
+30623631393235616136636536363032346363363032613730336238666366356131383862613862
-66666631386163313034306532393862393930653931363235396662366262636466363464396466
+31626134636637336361323435656365383261383235316136393032663338653032343065363637
-61303962303066633764393831396632626233343633313061323838623134373036393164633139
+61383764306630333765393533303238316466626361353937636339306666623134303565386632
-30303861636335636131376334376239636235653233323435623262366132663934613661333135
+64656636643334646665336532643436343132653461356339366431653037393737383533383564
-61386136326435363337316363666330363431613135663661303438383664663930656564373730
+62396663366332353735363030626165663664666465643238316237633538623664313533343062
-32373731393666333364633835646431646662313232383136616238303264383438663766356462
+33393363323762393130653665336161383935303336386531656133373665613332663736646137
-32346664376430663934626661663039656461383738626265346162393861346163656161323333
+32373139376263333731366164383834343365333837633736366632386139383563366131323666
-39323666643031376530303230626166613233383731363766373634623430633635303963313466
+65313862626335653630623262316563386331393236383633336133343062353031346435616339
-34646331363539636133373134353535356265393265393635323532323134643034343663636362
+30383534313865363162356130616130656434383133643365306462313361666361613836633763
-38633261613433393634396234396265623063346138363133646532366638306632396464646432
+37383933666264646163643033323836306333633264326335316163333464623737343465373961
-61373961383438386535336131393633303430346162613738343839653038303035303033626535
+35393661393664323335626639333361393034306339393164373132373665383036323566626363
-37343030623530333332306265373539633735616634663666356437303862636338363866613861
+30623733306363626237626466613462623362646664346533316362333037393736363161363133
-38346130336338373865343866306665616530313938616366346131376262346135323537663137
+63373539626232633565636362646637336465623734366164396663303037623333656161313331
-39383366313766666234323234363937623264353532323033363966313135653163343036666262
+62303139646130316263633165653063666366383964376535343232343363393062393336663538
-34393832613034383239393930383063336131356364303231323966303633333331633666373764
+36356362366665643365656566653638343361306663396661303735353536323737653338306534
-65383137333965663234663933303231356165376233326233303035316536666563656363343933
+35323139616563383339656235353230316436666534366362323631316263333435316531303766
-36633039666432643135636331353932633164633964623661373739633665313433306561303637
+62376263363439366236636133613634333238336237333665636662353132373134326230356133
-62373534346562363132643063643732343462653838393635343266626535353864656437313434
+32383537633764663538326466663936373266376232643131393732356361353864353235303162
-34376538303965616539626534613431623834376337643936613137323031323139393762636463
+32623038616231653965373538653036393864373064646366333162363639306364396363636337
-66346664666361623636666533663037613434353135393862376633636233656330366136646434
+36303533663862313133336533653439623663373463633162353638313434353766633765623938
-30653735323961383130393763333630306131376430363436623238646632363462383739653636
+35306432626562386331396534643261663362363861366532343831646463653330343037643832
-37346566663039383866323639633565366338353438386461616239313639343766333661346435
+36333433633761633765363531356439663861313936353863366164343163646239313830346364
-33316538366463383733346663316564656566656165396465393461363061613239666165346661
+65303632373335346231643662336564303764633239396232326366383662346637666336666366
-62346639623163363762366431313831663135643062336363323336303737393437653863303665
+38643937306561663839383933663035393664663531353961393138333330616663396338623763
-36643466336566336236353166333063633830646461626262333937316162353365353130353535
+63643165346532326565613466643066643366363237356337663239386437356234363861633066
-30383164363532363532306364393236303537383139643431393962333063633162313033613561
+63313763323064633030333338613565316362346338643439396532303635633337643931656363
-32323434336364343061386666616639336566373461633462393130336461303531353436623065
+34383365616364373530613864363934303837653639373831383139633765656337353764323261
-65663430623066336533373662306566396263376562343936666166626666323964373334613835
+36663738393863613263356230666636616534333036663964343862333763646636653063373235
-64633535303365643564626562643562636363363834353865353765356665643965663861366436
+39373639343138366530396136313435633163346264643566323537616330643639643230656430
-63333736613232353130616466316637613966646139323565356537666331666564623832333439
+33613637653033313135383332373433633639393564316337633764356565306130663237393533
-36376131663431616430616265323039646432393166613631313762613264313765323231663961
+65666632316562306366616536633535636635613566636336363462346533303537393132303932
-65616636306362386534626130636261636566626365643630616135323634343935653033653433
+38613934653363393437316261323931346633623632363863396365346562373964313237363130
-3061
+64333137396235303765643464353931636466376437626130336366653339306335656235336235
 38636532393165346132313161316339616362623834636465396362373734646533646334313335
 34613534643764663832666139666631316334653232613036306634643337666236353931326431
 62363965663736653865373838326563363937313334373937353564363562323834383335663633
 36393731366263353565646463646464613236663232333035376531333863343261383933363764
 36303466353536633961633536333663393862396136353930333033373664616266646463333465
 31333636333337656537353631656631376432376562386235346464323933303666616661313639
 62646439633264623735343164613066623464613538666134316338356235363861643965343034
 33656664373766616137383937363738313935616162326435616630373234613161333132323230
 36366330343034646431343163626235313863376237353465373562363966366161636165353365
 61336661376162396633383939323566643730613837313233623339656433303862336665393762
 35616365343239376432363061626566653931643633373634396565623965323239396466313462
 62393466636436353763336635306365373730626161363836663137646437343330326135393231
 64343539613233353637323534306337643865623738633030373637636335626437373162336662
 30313033373336363735393435383063303133636334303531343061333133343537373239313433
 61303131353535303937636432633337323763363463366636396632663438396234343133643636
 34343938323537356465613764656239663764363161663931666631643132393538613265353235
 30326364346362353661346431316666363037633031343236363365336234353963303863636662
 36323231393433623239613065326239323866323430646530376366353035336665383536313962
 61303838376235333532643338323361356339323966343334353731373932656563306263646632
 62343164353162313164373036393139353566396638356532633234396661656633313437313732
 62396134663436663133376465636164306634343531393431383630376563343062313866363839
 66393939383138396632313962613736343431643834646564353562343938313033636166623031
 62383863613465656638646236356334346130623163333630323935326439636632663333393136
 32373265373665386164333330366535383663623235336362653634656164643635396163363930
 66346137313031636533386337653137336263323138313462343936643630383233323236613466
 65313435386565366161336631333064383734616464356134383661613665623566346131303730
 38653339643962616538373263373433396535623066373466326331323131623866613132363765
 65373433336133303839383463663861383835336337303537306136666134393631393133306666
 32353836623636343037383032663333333265393835623531323532376330326130613134396261
 64303063393332393439323930376464333338626331643261326131636434343538343761643231
 64616233376236373436396234383235343662343538383830633337373037326231313332653263
 34333830353633626136633737303138363932303534343238333234626535313433666337376162
 34366365353335396163313032663561643466393535366139626266363732633363343963383561
 61626334303635383463636163306238653830366236396632653866636533613334653737646633
 65626166323531353139313538386435363961386664653036336136636337653463376136336565
 37623531636639363434393738373038376264626163363131383835653965323566356639323239
 35396238323831356133393365666238663563333335373664313165373039373465323532333361
 38623635313838626135303262653935653539646130306138363662626664623263303661366632
 37623035336336396636383139373139353034373864653235336132626531666366653564373735
 30666364623463386465366635643935393332306630313233653234326663376137663065653937
 32306461396132313630646462363962316238363935386339333236653364643330356535646630
 36353237343961303164616236613063333163303233316666313864666363396361316337326263
 39613665366662313430306230663235393331626335623334303161643232656337313066363235
 64376635653231343031323838363931396235383936373735303965636633323530306233336264
 31343063653636616532343764623434393936363433356265633433633434343266303462626131
 65663638373565613233643566373032376434646566613835376639366539386336396134353166
 64663832343239383234393264383961663461376238373132613933643363393665663833356664
 66323064623738326636343236306639656634373263356433303264386333363933343438623531
 34306632323665613266626666623134303338306639633466356232333336363438623630303734
 30336237316235363535396633313561373931623133373564383165643339613337616437353033
 33303439616232366331393763326564613439383630316530646432353866303563643637373738
 3764
--- a/group_vars/dhcp/dhcpd.yml
+++ b/group_vars/dhcp/dhcpd.yml
@ -0,0 +1,69 @@
 ---
 dhcpd__omapi_key:
  algorithm: hmac-sha512
  secret: 99XuJO0ofX3VAnWWlyixWbQ5YTagPfgxyh14IbLNBb3/JzEklkWopvQdj/PXVYbfb/sRyFJBhLexPag4dLh7PA==
 dhcpd__interfaces:
  - client0
  - client1
  - client2
  - client3
  - client4
 dhcpd__dns_servers:
  - 10.128.10.3
  - 10.128.10.103
 dhcpd__domain_search:
  - isp.auro.re.
  - auro.re.
 dhcpd__subnets:
  - network: 100.64.0.0/27
    routers:
      - 100.64.0.1
    start: 100.64.0.4
    end: 100.64.0.30
    domain_name: client0.isp.auro.re
    failover: true
  - network: 100.64.0.32/27
    routers:
      - 100.64.0.31
    start: 100.64.0.33
    end: 100.64.0.63
    domain_name: client1.isp.auro.re
    failover: true
  - network: 100.64.0.64/27
    routers:
      - 100.64.0.65
    start: 100.64.0.67
    end: 100.64.0.95
    domain_name: client2.isp.auro.re
    failover: true
  - network: 100.64.0.96/27
    routers:
      - 100.64.0.97
    start: 100.64.0.99
    end: 100.64.0.127
    domain_name: client3.isp.auro.re
    failover: true
  - network: 100.64.0.128/27
    routers:
      - 100.64.0.129
    start: 100.64.0.131
    end: 100.64.0.159
    domain_name: client4.isp.auro.re
 dhcpd__failover:
  dhcp-1.isp.infra.auro.re: 10.210.1.1
  dhcp-2.isp.infra.auro.re: 10.210.1.2
 dhcpd__failover_address: "{{ dhcpd__failover[inventory_hostname] }}"
 dhcpd__failover_peer_address: "{{ dhcpd__failover
                                  | dict2items
                                  | selectattr('key', '!=',
                                               inventory_hostname)
                                  | map(attribute='value')
                                  | first }}"
 ...
--- a/group_vars/dns/kresd.yml
+++ b/group_vars/dns/kresd.yml
@ -0,0 +1,24 @@
 ---
 kresd__listen:
  - address: 0.0.0.0
    port: 53
    kind: dns
  - address: "::"
    port: 53
    kind: dns
  - address: 0.0.0.0
    port: 853
    kind: tls
  - address: "::"
    port: 853
    kind: tls
  - address: 0.0.0.0
    port: 8453
    kind: webmgmt
  - address: "::"
    port: 8453
    kind: webmgmt
    tls: false
 kresd__cache_size: 512
 ...
--- a/group_vars/edge/keepalived.yml
+++ b/group_vars/edge/keepalived.yml
@ -0,0 +1,21 @@
 ---
 keepalived__virtual_router_id: 81
 keepalived__interface: back0
 keepalived__virtual_addresses:
  crans0:
    - 185.230.79.254/29
    - 2a0c:700:28::2/64
    - fe80::1/10
  zayo0:
    - 2001:1b48:2:103::d7:2/126
    - 83.167.52.69/31
    - fe80::1/10
  oti0:
    - 2a00:a4c0:100c:1::b/127
    - 77.95.70.11/31
    - fe80::1/10
 keepalived__main: "{{ inventory_hostname_short == 'edge-1' }}"
 ...
--- a/group_vars/infra/bird.yml
+++ b/group_vars/infra/bird.yml
@ -0,0 +1,86 @@
 ---
 bird__kernel:
  kernel:
    learn: true
    import: accept
    export: accept
 bird__ospf:
  limits:
    import: 4000
    export: 4000
  import: accept
  export:
    protos: kernel
  areas:
    0:
      broadcast:
        - back0
      stub:
        - monit0
        - wifi0
        - int0
        - sw0
        - bmc0
        - pve0
        - isp0
        - ext0
        - pub0
        - th30
        - ups0
    1:
      broadcast:
        - vpn0
 bird__bgp:
  edge1:
    local:
      address: "{{ bird__bgp_addr.back }}"
      as: "{{ bird__as.aurore }}"
    neighbor:
      address:
        - 2a09:6840:203::1:1
        - 10.203.1.1
      as: "{{ bird__as.aurore }}"
    import:
      - pref_src: "{{ bird__pref_src_addr }}"
      - accept
    export: reject
  edge2:
    local:
      address: "{{ bird__bgp_addr.back }}"
      as: "{{ bird__as.aurore }}"
    neighbor:
      address:
        - 2a09:6840:203::1:2
        - 10.203.1.2
      as: "{{ bird__as.aurore }}"
    import:
      - pref_src: "{{ bird__pref_src_addr }}"
      - accept
    export: reject
      #wg1:
      #local:
      #address: "{{ bird__bgp_addr.vpn }}"
      #as: "{{ bird__as.aurore }}"
      #neighbor:
      #address:
      #  - 2a09:6840:213::1:3
      #  - 10.213.1.3
      #as: "{{ bird__as.aurore }}"
      #rr_cluster_client: 10.203.1.1
      #import: reject
      #export: accept
      #wg2:
      #local:
      #address: "{{ bird__bgp_addr.vpn }}"
      #as: "{{ bird__as.aurore }}"
      #neighbor:
      #address:
      #  - 2a09:6840:213::1:4
      #  - 10.203.1.4
      #as: "{{ bird__as.aurore }}"
      #rr_cluster_client: 10.203.1.1
      #import: reject
      #export: accept
 ...
--- a/group_vars/infra/firewall.yml
+++ b/group_vars/infra/firewall.yml
@ -0,0 +1,365 @@
 ---
 firewall__zones:
  adm-legacy:
    addrs:
      - 2a09:6840:128::/64
      - 10.128.0.0/16
  ups:
    addrs:
      - 2a09:6840:201::/64
      - 10.201.0.0/16
  back:
    addrs:
      - 2a09:6840:203::/64
      - 10.203.0.0/16
  monit:
    addrs:
      - 2a09:6840:204::/64
      - 10.204.0.0/16
  wifi:
    addrs:
      - 2a09:6840:205::/64
      - 10.205.0.0/16
  int:
    addrs:
      - 2a09:6840:206::/64
      - 10.206.0.0/16
  sw:
    addrs:
      - 2a09:6840:207::/64
      - 10.207.0.0/16
  bmc:
    addrs:
      - 2a09:6840:208::/64
      - 10.208.0.0/16
  pve:
    addrs:
      - 2a09:6840:209::/64
      - 10.209.0.0/16
  isp:
    addrs:
      - 2a09:6840:210::/64
      - 10.210.0.0/16
  ext:
    addrs:
      - 2a09:6840:211::/64
      - 10.211.0.0/16
  pub:
    addrs:
      - 2a09:6840:215::/64
      - 45.66.111.192/27
  vpn-clients:
    addrs:
      - 2a09:6840:212::/64
      - 10.212.0.0/16
  vpn:
    addrs:
      - 2a09:6840:213::/64
      - 10.213.0.0/16
  infra:
    zones:
      - adm-legacy
      - ups
      - back
      - monit
      - wifi
      - int
      - sw
      - bmc
      - pve
      - isp
      - ext
      - pub
      - vpn
  internet:
    negate: true
    addrs:
      - 2a09:6840::/32
      - 2a09:6841::/32
      - 2a09:6842::/32
      - 45.66.108.0/22
      - 10.0.0.0/8
      - 100.64.0.0/10
  prometheus.int:
    addrs:
      - 2a09:6840:204::1:1
      - 10.204.1.1
      - 2a09:6840:204::1:2
      - 10.204.1.2
  grafana.adm:
    addrs:
      - 2a09:6840:128::98
      - 10.128.0.98
  nextcloud.adm:
    addrs:
      - 2a09:6840:128::58
      - 10.128.0.58
  dns.int:
    addrs:
      - 2a09:6840:206::1:1
      - 10.206.1.1
      - 2a09:6840:206::1:2
      - 10.206.1.2
  ntp.int:
    addrs:
      - 2a09:6840:206::1:5
      - 10.206.1.5
      - 2a09:6840:206::1:6
      - 10.206.1.6
  docker-ovh.adm:
    addrs:
      - 2a09:6840:128::150
      - 10.128.0.150
  mx.test:
    addrs:
      - 2a09:6840:211::1:5
      - 45.66.111.208
      - 10.128.1.5
  proxy.pub:
    addrs:
      - 2a09:6840:215::1:1
      - 45.66.111.206
  collabora.ext:
    addrs:
      - 2a09:6840:211::1:1
      - 10.211.1.1
  ns-1.pub:
    addrs:
      - 2a09:6840:215::1:2
      - 45.66.111.205
  ns-2.pub:
    addrs:
      - 2a09:6840:215::1:3
      - 45.66.111.207
  ns-master.int:
    addrs:
      - 2a09:6840:206::1:7
      - 10.206.1.7
 firewall__input:
  - iif:
      - back0 # FIXME link-local
      - vpn0
    verdict: accept
  - src:
      - back
      - vpn
    verdict: accept
  - src: monit
    protocols:
      tcp:
        dport: 9100
    verdict: accept
  - src: monit
    protocols:
      tcp:
        dport: 9324
    verdict: accept
  - protocols:
      icmp: true
    verdict: accept
  - protocols:
      tcp:
        dport: 22
    verdict: accept
  - verdict: drop
 firewall__output:
  - verdict: accept
 firewall__forward:
  - src: back
    dst: infra
    verdict: accept
  - src: infra # FIXME: temporary
    dst: internet
    verdict: accept
  - src: monit
    dst: bmc
    protocols:
      icmp: true
    verdict: accept
  - dst: mx.test
    protocols:
      icmp: true
    verdict: accept
  - dst: mx.test
    protocols:
      tcp:
        dport:
          - 25
          - 465
          - 993
    verdict: accept
  # NS
  - dst:
      - ns-1.pub
      - ns-2.pub
    protocols:
      tcp:
        dport: 53
    verdict: accept
  - dst:
      - ns-1.pub
      - ns-2.pub
    protocols:
      udp:
        dport: 53
    verdict: accept
  - src:
      - ns-1.pub
      - ns-2.pub
    dst: ns-master.int
    protocols:
      udp:
        dport: 53
    verdict: accept
  - src:
      - ns-1.pub
      - ns-2.pub
    dst: ns-master.int
    protocols:
      tcp:
        dport: 53
    verdict: accept
  # SNMP
  - src: monit
    dst:
      - sw
      - ups
    protocols:
      udp:
        dport: 161
    verdict: accept
  # Alertmanager
  - src: monit
    dst: docker-ovh.adm
    protocols:
      tcp:
        dport: 9093
    verdict: accept
  - src: adm-legacy
    dst: bmc
    verdict: accept
  # Prometheus for Grafana
  - src: grafana.adm
    dst: prometheus.int
    protocols:
      tcp:
        dport: 9090
    verdict: accept
  # Admin VPN clients
  - src: vpn-clients
    dst: infra
    verdict: accept
  # Prometheus node
  - src: monit
    dst: infra
    protocols:
      tcp:
        dport: 9100
    verdict: accept
  # Prometheus bird
  - src: monit
    dst: back
    protocols:
      tcp:
        dport: 9324
    verdict: accept
  # Prometheus kresd
  - src: monit
    dst: dns.int
    protocols:
      tcp:
        dport: 8453
    verdict: accept
  # Allow DNS from infra to dns-{1,2}
  - src: infra
    dst: dns.int
    protocols:
      udp:
        dport: 53
    verdict: accept
  - src: infra
    dst: dns.int
    protocols:
      tcp:
        dport: 53
    verdict: accept
  # Allow NTP from infra to ntp-{1,2} 
  - src: infra
    dst: ntp.int
    protocols:
      udp:
        dport: 123
    verdict: accept
  # Admin Wireguard
  - dst:
      - 2a09:6840:211::1:1
      - 45.66.111.204
      - 10.211.1.1
    protocols:
      udp:
        dport: 5121
    verdict: accept
  # Proxy web
  - dst: proxy.pub
    protocols:
      tcp:
        dport:
          - 80
          - 443
    verdict: accept
  - src: proxy.pub
    dst: grafana.adm
    protocols:
      tcp:
        dport: 3000
    verdict: accept
  - src: proxy.pub
    dst: nextcloud.adm
    protocols:
      tcp:
        dport: 8080
  - src: proxy.pub
    dst: adm-legacy
    protocols:
      tcp:
        dport:
          - 80
          - 443
    verdict: accept
  # ICMP to public vlan
  - dst: pub
    protocols:
      icmp: true
    verdict: accept
  # Proxy -> Collabora
  - src: proxy.pub
    dst: collabora.ext
    protocols:
      tcp:
        dport: 9980
    verdict: accept
  # Collabora -> Proxy
  - src: collabora.ext
    dst: proxy.pub
    protocols:
      tcp:
        dport:
          - 80
          - 443
    verdict: accept
 firewall__nat:
  - src: 10.0.0.0/8
    dst: internet
    protocols: null
    snat:
      addr: 45.66.111.200/30
  #- src: monit
  #  dst: adm-legacy
  #  protocols: null
  #  snat:
  #    addr: 10.203.1.3/32
 ...
--- a/group_vars/infra/keepalived.yml
+++ b/group_vars/infra/keepalived.yml
@ -0,0 +1,59 @@
 ---
 keepalived__virtual_router_id: 82
 keepalived__interface: back0
 keepalived__virtual_addresses:
  ups0:
    - 10.201.0.1/16
    - 2a09:6840:201::1/64
    - fe80::1/10
  monit0:
    - 10.204.0.1/16
    - 2a09:6840:204::1/64
    - fe80::1/10
  wifi0:
    - 10.205.0.1/16
    - 2a09:6840:205::1/64
    - fe80::1/10
  int0:
    - 10.206.0.1/16
    - 2a09:6840:206::1/64
    - fe80::1/10
  sw0:
    - 10.207.0.1/16
    - 2a09:6840:207::1/64
    - fe80::1/10
  bmc0:
    - 10.208.0.1/16
    - 2a09:6840:208::1/64
    - fe80::1/10
  pve0:
    - 10.209.0.1/16
    - 2a09:6840:209::1/64
    - fe80::1/10
  isp0:
    - 10.210.0.1/16
    - 2a09:6840:210::1/64
    - fe80::1/10
  ext0:
    - 10.211.0.1/16
    - 2a09:6840:211::1/64
    - fe80::1/10
  th30:
    - 10.126.0.6/24
    - fe80::1/10
  pub0:
    - 2a09:6840:215::1/64
    - 45.66.111.204/27
    - fe80::1/10
 #keepalived__virtual_routes:
 #  ext0:
 #    - 45.66.111.204/30
 keepalived__virtual_blackholes:
  - 45.66.111.200/30 # NAT
 keepalived__main: "{{ inventory_hostname_short == 'infra-1' }}"
 ...
--- a/group_vars/isp/bird.yml
+++ b/group_vars/isp/bird.yml
@ -0,0 +1,53 @@
 ---
 bird__kernel:
  kernel:
    learn: true
    import: accept
    export: accept
 bird__ospf:
  limits:
    import: 4000
    export: 4000
  import: accept
  export:
    protos: kernel
  areas:
    0:
      broadcast:
        - back0
      stub:
        - client0
        - client1
        - client2
        - client3
        - client4
 bird__bgp:
  edge1:
    local:
      address: "{{ bird__bgp_addr.back }}"
      as: "{{ bird__as.aurore }}"
    neighbor:
      address:
        - 2a09:6840:203::1:1
        - 10.203.1.1
      as: "{{ bird__as.aurore }}"
    import:
      - pref_src: "{{ bird__pref_src_addr }}"
      - accept
    export: reject
 bird__radv:
  rdnss:
    - 2a09:6840:206::1:1
    - 2a09:6840:206::1:2
  interfaces:
    client0:
      max_interval: 5
      prefixes:
        - 2a09:6841::/64
      dnssl: client0.isp.auro.re
      domain_search:
        - auro.re
 ...
--- a/group_vars/isp/firewall.yml
+++ b/group_vars/isp/firewall.yml
@ -0,0 +1,40 @@
 ---
 firewall__zones:
  internet:
    negate: true
    addrs:
      - 2a09:6840::/32
      - 2a09:6841::/32
      - 2a09:6842::/32
      - 45.66.108.0/22
      - 10.0.0.0/8
      - 100.64.0.0/10
  clients:
    addrs:
      - 100.64.0.0/10
  non_clients:
    negate: true
    zones: clients
  allowed_clients:
    file:
      path: /var/run/firewall/allowed_clients.yml
      default: []
 firewall__input:
  - verdict: accept
 firewall__output:
  - verdict: accept
 firewall__forward:
  - src: allowed_clients
    dst: non_clients
    verdict: accept
 firewall__nat:
  - src: clients
    dst: internet
    protocols: null
    snat:
      addr: 45.66.111.220
 ...
--- a/group_vars/isp/keepalived.yml
+++ b/group_vars/isp/keepalived.yml
@ -0,0 +1,32 @@
 ---
 keepalived__virtual_router_id: 80
 keepalived__interface: back0
 keepalived__virtual_addresses:
  client0:
    - 100.64.0.1/27
    - 2a09:6841::1/56
    - fe80::1/10
  client1:
    - 100.64.0.33/27
    - 2a09:6841:0:1::1/64
    - fe80::1/10
  client2:
    - 100.64.0.65/27
    - 2a09:6841:0:2::1/64
    - fe80::1/10
  client3:
    - 100.64.0.97/27
    - 2a09:6841:0:3::1/64
    - fe80::1/10
  client4:
    - 100.64.0.129/27
    - 2a09:6841:0:4::1/64
    - fe80::1/10
 keepalived__virtual_blackholes:
  - 45.66.111.220/32
 keepalived__main: "{{ inventory_hostname_short == 'isp-1' }}"
 ...
--- a/group_vars/ns/knotd.yml
+++ b/group_vars/ns/knotd.yml
@ -0,0 +1,71 @@
 ---
 knotd__listen:
  - address: 0.0.0.0
  - address: "::"
 knotd__keys:
  xfr:
    algorithm: hmac-sha512
    secret: "{{ vault_knotd_xfr_key }}"
 knotd__remotes:
  xfr-master:
    address: 2a09:6840:206::1:7
    key: xfr
 knotd__acl:
  notify-master:
    address:
      - 2a09:6840:206::1:7
      - 10.206.1.7
    key: xfr
    action: notify
 knotd__queryacl:
  local:
    addresses:
      - 10.0.0.0/8
 knotd__zones:
  auro.re:
    dnssec_validation: true
    acl:
      - notify-master
    master: xfr-master
  test.auro.re:
    dnssec_validation: true
    acl:
      - notify-master
    master: xfr-master
  infra.auro.re:
    dnssec_validation: true
    acl:
      - notify-master
    #queryacl: local
    master: xfr-master
  108.66.45.in-addr.arpa:
    dnssec_validation: false
    acl:
      - notify-master
    master: xfr-master
  109.66.45.in-addr.arpa:
    dnssec_validation: false
    acl:
      - notify-master
    master: xfr-master
  110.66.45.in-addr.arpa:
    dnssec_validation: false
    acl:
      - notify-master
    master: xfr-master
  111.66.45.in-addr.arpa:
    dnssec_validation: false
    acl:
      - notify-master
    master: xfr-master
  0.4.8.6.9.0.a.2.ip6.arpa:
    dnssec_validation: false
    acl:
      - notify-master
    master: xfr-master
 ...
--- a/group_vars/ntp/chronyd.yml
+++ b/group_vars/ntp/chronyd.yml
@ -0,0 +1,13 @@
 ---
 chronyd__allow_networks:
  - 2a09:6840::/32
  - 10.0.0.0/8
 chronyd__pools:
  - 0.pool.ntp.org
  - 1.pool.ntp.org
  - 2.pool.ntp.org
  - 3.pool.ntp.org
 chronyd__local_stratum: 10
 ...
--- a/group_vars/prom/prometheus/bird.yml
+++ b/group_vars/prom/prometheus/bird.yml
@ -0,0 +1,144 @@
 ---
 prometheus__scraping_bird:
  targets: "{{ groups.router }}"
  address:
    port: 9324
 prometheus__rules_bird:
  - record: bird:protocol_up:bgp_all
    expr:
      label_replace(
        bird_protocol_up{proto="BGP"},
        "group", "$1",
        "instance", "^([^0-9\\.]+)-[0-9]+.*"
      )
  # FIXME: sessions en cours d'installation, pas encore monitorées
  - record: bird:protocol_up:bgp
    expr:
      bird:protocol_up:bgp_all
      unless bird:protocol_up:bgp_all{
        group="edge",
        name=~"^(viarezo|isp[12]|rezel)[46]$"
      }
  # Sessions qui ne sont volontairement pas redondées
  # au sein d'un groupe
  - record: bird:protocol_up:bgp:non_redundant
    expr:
      bird:protocol_up:bgp{
        group="edge",
        name=~"^(oti|crans|legacy|edge)[46]$"
      }
  # Sessions qui le sont
  - record: bird:protocol_up:bgp:redundant
    expr:
      bird:protocol_up:bgp
      unless
      bird:protocol_up:bgp:non_redundant
  - alert: BirdBGPRedundancyDegraded
    expr:
      (
        count by (group, name) (
          bird:protocol_up:bgp:redundant{state="Established"}
        ) + (
          count by (group, name) (
            bird:protocol_up:bgp:redundant{state!="Established"} * 0
          )
        )
      ) < 2
    for: 0m
    labels:
      severity: warning
    annotations:
      Session: !unsafe "{{ $labels.name }}"
      Count: !unsafe "{{ $value }}"
      Group: !unsafe "{{ $labels.group }}"
  - alert: BirdBGPDown
    expr:
      (
        count by (group, name) (
          bird:protocol_up:bgp{state="Established"}
        ) + (
          count by (group, name) (
            bird:protocol_up:bgp{state!="Established"} * 0
          )
        )
      ) == 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Session: !unsafe "{{ $labels.name }}"
      Group: !unsafe "{{ $labels.group }}"
  # TODO: warning pour redondant ?
  - alert: BirdBGPNoExportedPrefixRedundant
    expr:
      bird_protocol_prefix_export_count{
        export_filter!="REJECT",
      } * on (instance, name) group_left (group) (
        bird:protocol_up:bgp:redundant{state="Established"}
      ) == 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Session: !unsafe "{{ $labels.name }}"
      Group: !unsafe "{{ $labels.group }}"
  - alert: BirdBGPNoImportedPrefixRedundant
    expr:
      bird_protocol_prefix_import_count{
        import_filter!="REJECT",
      } * on (instance, name) group_left (group) (
        bird:protocol_up:bgp:redundant{state="Established"}
      ) == 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Session: !unsafe "{{ $labels.name }}"
      Group: !unsafe "{{ $labels.group }}"
  - alert: BirdBGPNoExportedPrefixNonRedundant
    expr:
      sum by (group) (
        bird_protocol_prefix_export_count{
          export_filter!="REJECT",
        } * on (instance, name) group_left (group) (
          bird:protocol_up:bgp:non_redundant{state="Established"}
        )
      ) == 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Session: !unsafe "{{ $labels.name }}"
      Group: !unsafe "{{ $labels.group }}"
  - alert: BirdBGPNoImportedPrefixNonRedundant
    expr:
      sum by (group) (
        bird_protocol_prefix_import_count{
          import_filter!="REJECT",
        } * on (instance, name) group_left (group) (
          bird:protocol_up:bgp:non_redundant{state="Established"}
        )
      ) == 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Session: !unsafe "{{ $labels.name }}"
      Group: !unsafe "{{ $labels.group }}"
  - alert: BirdOSPFNeighboursChange
    expr:
      changes(bird_ospf_neighbor_count[5m]) > 0
      or changes(bird_ospfv3_neighbor_count[5m]) > 0
    for: 0m
    labels:
      severity: warning
  - alert: BirdOSPFDown
    expr:
      bird_ospf_running == 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Instance: !unsafe "{{ $labels.name }}"
 ...
--- a/group_vars/prom/prometheus/common.yml
+++ b/group_vars/prom/prometheus/common.yml
@ -0,0 +1,11 @@
 ---
 prometheus__rules_common:
  - alert: CollectorDown
    expr:
      up == 0
    for: 3m
    labels:
      severity: critical
    annotations:
      Job: !unsafe "{{ $labels.job }}"
 ...
--- a/group_vars/prom/prometheus/eaton.yml
+++ b/group_vars/prom/prometheus/eaton.yml
@ -0,0 +1,11 @@
 ---
 prometheus__scraping_eaton:
  targets: "{{ groups.eaton_ups }}"
  address: 127.0.0.1:9116
  path: /snmp
  params:
    module:
      - eaton
 prometheus__rules_eaton: {}
 ...
--- a/group_vars/prom/prometheus/keepalived.yml
+++ b/group_vars/prom/prometheus/keepalived.yml
@ -0,0 +1,23 @@
 ---
 prometheus__rules_keepalived:
  - alert: KeepalivedVrrpFault
    expr:
      keepalived_vrrp_state{state="fault"} > 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Instance: !unsafe "{{ $labels.instance }}"
  - alert: KeepalivedMasterChange
    expr:
      changes(
        keepalived_vrrp_state{
          keepalived_vvrp_state="master"
        }[1m]
      ) > 0
    for: 0m
    labels:
      severity: warning
    annotations:
      Instance: !unsafe "{{ $labels.instance }}"
 ...
--- a/group_vars/prom/prometheus/kresd.yml
+++ b/group_vars/prom/prometheus/kresd.yml
@ -0,0 +1,6 @@
 ---
 prometheus__scraping_kresd:
  targets: "{{ groups.dns }}"
  address:
    port: 8453
 ...
--- a/group_vars/prom/prometheus/main.yml
+++ b/group_vars/prom/prometheus/main.yml
@ -0,0 +1,25 @@
 ---
 prometheus__alertmanager_targets:
  - docker-ovh.adm.auro.re:9093
 prometheus__tsdb_retention_time: 90d
 prometheus__scraping:
  node: "{{ prometheus__scraping_node }}"
  prometheus: "{{ prometheus__scraping_prometheus }}"
  kresd: "{{ prometheus__scraping_kresd }}"
  bird: "{{ prometheus__scraping_bird }}"
  quanta: "{{ prometheus__scraping_quanta }}"
  snmp: "{{ prometheus__scraping_snmp }}"
  eaton: "{{ prometheus__scraping_eaton }}"
 prometheus__rules:
  common: "{{ prometheus__rules_common }}"
  switch: "{{ prometheus__rules_switch }}"
  prometheus: "{{ prometheus__rules_prometheus }}"
  node: "{{ prometheus__rules_node }}"
  keepalived: "{{ prometheus__rules_keepalived }}"
  quanta: "{{ prometheus__rules_quanta }}"
  bird: "{{ prometheus__rules_bird }}"
  #eaton: "{{ prometheus__rules_eaton }}"
 ...
--- a/group_vars/prom/prometheus/node.yml
+++ b/group_vars/prom/prometheus/node.yml
@ -0,0 +1,200 @@
 ---
 prometheus__scraping_node:
  targets: "{{ groups.vm + groups.pve }}"
  address:
    port: 9100
 prometheus__rules_node:
  - alert: OutOfMemory
    expr:
      (
        node_memory_MemFree_bytes
        + node_memory_Cached_bytes
        + node_memory_Buffers_bytes
      ) / node_memory_MemTotal_bytes < 0.1
    for: 5m
    labels:
      severity: warning
    annotations:
      FreeMemory: !unsafe "{{ $value | humanizePercentage }}"
  - alert: HostSwapIsFillingUp
    expr:
      (
        1 - (
          node_memory_SwapFree_bytes
          / node_memory_SwapTotal_bytes
        )
      ) >= 0.5
    for: 3m
    labels:
      severity: critical
    annotations:
      UsedSwap: !unsafe "{{ $value | humanizePercentage }}"
  - alert: HostPhysicalComponentTooHot
    expr:
      node_hwmon_temp_celsius > 79
    for: 3m
    labels:
      severity: critical
    annotations:
      Temperature: !unsafe "{{ $value | humanize }} °C"
      Chip: !unsafe "{{ $labels.chip }}"
      Sensor: !unsafe "{{ $labels.sensor }}"
  - alert: HostNodeOvertemperatureAlarm
    expr:
      node_hwmon_temp_crit_alarm_celsius == 1
    for: 0m
    labels:
      severity: critical
    annotations:
      Chip: !unsafe "{{ $labels.chip }}"
      Sensor: !unsafe "{{ $labels.sensor }}"
  - alert: HostRaidArrayGotInactive
    expr:
      node_md_state{state="inactive"} > 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Device: !unsafe "{{ $labels.device }}"
  - alert: HostRaidDiskFailure
    expr:
      node_md_disks{state="failed"} > 0
    for: 0m
    labels:
      severity: critical
    annotations:
      severity: !unsafe "{{ $labels.md_device }}"
  - alert: HostOomKillDetected
    expr:
      increase(node_vmstat_oom_kill[1m]) > 0
    for: 0m
    labels:
      severity: warning
    annotations:
      PID: !unsafe "{{ $value }}"
  - alert: HostEdacCorrectableErrorsDetected
    expr:
      increase(node_edac_correctable_errors_total[1m]) > 0
    for: 0m
    labels:
      severity: warning
    annotations:
      CorrectedErrors: !unsafe "{{ $value }}"
  - alert: HostEdacUncorrectableErrorsDetected
    expr:
      increase(node_edac_uncorrectable_errors_total[1m]) > 0
    for: 0m
    labels:
      severity: warning
    annotations:
      DetectedErrors: !unsafe "{{ $value }}"
  - alert: OutOfDiskSpace
    expr:
      (
        node_filesystem_free_bytes
        / node_filesystem_size_bytes < 0.1
      )
      and on (instance, device, mountpoint) (
        node_filesystem_readonly
      ) == 0
    for: 5m
    labels:
      severity: critical
    annotations:
      Mountpoint: !unsafe "{{ $labels.mountpoint }}"
      FreeSpace: !unsafe "{{ $value | humanizePercentage }}"
  - alert: HostConntrackLimit
    expr:
      (
        node_nf_conntrack_entries
        / node_nf_conntrack_entries_limit
      ) > 0.8
    for: 5m
    labels:
      severity: warning
    annotations:
      Filled: !unsafe "{{ $value | humanizePercentage }}"
  - alert: HostClockSkew
    expr:
      (
        node_timex_offset_seconds > 0.05
        and deriv(node_timex_offset_seconds[5m]) >= 0
      ) or (
        node_timex_offset_seconds < -0.05
        and deriv(node_timex_offset_seconds[5m]) <= 0
      )
    for: 2m
    labels:
      severity: warning
  - alert: HostClockNotSynchronising
    expr:
      min_over_time(node_timex_sync_status[1m]) == 0
      and node_timex_maxerror_seconds >= 16
    for: 2m
    labels:
      severity: warning
  - alert: HostRequiresReboot
    expr:
      node_reboot_required > 0
    for: 5m
    labels:
      severity: warning
  - alert: OutOfInodes
    expr:
      node_filesystem_files_free
      / node_filesystem_files < 0.1
    for: 3m
    labels:
      severity: warning
    annotations:
      Mountpoint: !unsafe "{{ $labels.mountpoint }}"
      FreeInodes: !unsafe "{{ $value | humanizePercentage }}"
  - alert: CpuUsage
    expr:
      (
        1 - avg by (instance) (
          irate(node_cpu_seconds_total{mode="idle"}[5m])
        )
      ) > 0.75
    for: 10m
    labels:
      severity: warning
    annotations:
      Usage: !unsafe "{{ $value | humanizePercentage }}"
  - alert: SystemdServiceFailed
    expr:
      node_systemd_unit_state{state="failed"} == 1
    for: 10m
    labels:
      severity: warning
    annotations:
      Service: !unsafe "{{ $labels.name }}"
  - alert: LoadUsage
    expr:
      node_load1 > 5
    for: 2m
    labels:
      severity: warning
    annotations:
      Load1: !unsafe "{{ $value | humanize }}"
  - alert: UnhealthyDisk
    expr:
      smartmon_device_smart_healthy < 1
    for: 10m
    labels:
      severity: critical
    annotations:
      Disk: !unsafe "{{ $labels.disk }}"
  - alert: HostCpuStealNoisyNeighbor
    expr:
      avg by (instance) (
        rate(node_cpu_seconds_total{mode="steal"}[5m])
      ) > 0.1
    for: 5m
    labels:
      severity: warning
    annotations:
      Disk: !unsafe "{{ $labels.disk }}"
      Steal: !unsafe "{{ $value | humanizePercentage }}"
 ...
--- a/group_vars/prom/prometheus/prometheus.yml
+++ b/group_vars/prom/prometheus/prometheus.yml
@ -0,0 +1,14 @@
 ---
 prometheus__scraping_prometheus:
  targets: "{{ groups.prom }}"
  address:
    port: 9090
 prometheus__rules_prometheus:
  - alert: PrometheusTsdbCompactionFailed
    expr:
      increase(prometheus_tsdb_compactions_failed_total[1m]) > 0
    for: 0m
    labels:
      severity: critical
 ...
--- a/group_vars/prom/prometheus/quanta.yml
+++ b/group_vars/prom/prometheus/quanta.yml
@ -0,0 +1,97 @@
 ---
 prometheus__scraping_quanta:
  targets: "{{ groups.quanta }}"
  address: 127.0.0.1:9116
  path: /snmp
  timeout: 60s
  params:
    module:
      - quanta
 prometheus__rules_quanta:
  - alert: QuantaQueueOverflow
    expr:
      snAgGblQueueOverflow == 1
    for: 0m
    labels:
      severity: critical
  - alert: QuantaCpuUsage
    expr:
      snAgGblCpuUtil1MinAvg > 50
    for: 5m
    labels:
      severity: warning
    annotations:
      Usage: !unsafe "{{ $value }} %"
  - alert: QuantaCpuUsage
    expr:
      snAgGblCpuUtil1MinAvg > 80
    for: 5m
    labels:
      severity: critical
    annotations:
      Usage: !unsafe "{{ $value }} %"
  - alert: QuantaMemoryUsage
    expr:
      100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 50
    for: 5m
    labels:
      severity: warning
    annotations:
      UsedMemory: !unsafe "{{ $value }} %"
  - alert: QuantaMemoryUsage
    expr:
      100 * (1 - (snAgGblDynMemFree / snAgGblDynMemTotal)) > 80
    for: 5m
    labels:
      severity: alert
    annotations:
      UsedMemory: !unsafe "{{ $value }} %"
  - alert: QuantaFanHealth
    expr:
      snChasFanOperStatus{snChasFanOperStatus="normal"} == 0
    for: 0m
    labels:
      severity: critical
    annotations:
      Description: !unsafe "{{ $labels.shChasFanDescription }}"
      Status: !unsafe "{{ $labels.snChasFanOperStatus }}"
  - alert: QuantaMissingIntakeTemp
    expr:
      count by (instance) (
        snAgentTempValue
      ) - count by (instance) (
        snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"}
      ) == 0
    for: 0m
    labels:
      severity: critical
  - alert: QuantaIntakeTemp
    expr:
      0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 60
    for: 10m
    keep_firing_for: 30m
    labels:
      severity: warning
    annotations:
      Temperature: !unsafe "{{ $value }} °C"
      Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
  - alert: QuantaIntakeTemp
    expr:
      0.5 * snAgentTempValue{snAgentTempSensorDescr=~".*Intake.*"} > 70
    for: 10m
    keep_firing_for: 30m
    labels:
      severity: critical
    annotations:
      Temperature: !unsafe "{{ $value }} °C"
      Description: !unsafe "{{ $labels.snAgentTempSensorDescr }}"
  - alert: QuantaPowerRedundancyFailure
    expr:
      count by (instance) (
        snChasPwrSupplyOperStatus{snChasPwrSupplyOperStatus="normal"}
      ) < 2
    for: 0m
    labels:
      severity: warning
 ...
--- a/group_vars/prom/prometheus/snmp.yml
+++ b/group_vars/prom/prometheus/snmp.yml
@ -0,0 +1,6 @@
 ---
 prometheus__scraping_snmp:
  targets: "{{ groups.prom }}"
  address:
    port: 9116
 ...
--- a/group_vars/prom/prometheus/switch.yml
+++ b/group_vars/prom/prometheus/switch.yml
@ -0,0 +1,91 @@
 ---
 prometheus__rules_switch:
  - alert: SwitchPromiscuousChange
    expr:
      changes(ifPromiscuousMode[5m]) > 0
    for: 0m
    labels:
      severity: warning
    annotations:
      Interface: !unsafe "{{ $labels.ifName }}
        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
  - alert: SwitchInterfaceUpChange
    expr:
      changes(ifOperStatus{ifOperStatus="up"}[5m]) > 0
    for: 0m
    labels:
      severity: warning
    annotations:
      Interface: !unsafe "{{ $labels.ifName }}
        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
  - alert: SwitchInErrors
    expr:
      irate(ifInErrors[5m]) / (
        irate(ifInUcastPkts[5m])
        + irate(ifInNUcastPkts[5m])
      ) > 0.0001
    for: 0m
    labels:
      severity: warning
    annotations:
      ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
      Interface: !unsafe "{{ $labels.ifName }}
        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
  - alert: SwitchOutErrors
    expr:
      irate(ifOutErrors[5m]) / (
        irate(ifOutUcastPkts[5m])
        + irate(ifOutNUcastPkts[5m])
      ) > 0.0001
    for: 0m
    labels:
      severity: warning
    annotations:
      ErrorRate: !unsafe "{{ $value | humanizePercentage }}"
      Interface: !unsafe "{{ $labels.ifName }}
        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
  - alert: SwitchInLinkUsage
    expr:
      rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
    for: 5m
    keep_firing_for: 10m
    labels:
      severity: warning
    annotations:
      Usage: !unsafe "{{ $value | humanizePercentage }}"
      Interface: !unsafe "{{ $labels.ifName }}
        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
  - alert: SwitchInLinkUsage
    expr:
      rate(ifHCInOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
    for: 5m
    keep_firing_for: 10m
    labels:
      severity: critical
    annotations:
      Usage: !unsafe "{{ $value | humanizePercentage }}"
      Interface: !unsafe "{{ $labels.ifName }}
        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
  - alert: SwitchOutLinkUsage
    expr:
      rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.5
    for: 5m
    keep_firing_for: 10m
    labels:
      severity: warning
    annotations:
      Usage: !unsafe "{{ $value | humanizePercentage }}"
      Interface: !unsafe "{{ $labels.ifName }}
        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
  - alert: SwitchOutLinkUsage
    expr:
      rate(ifHCOutOctets[5m]) / (ifHighSpeed * 1000000 / 8) > 0.8
    for: 5m
    keep_firing_for: 10m
    labels:
      severity: warning
    annotations:
      Usage: !unsafe "{{ $value | humanizePercentage }}"
      Interface: !unsafe "{{ $labels.ifName }}
        {{ if $labels.ifAlias }}- {{ $labels.ifAlias }}{{ end }}"
 ...
--- a/group_vars/prom/prometheus_snmp/eaton.yml
+++ b/group_vars/prom/prometheus_snmp/eaton.yml
@ -0,0 +1,42 @@
 ---
 prometheus_snmp__modules_eaton:
  version: 1
  auth:
    community: "{{ vault_snmp_eaton_community }}"
  walk:
    - sysUpTime
    #- upsBattery
    #- xupsBattery
    #- xupsInput
    - xupsInput
    - xupsOutput
    - xupsBypass
    - xupsEnvironment
    - xupsBattery
    - xupsConfig
  lookups:
    - source_indexes:
        - xupsInputPhase
      lookup: xupsInputName
    - source_indexes:
        - xupsOutputPhase
      lookup: xupsOutputName
    - source_indexes:
        - xupsBypassPhase
      lookup: xupsBypassName
  overrides:
    #upsBatteryStatus:
    #  type: EnumAsStateSet
    xupsInputId:
      type: EnumAsStateSet
    xupsOutputId:
      type: EnumAsStateSet
    xupsBypassId:
      type: EnumAsStateSet
    xupsOutputSource:
      type: EnumAsStateSet
    xupsBatteryAbmStatus:
      type: EnumAsStateSet
    xupsContactType:
      type: EnumAsStateSet
 ...
--- a/group_vars/prom/prometheus_snmp/main.yml
+++ b/group_vars/prom/prometheus_snmp/main.yml
@ -0,0 +1,5 @@
 ---
 prometheus_snmp__modules:
  quanta: "{{ prometheus_snmp__modules_quanta }}"
  eaton: "{{ prometheus_snmp__modules_eaton }}"
 ...
--- a/group_vars/prom/prometheus_snmp/quanta.yml
+++ b/group_vars/prom/prometheus_snmp/quanta.yml
@ -0,0 +1,125 @@
 ---
 prometheus_snmp__modules_quanta:
  auth:
    community: "{{ vault_snmp_quanta_community }}"
  timeout: 60s
  retries: 3
  walk:
    - interfaces
    - ifXTable
    - snAgGblQueueOverflow
    - snAgGblDynMemTotal
    - snAgGblDynMemFree
    - snAgGblCpuUtil1SecAvg
    - snAgGblCpuUtil5SecAvg
    - snAgGblCpuUtil1MinAvg
    - sysUpTime
    - snAgentCpuUtilPercent
    - snAgent
    - snChasFan
    - snChasPwr
    - snAgentTemp
    - snAgentCpu
    - snSwInfo
    - snSwIfInfoTable
    - dot3StatsTable
    - dot3HCStatsTable
    - dot3Errors
    - dot3Tests
    - dot3CollTable
    - lldpLocChassisId
    - lldpRemTable
    - lldpLocPortTable
    - dot1dBasePort
  lookups:
    - source_indexes:
        - ifIndex
      lookup: ifAlias
    - source_indexes:
        - ifIndex
      lookup: ifDescr
    - source_indexes:
        - ifIndex
      lookup: ifName
    - source_indexes:
        - snChasFanIndex
      lookup: snChasFanDescription
    - source_indexes:
        - snAgentTempSlotNum
        - snAgentTempSensorId
      lookup: snAgentTempSensorDescr
    - source_indexes:
        - snSwIfInfoPortNum
      lookup: snSwIfName
    - source_indexes:
        - snSwIfInfoPortNum
      lookup: snSwIfDescr
    - source_indexes:
        - dot3StatsIndex
      lookup: ifAlias
    - source_indexes:
        - dot3StatsIndex
      lookup: ifDescr
    - source_indexes:
        - dot3StatsIndex
      lookup: ifName
    - source_indexes:
        - lldpRemTimeMark
        - lldpRemLocalPortNum
        - lldpRemIndex
      lookup: lldpRemChassisId
    #- source_indexes:
    #    - lldpLocPortNum
    #  lookup: lldpLocPortIdSubtype
  overrides:
    ifIndex:
      ignore: true
    ifAlias:
      ignore: true
    ifDescr:
      ignore: true
    ifName:
      ignore: true
    ifOperStatus:
      type: EnumAsStateSet
    ifAdminStatus:
      type: EnumAsStateSet
    snChasFanIndex:
      ignore: true
    snChasFanDescription:
      ignore: true
    snChasPwrSupplyIndex:
      ignore: true
    snAgentTempSensorDescr:
      ignore: true
    snChasFanOperStatus:
      type: EnumAsStateSet
    snChasPwrSupplyOperStatus:
      type: EnumAsStateSet
    snSwIfName:
      ignore: true
    snSwIfDescr:
      ignore: true
    snSwIfVlanId:
      ignore: true
    snSwIfInfoPortNum:
      ignore: true
    snSwIfInfoMonitorMode:
      type: EnumAsStateSet
    snSwIfInfoMirrorPorts:
      ignore: true
    snSwIfInfoMediaType:
      type: EnumAsInfo
    ifType:
      type: EnumAsInfo
    dot3StatsIndex:
      ignore: true
    dot3StatsEtherChipSet:
      ignore: true
    dot3StatsDuplexStatus:
      type: EnumAsStateSet
    lldpLocPortIdSubtype:
      type: EnumAsInfo
    lldpRemPortIdSubtype:
      type: EnumAsInfo
 ...
--- a/group_vars/pve/pve_auth.yml
+++ b/group_vars/pve/pve_auth.yml
@ -0,0 +1,35 @@
 ---
 pve_auth__groups:
  admin:
    - Administrator
 pve_auth__pam_users:
  root:
    enabled: false
 pve_auth__users:
  elkmaennchen:
    password: "{{ vault_pve_passwords.elkmaennchen }}"
    groups:
      - admin
  jeltz:
    password: "{{ vault_pve_passwords.jeltz }}"
    groups:
      - admin
  otthorn:
    password: "{{ vault_pve_passwords.otthorn }}"
    groups:
      - admin
  v-lafeychine:
    password: "{{ vault_pve_passwords['v-lafeychine'] }}"
    groups:
      - admin
  pz2891:
    password: "{{ vault_pve_passwords.pz2891 }}"
    groups:
      - admin
  loutr:
    password: "{{ vault_pve_passwords.loutr }}"
    groups:
      - admin
 ...
--- a/group_vars/radius/freeradius.yml
+++ b/group_vars/radius/freeradius.yml
@ -0,0 +1,17 @@
 ---
 radiusd__guest_vlan: 1000
 radiusd__clients:
  localhost:
    addr: 127.0.0.1
    secret: abcdef
    type: aurore
  wifi-ap-v4:
    addr: 10.102.0.0/16
    secret: abcdef
    type: aurore
  wifi-ap-v6:
    addr: 2a09:6840:102::/56
    secret: abcdef
    type: aurore
 ...
--- a/group_vars/router/prometheus.yml
+++ b/group_vars/router/prometheus.yml
@ -0,0 +1,3 @@
 ---
 prometheus_keepalived__dest: /var/run/prometheus-node-exporter/keepalived.prom
 ... 
--- a/group_vars/vpn/bird.yml
+++ b/group_vars/vpn/bird.yml
@ -0,0 +1,60 @@
 ---
 bird__tables:
  - wg
 bird__kernel:
  kernel:
    learn: true
    import: accept
    export: accept
  vrf:
    learn: true
    import:
      sources:
        - "{{ iproute2__custom_protos.wireguard }}"
    export: accept
    table: wg
    kernel: "{{ iproute2__custom_tables.wireguard }}"
 bird__ospf:
  limits:
    import: 4000
    export: 4000
  table: wg
  import: accept
  export:
    sources:
      - "{{ iproute2__custom_protos.wireguard }}"
  areas:
    1:
      broadcast:
        - vpn0
 bird__bgp:
  infra1:
    local:
      address: "{{ bird__bgp_addr.vpn }}"
      as: "{{ bird__as.aurore }}"
    neighbor:
      address:
        - 2a09:6840:213::1:1
        - 10.213.1.1
      as: "{{ bird__as.aurore }}"
    table: wg
    import: accept
    export: reject
    next_hop_self: true
  infra2:
    local:
      address: "{{ bird__bgp_addr.vpn }}"
      as: "{{ bird__as.aurore }}"
    neighbor:
      address:
        - 2a09:6840:213::1:2
        - 10.213.1.2
      as: "{{ bird__as.aurore }}"
    table: wg
    import: accept
    export: reject
    next_hop_self: true
 ...
--- a/group_vars/vpn/ifupdown2.yml
+++ b/group_vars/vpn/ifupdown2.yml
@ -0,0 +1,16 @@
 ---
 ifupdown2__vrf:
  wg-vrf:
    table: "{{ iproute2__custom_tables.wireguard }}"
 ifupdown2__wireguard:
  wg0:
    private_key: "{{ vault_wireguard_wg0_private }}"
    listen_port: 5121
    vrf: wg-vrf
    table: "{{ iproute2__custom_tables.wireguard }}"
    peer_allowed_addresses:
      - 2a09:6840:212::1:1/128
      - 10.212.1.1/32
    peer_public_key: 0kP/XjaGOpu4p9KHTAoAhkLwXzC8wJUdPIdhdpgeKhY=
 ...
--- a/group_vars/vpn/iproute2.yml
+++ b/group_vars/vpn/iproute2.yml
@ -0,0 +1,7 @@
 ---
 iproute2__custom_tables:
  wireguard: 2000
 iproute2__custom_protos:
  wireguard: 200
 ...
--- a/host_vars/collabora.ext.infra.auro.re.yml
+++ b/host_vars/collabora.ext.infra.auro.re.yml
@ -0,0 +1,22 @@
 ---
 systemd_link__links:
  pub0: ae:ae:ae:2C:60:35
 ifupdown2__interfaces:
  pub0:
    addresses:
      - 2a09:6840:128::220/64
      - 10.128.0.220/16
    gateways: "{{ ifupdown2__gateways.adm }}"
 collabora__server_name: office.auro.re
 collabora__post_allow_addrs:
  - 2a09:6840:215::1:1
  - 45.66.111.206
 collabora__wopi_groups:
  - host: https://cloud.auro.re:443
    aliases:
      - https://nextcloud.auro.re:443
 ...
--- a/host_vars/dhcp-1.isp.infra.auro.re.yml
+++ b/host_vars/dhcp-1.isp.infra.auro.re.yml
@ -0,0 +1,47 @@
 ---
 systemd_link__links:
  isp0: 02:00:00:c6:3f:6f
  trunk0: 02:00:00:b1:8d:d6
 ifupdown2__interfaces:
  isp0:
    addresses:
      - 2a09:6840:210::1:1/64
      - 10.210.1.1/16
    gateways: "{{ ifupdown2__gateways.isp }}"
  trunk0:
    ipv6_addrgen: false
  clients0:
    bridge_vlan_aware: true
    bridge_ports:
      - trunk0
    bridge_vids:
      - 1000-1004
    bridge_disable_pvid: true
    ipv6_addrgen: false
  client0:
    addresses:
      - 100.64.0.2/27
    vlan_id: 1000
    vlan_raw_device: clients0
  client1:
    addresses:
      - 100.64.0.34/27
    vlan_id: 1001
    vlan_raw_device: clients0
  client2:
    addresses:
      - 100.64.0.66/27
    vlan_id: 1002
    vlan_raw_device: clients0
  client3:
    addresses:
      - 100.64.0.98/27
    vlan_id: 1003
    vlan_raw_device: clients0
  client4:
    addresses:
      - 100.64.0.130/27
    vlan_id: 1004
    vlan_raw_device: clients0
 ...
--- a/host_vars/dhcp-2.isp.infra.auro.re.yml
+++ b/host_vars/dhcp-2.isp.infra.auro.re.yml
@ -0,0 +1,47 @@
 ---
 systemd_link__links:
  isp0: 04:00:00:8c:d1:36
  trunk0: 04:00:00:33:2c:3c
 ifupdown2__interfaces:
  isp0:
    addresses:
      - 2a09:6840:210::1:2/64
      - 10.210.1.2/16
    gateways: "{{ ifupdown2__gateways.isp }}"
  trunk0:
    ipv6_addrgen: false
  clients0:
    bridge_vlan_aware: true
    bridge_ports:
      - trunk0
    bridge_vids:
      - 1000-1004
    bridge_disable_pvid: true
    ipv6_addrgen: false
  client0:
    addresses:
      - 100.64.0.3/27
    vlan_id: 1000
    vlan_raw_device: clients0
  client1:
    addresses:
      - 100.64.0.35/27
    vlan_id: 1001
    vlan_raw_device: clients0
  client2:
    addresses:
      - 100.64.0.67/27
    vlan_id: 1002
    vlan_raw_device: clients0
  client3:
    addresses:
      - 100.64.0.99/27
    vlan_id: 1003
    vlan_raw_device: clients0
  client4:
    addresses:
      - 100.64.0.131/27
    vlan_id: 1004
    vlan_raw_device: clients0
 ...
--- a/host_vars/dns-1.int.infra.auro.re.yml
+++ b/host_vars/dns-1.int.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  int0: 02:00:00:9f:d9:f9
 ifupdown2__interfaces:
  int0:
    addresses:
      - 2a09:6840:206::1:1/64
      - 10.206.1.1/16
    gateways: "{{ ifupdown2__gateways.int }}"
 ...
--- a/host_vars/dns-2.int.infra.auro.re.yml
+++ b/host_vars/dns-2.int.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  int0: 04:00:00:3c:c0:5a
 ifupdown2__interfaces:
  int0:
    addresses:
      - 2a09:6840:206::1:2/64
      - 10.206.1.2/16
    gateways: "{{ ifupdown2__gateways.int }}"
 ...
--- a/host_vars/edge-1.back.infra.auro.re.yml
+++ b/host_vars/edge-1.back.infra.auro.re.yml
@ -0,0 +1,39 @@
 ---
 systemd_link__links:
  adm0: 02:00:00:9E:3E:21
  crans0: 02:00:00:A2:7C:68
  zayo0: 02:00:00:35:89:82
  rezel0: 02:00:00:8F:4A:AD
  back0: 02:00:00:1C:3A:2E
  viarezo0: 02:00:00:ED:70:64
  router0: 02:00:00:5A:17:7C
  oti0: 02:00:00:05:0E:A6
 ifupdown2__interfaces:
  adm0:
    addresses:
      - 2a09:6840:128::10:2/64
      - 10.128.10.2/16
  crans0:
    ipv6_addrgen: false
  zayo0:
    ipv6_addrgen: false
  rezel0:
    addresses:
      - 2a09:6842:19:9116::1/64
      - 45.66.111.1/29
  back0:
    addresses:
      - 2a09:6840:203::1:1/64
      - 10.203.1.1/16
  viarezo0:
    addresses:
      - 2a0c:b641:2ff::6/125
      - 192.159.121.133/29
  router0:
    addresses:
      - 2a09:6840:129::10:2/56
      - 10.129.10.2/16
  oti0:
    ipv6_addrgen: false
 ...
--- a/host_vars/edge-2.back.infra.auro.re.yml
+++ b/host_vars/edge-2.back.infra.auro.re.yml
@ -0,0 +1,39 @@
 ---
 systemd_link__links:
  adm0: 04:00:00:F5:69:B9
  crans0: 04:00:00:CF:E1:D0
  zayo0: 04:00:00:67:7B:12
  rezel0: 04:00:00:C6:05:B7
  back0: 04:00:00:DE:22:E6
  viarezo0: 04:00:00:45:FA:E6
  router0: 04:00:00:AD:D7:71
  oti0: 02:00:00:05:0E:A6
 ifupdown2__interfaces:
  adm0:
    addresses:
      - 2a09:6840:128::10:102/64
      - 10.128.10.102/16
  crans0:
    ipv6_addrgen: false
  zayo0:
    ipv6_addrgen: false
  rezel0:
    addresses:
      - 2a09:6842:19:9116::3/64
      - 45.66.111.3/29
  back0:
    addresses:
      - 2a09:6840:203::1:2/64
      - 10.203.1.2/16
  viarezo0:
    addresses:
      - 2a0c:b641:2ff::7/125
      - 192.159.121.134/29
  router0:
    addresses:
      - 2a09:6840:129::10:102/56
      - 10.129.10.102/16
  oti0:
    ipv6_addrgen: false
 ...
--- a/host_vars/infra-1.back.infra.auro.re.yml
+++ b/host_vars/infra-1.back.infra.auro.re.yml
@ -0,0 +1,63 @@
 ---
 systemd_link__links:
  ups0: 02:00:00:fe:6f:0e
  back0: 02:00:00:f8:93:22
  monit0: 02:00:00:da:97:7f
  wifi0: 02:00:00:8c:c5:bf
  int0: 02:00:00:75:40:3e
  sw0: 02:00:00:ca:e8:d1
  bmc0: 02:00:00:47:d1:b9
  pve0: 02:00:00:b3:35:e7
  isp0: 02:00:00:6b:53:14
  ext0: 02:00:00:32:86:60
  vpn0: 02:00:00:52:5f:85
  th30: 02:00:00:23:a7:d3
  pub0: 02:00:00:7d:34:06
 ifupdown2__interfaces:
  back0:
    addresses:
      - 2a09:6840:203::1:3/64
      - 10.203.1.3/16
      - 45.66.111.210/32 # secondary
  ups0:
    ipv6_addrgen: false
  monit0:
    ipv6_addrgen: false
  wifi0:
    ipv6_addrgen: false
  int0:
    ipv6_addrgen: false
  sw0:
    ipv6_addrgen: false
  bmc0:
    ipv6_addrgen: false
  pve0:
    ipv6_addrgen: false
  isp0:
    ipv6_addrgen: false
  ext0:
    ipv6_addrgen: false
  pub0:
    ipv6_addrgen: false
  vpn0:
    addresses:
      - 2a09:6840:213::1:1/64
      - 10.213.1.1/16
  th30:
    ipv6_addrgen: false
 bird__router_id: 10.203.1.3
 bird__bgp_addr:
  back:
    - 2a09:6840:203::1:3
    - 10.203.1.3
  vpn:
    - 2a09:6840:213::1:1
    - 10.213.1.1
 bird__pref_src_addr:
  - 2a09:6840:203::1:3
  - 45.66.111.210
 ...
--- a/host_vars/infra-2.back.infra.auro.re.yml
+++ b/host_vars/infra-2.back.infra.auro.re.yml
@ -0,0 +1,63 @@
 ---
 systemd_link__links:
  ups0: 04:00:00:6d:97:83
  back0: 04:00:00:46:ba:f9
  monit0: 04:00:00:72:0b:2d
  wifi0: 04:00:00:ee:42:0f
  int0: 04:00:00:21:fd:d0
  sw0: 04:00:00:2e:5b:16
  bmc0: 04:00:00:bb:5a:a6
  pve0: 04:00:00:0b:2b:82
  isp0: 04:00:00:f4:4c:5d
  ext0: 04:00:00:1d:0e:83
  vpn0: 04:00:00:02:ba:dd
  th30: 04:00:00:9e:8d:4f
  pub0: 04:00:00:f8:3b:9b
 ifupdown2__interfaces:
  back0:
    addresses:
      - 2a09:6840:203::1:4/64
      - 10.203.1.4/16
      - 45.66.111.211/32 # secondary
  ups0:
    ipv6_addrgen: false
  monit0:
    ipv6_addrgen: false
  wifi0:
    ipv6_addrgen: false
  int0:
    ipv6_addrgen: false
  sw0:
    ipv6_addrgen: false
  bmc0:
    ipv6_addrgen: false
  pve0:
    ipv6_addrgen: false
  isp0:
    ipv6_addrgen: false
  ext0:
    ipv6_addrgen: false
  vpn0:
    addresses:
      - 2a09:6840:213::1:2/64
      - 10.213.1.2/16
  th30:
    ipv6_addrgen: false
  pub0:
    ipv6_addrgen: false
 bird__router_id: 10.203.1.4
 bird__bgp_addr:
  back:
    - 2a09:6840:203::1:4
    - 10.203.1.4
  vpn:
    - 2a09:6840:213:1:2
    - 10.213.1.2
 bird__pref_src_addr:
  - 2a09:6840:203::1:4
  - 45.66.111.211
 ...
--- a/host_vars/isp-1.back.infra.auro.re.yml
+++ b/host_vars/isp-1.back.infra.auro.re.yml
@ -0,0 +1,59 @@
 ---
 systemd_link__links:
  adm0: 02:00:00:D8:37:45
  back0: 02:00:00:BF:10:4C
  trunk0: 02:00:00:E9:BA:15
 ifupdown2__interfaces:
  adm0:
    addresses:
      - 2a09:6840:128::10:5/64
      - 10.128.10.5/16
    gateways: "{{ ifupdown2__gateways.adm }}"
  back0:
    addresses:
      - 2a09:6840:203::1:5/64
      - 45.66.111.211/32
      - 10.203.1.5/16
  trunk0:
    ipv6_addrgen: false
  clients0:
    bridge_vlan_aware: true
    bridge_ports:
      - trunk0
    bridge_vids:
      - 1000-1004
    bridge_disable_pvid: true
    ipv6_addrgen: false
  client0:
    vlan_id: 1000
    vlan_raw_device: clients0
    ipv6_addrgen: false
  client1:
    vlan_id: 1001
    vlan_raw_device: clients0
    ipv6_addrgen: false
  client2:
    vlan_id: 1002
    vlan_raw_device: clients0
    ipv6_addrgen: false
  client3:
    vlan_id: 1003
    vlan_raw_device: clients0
    ipv6_addrgen: false
  client4:
    vlan_id: 1004
    vlan_raw_device: clients0
    ipv6_addrgen: false
 bird__router_id: 10.203.1.5
 bird__bgp_addr:
  back:
    - 2a09:6840:203::1:5
    - 10.203.1.5
 bird__pref_src_addr:
  - 2a09:6840:203::1:5
  - 45.66.111.211
 ...
--- a/host_vars/isp-2.back.infra.auro.re.yml
+++ b/host_vars/isp-2.back.infra.auro.re.yml
@ -0,0 +1,47 @@
 ---
 systemd_link__links:
  adm0: 04:00:00:85:C3:5D
  back0: 04:00:00:FE:2D:67
  trunk0: 04:00:00:D8:F5:4D
 ifupdown2__interfaces:
  adm0:
    addresses:
      - 2a09:6840:128::10:105/64
      - 10.128.10.105/16
    gateways: "{{ ifupdown2__gateways.adm }}"
  back0:
    addresses:
      - 2a09:6840:203::1:6/64
      - 10.203.1.6/16
  trunk0:
    ipv6_addrgen: false
  clients0:
    bridge_vlan_aware: true
    bridge_ports:
      - trunk0
    bridge_vids:
      - 1000-1004
    bridge_disable_pvid: true
    ipv6_addrgen: false
  client0:
    vlan_id: 1000
    vlan_raw_device: clients0
    ipv6_addrgen: false
  client1:
    vlan_id: 1001
    vlan_raw_device: clients0
    ipv6_addrgen: false
  client2:
    vlan_id: 1002
    vlan_raw_device: clients0
    ipv6_addrgen: false
  client3:
    vlan_id: 1003
    vlan_raw_device: clients0
    ipv6_addrgen: false
  client4:
    vlan_id: 1004
    vlan_raw_device: clients0
    ipv6_addrgen: false
 ...
--- a/host_vars/ldap-1.int.infra.auro.re.yml
+++ b/host_vars/ldap-1.int.infra.auro.re.yml
@ -0,0 +1,16 @@
 ---
 systemd_link__links:
  adm0: 02:00:00:38:c2:52
  int0: 02:00:00:fe:a8:54
 ifupdown2__interfaces:
  adm0:
    addresses:
      - 2a09:6840:128::10:8/64
      - 10.128.10.8/16
  int0:
    addresses:
      - 2a09:6840:206::1:3/64
      - 10.206.1.7/16
    gateways: "{{ ifupdown2__gateways.int }}"
 ...
--- a/host_vars/ldap-2.int.infra.auro.re.yml
+++ b/host_vars/ldap-2.int.infra.auro.re.yml
@ -0,0 +1,16 @@
 ---
 systemd_link__links:
  adm0: 04:00:00:f7:1c:47
  int0: 04:00:00:e4:83:d2
 ifupdown2__interfaces:
  adm0:
    addresses:
      - 2a09:6840:128::10:108/64
      - 10.128.10.108/16
  int0:
    addresses:
      - 2a09:6840:206::1:4/64
      - 10.206.1.8/16
    gateways: "{{ ifupdown2__gateways.int }}"
 ...
--- a/host_vars/mx.test.infra.auro.re.yml
+++ b/host_vars/mx.test.infra.auro.re.yml
@ -0,0 +1,38 @@
 ---
 dovecot__auth_default_realm: test.auro.re
 dovecot__auth_users:
  jeltz@test.auro.re: "{plain}password"
  lafeych@test.auro.re: "{plain}password"
  toto@test.auro.re: "{plain}password"
  root@test.auro.re: "{plain}L9yXSrCbbafMlMls5q7WWMKC612XNbXL"
 dovecot__lmtp_postmaster_address: postmaster@test.auro.re
 ifupdown2__interfaces:
  ext0:
    addresses:
      - 2a09:6840:211::1:5/64
      - 10.211.1.5/16
      - 45.66.111.208/30
    gateways: "{{ ifupdown2__gateways.ext }}"
 postfix__hostname: mx.test.auro.re
 postfix__sasl_local_domain: test.auro.re
 postfix__virtual_aliases:
  postmaster@test.auro.re: root@test.auro.re
  dmarc@test.auro.re: root@test.auro.re
 postfix__virtual_mailbox_domains:
 - infra.test.auro.re
 - test.auro.re
 postfix__virtual_mailboxes:
  jeltz@test.auro.re: jeltz@test.auro.re
  root@test.auro.re: root@test.auro.re
  toto@test.auro.re: toto@test.auro.re
  vincent.lafeychine@test.auro.re: lafeych@test.auro.re
 systemd_link__links:
  ext0: ae:ae:ae:1d:c8:b2
 ...
--- a/host_vars/ns-1.pub.infra.auro.re.yml
+++ b/host_vars/ns-1.pub.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  pub0: 02:00:00:ad:62:64
 ifupdown2__interfaces:
  pub0:
    addresses:
      - 2a09:6840:215::1:2/64
      - 45.66.111.205/27
    gateways: "{{ ifupdown2__gateways.pub }}"
 ...
--- a/host_vars/ns-2.pub.infra.auro.re.yml
+++ b/host_vars/ns-2.pub.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  pub0: 04:00:00:1b:0a:3a
 ifupdown2__interfaces:
  pub0:
    addresses:
      - 2a09:6840:215::1:3/64
      - 45.66.111.207/27
    gateways: "{{ ifupdown2__gateways.pub }}"
 ...
--- a/host_vars/ns-3.ovh.infra.auro.re.yml
+++ b/host_vars/ns-3.ovh.infra.auro.re.yml
@ -0,0 +1,29 @@
 ---
 systemd_link__links:
  adm0: 96:77:96:91:e3:6c
  ovh0: 00:50:56:00:fd:c0
 ifupdown2__interfaces:
  adm0:
    addresses:
      - 2a09:6840:128::109/64
      - 10.128.0.109/16
  ovh0:
    addresses:
      - 92.222.211.194/24
    gateways: "{{ ifupdown2__gateways.ovh }}"
 # TODO: remove as soon as the VPN works
 knotd__remotes:
  xfr-master:
    address: 2a09:6840:128::110
    key: xfr
 knotd__acl:
  notify-master:
    address:
      - 2a09:6840:128::110
      - 10.128.0.110
    key: xfr
    action: notify
 ...
--- a/host_vars/ns-master.int.infra.auro.re/knotd.yml
+++ b/host_vars/ns-master.int.infra.auro.re/knotd.yml
@ -0,0 +1,615 @@
 ---
 knotd__listen:
  - address: 0.0.0.0
  - address: "::"
 knotd__keys:
  xfr:
    algorithm: hmac-sha512
    secret: "{{ vault_knotd_xfr_key }}"
  ksk-infra:
    algorithm: hmac-sha512
    secret: "{{ vault_knotd_ksk_infra_key }}"
  update-acme-challenge:
    algorithm: hmac-sha512
    secret: "{{ vault_certbot_dns_secret }}"
 knotd__remotes:
  xfr-ns-1:
    address: 2a09:6840:215::1:2
    key: xfr
  xfr-ns-2:
    address: 2a09:6840:215::1:3
    key: xfr
  xfr-ns-3:
    address: 10.128.0.109
    key: xfr
  ksk-infra:
    address: ::1
    key: ksk-infra
 knotd__policies:
  public:
    algorithm: ECDSAP256SHA256
    reproducible_signing: true
    # Je n'ai pas trouvé de façon de pousser les records automatiquement
    # sur .re, donc pour éviter d'oublier de le faire manuellement, la
    # KSK n'expire pas
    ksk_lifetime: 0
    zsk_lifetime: 30d
    nsec3: true
  infra:
    algorithm: ECDSAP256SHA256
    ksk_lifetime: 365d
    zsk_lifetime: 30d
    nsec3: on
    ds-push: ksk-infra
    cds-cdnskey-publish: rollover
    ksk-submission: infra
  ripe:
    algorithm: ECDSAP256SHA256
    ksk_lifetime: 365d
    zsk_lifetime: 30d
    nsec3: on
    ds-push: ksk-ripe
    cds-cdnskey-publish: rollover
    ksk-submission: ripe
 knotd__acl:
  xfr:
    addresses:
      - 2a09:6840:128::109
      - 10.128.0.109
      - 2a09:6840:215::1:2
      - 45.66.111.205
      - 2a09:6840:215::1:3
      - 45.66.111.207
    action: transfer
    key: xfr
  ksk-infra:
    addresses:
      - 127.0.0.1
      - ::1
    key: ksk-infra
    action: update
    update_types:
      - DS
    update_owner: name
    update_owner_match: equal
    update_owner_name:
      - infra
  update-acme-challenge:
    addresses:
      - 10.128.0.0/16
      - 2a09:6840:128::/48
    key: update-acme-challenge
    action: update
    update_types:
      - TXT
    update_owner: name
    update_owner_match: equal
    update_owner_name:
      - _acme-challenge.auro.re.
 knotd__queryacl:
  local:
    addresses:
      - 10.0.0.0/8
 knotd__soa_rname: root@auro.re.
 knotd__hosts:
  auro.re:
    proxy-ovh:
      - 92.222.211.195
    horus:
      - 92.23.218.136
    ns-1:
      - 45.66.111.205
      - 2a09:6840:215::1:2
    ns-2:
      - 92.222.211.194
    serge:
      - 92.222.211.196
    lama:
      - 185.230.78.220
      - 2a0c:700:12:0:67:e5ff:fee9:108
    vpn-ovh:
      - 92.222.211.197
    passerelle:
      - 45.66.111.254
      - 2a09:6840:111::254
    proxy:
      - 45.66.111.61
      - 2a09:6840:111::61
    camelot:
      - 45.66.111.59
      - 2a09:6840:111::59
    mail:
      - 45.66.111.62
      - 2a09:6840:111::62
    galene:
      - 45.66.111.65
      - 2a09:6840:111::65
    aclyas:
      - 45.66.111.231
      - 2a09:6840:111::231
    jitsi:
      - 45.66.111.55
      - 2a09:6840:111::55
    portail-fleming:
      - 10.13.0.247
      - 2a09:6840:13::247
    portail-pacaterie:
      - 10.23.0.247
      - 2a09:6840:23::247
    portail-rives:
      - 10.33.0.247
      - 2a09:6840:33::247
    portail-edc:
      - 10.43.0.247
      - 2a09:6840:43::247
    portail-gs:
      - 10.53.0.247
      - 2a09:6840:53::247
    grocy.bric:
      - 45.66.111.133
      - 2a09:6840:111::133
  adh.auro.re:
    hoffman:
      - 45.66.110.1
      - 2a09:6840:110:0:2d8:61ff:fe56:d7eb
    hindley:
      - 45.66.110.3
      - 2a09:6840:110:0:a6ba:dbff:fe03:1f36
    yberreby:
      - 45.66.110.5
      - 2a09:6840:110:0:d896:1dff:fe59:8381
    paon:
      - 45.66.110.10
      - 2a09:6840:110:0:231:92ff:fe1b:ae22
    lovelace:
      - 45.66.110.45
      - 2a09:6840:110:0:c634:6bff:feb5:7bcc
    switch-leo:
      - 45.66.110.103
      - 2a09:6840:110:0:82cc:9cff:fe82:ca3e
    haskell:
      - 45.66.110.112
      - 2a09:6840:110:0:f4ac:cbff:fe81:7f48
    lyshyga0:
      - 45.66.110.113
      - 2a09:6840:110:0:6af7:28ff:fe91:e8d9
    pz28910:
      - 45.66.110.114
    vinsing0:
      - 45.66.110.123
      - 2a09:6840:110:0:1e1b:dff:fe90:7d81
    osc-routeur:
      - 45.66.110.125
      - 2a09:6840:110:0:ba27:ebff:fe2d:c1a1
    odroid:
      - 45.66.110.154
      - 2a09:6840:110:0:21e:6ff:fe49:e00
    amau0:
      - 45.66.110.164
      - 2a09:6840:110:0:3e7c:3fff:fec3:27d1
    regulus:
      - 45.66.110.180
      - 2a09:6840:110:0:2ef0:5dff:fe2a:1530
    toaster:
      - 45.66.110.188
      - 2a09:6840:110:0:5246:5dff:fe9a:f70
    rpijutax:
      - 45.66.110.190
      - 2a09:6840:110:0:ba27:ebff:fe76:a9bc
    lafeychine:
      - 45.66.110.200
      - 2a09:6840:110:0:46a5:6eff:fe71:1
    polaris:
      - 45.66.110.245
      - 2a09:6840:110:0:dea6:32ff:feb4:d033
 knotd__zones:
  auro.re:
    dnssec_policy: public
    notify:
      - xfr-ns-1
      - xfr-ns-2
      - xfr-ns-3
    acl:
      - update-acme-challenge
      - ksk-infra
      - xfr
    soa:
      mname: ns-master.int.infra
    ns:
      - target:
          - ns-1.pub.infra
          - ns-2.pub.infra
          - ns-3.ovh.infra
      - name: infra
        target:
          - ns-1.pub.infra
          - ns-2.pub.infra
          - ns-3.ovh.infra
      - name: test
        target:
          - ns-1.pub.infra
          - ns-2.pub.infra
          - ns-3.ovh.infra
      - name: adm
        target:
          - serge
          - lama
      - name: ups
        target:
          - serge
          - lama
      - name: switch
        target:
          - serge
          - lama
      - name: borne
        target:
          - serge
          - lama
    mx:
      - exchange: mail
        preference: 5
      - exchange: proxy-ovh
        preference: 10
    txt:
      - data: v=spf1 mx -all
    a:
      - address: 92.222.211.195
    cname:
      - name:
          - gisti
          - gistiti
        target: jitsi
      - name:
          - element
          - riot
          - auth
          - rss
          - codimd
          - hedgedoc
          - grist
          - kanboard
          - www
          - pad
          - privatebin
          - zero
          - paste
        target: proxy-ovh
      - name:
          - grafana
          - nextcloud
          - cloud
          - office
        target: proxy.pub.infra
      - name:
          - netbox
          - wiki
          - matrix
          - drone
          - gitea
          - re2o
          - vote
        target: proxy
      - name: intranet
        target: re2o
      - name:
          - smtp
          - imap
        target: mail
      - name:
          - prometheus-paul.adh
          - pma-paul.adh
          - nextcloud-paul.adh
          - grafana-paul.adh
          - jellyfin.adh
          - monitoring.adh
          - beta-mpp.adh
          - pz28.adh
        target: lucepaul.myvnc.com.
      - name:
          - services-1.pve
        target: services-1.pve.infra
      - name:
          - services-2.pve
        target: services-2.pve.infra
      - name:
          - services-3.pve
        target: services-3.pve.infra
    hosts: "{{ knotd__hosts['auro.re']
               | combine(knotd__hosts['adh.auro.re']
                         | add_origin_keys('adh.auro.re.')) }}"
  test.auro.re:
    dnssec_policy: public
    notify:
      - xfr-ns-1
      - xfr-ns-2
      - xfr-ns-3
    acl:
      - xfr
    soa:
      mname: ns-master.int.infra.auro.re.
    txt:
      - data: v=spf1 mx -all
      - name: _dmarc
        data: v=DMARC1;p=quarantine;pct=100;rua=mailto:postmaster@test.auro.re;ruf=mailto:postmaster@test.auro.re
    ns:
      - target:
          - ns-1.pub.infra.auro.re.
          - ns-2.pub.infra.auro.re.
          - ns-3.ovh.infra.auro.re.
    mx:
      - exchange: mx
        preference: 5
    cname:
      - name:
          - www1
          - www2
          - www3
        target: proxy.pub.infra.auro.re.
    hosts:
      mx:
        - 2a09:6840:211::1:5
        - 45.66.111.205
  infra.auro.re:
    dnssec_policy: infra
    notify:
      - xfr-ns-1
      - xfr-ns-2
      - xfr-ns-3
    acl:
      - xfr
    #queryacl: local
    soa:
      mname: ns-master.int
    ns:
      - target:
          - ns-1.pub.infra.auro.re.
          - ns-2.pub.infra.auro.re.
          - ns-3.ovh.infra.auro.re.
    hosts:
      services-1.ceph:
        - 10.214.1.1
        - "2a09:6840:214::1:1"
      services-2.ceph:
        - 10.214.1.2
        - "2a09:6840:214::1:2"
      services-3.ceph:
        - 10.214.1.3
        - "2a09:6840:209::1:3"
      services-1.pve:
        - 10.209.2.1
        - 2a09:6840:209::2:1
      services-2.pve:
        - 10.209.2.2
        - 2a09:6840:209::2:2
      services-3.pve:
        - 10.209.2.3
        - 2a09:6840:209::2:3
      ns-master.int:
        - 10.128.0.110
        - 2a09:6840:128:0::110
      network-1.pve:
        - 2a09:6840:209::1:1
        - 10.209.1.1
      network-2.pve:
        - 2a09:6840:209::1:2
        - 10.209.1.2
      edge-1.back:
        - 2a09:6840:203::1:1
        - 10.203.1.1
      edge-2.back:
        - 2a09:6840:203::1:2
        - 10.203.1.2
      dns-1.int:
        - 2a09:6840:206::1:1
        - 10.206.1.1
      dns-2.int:
        - 2a09:6840:206::1:2
        - 10.206.1.2
      nis2.int:
        - 2a09:6840:206::2:1
        - 10.206.2.1
      wg-1.vpn:
        - 2a09:6840:213::1:3
        - 10.213.1.3
      wg-2.vpn:
        - 2a09:6840:213::1:4
        - 10.213.1.4
      infra-1.back:
        - 2a09:6840:203::1:3
        - 10.203.1.3
      infra-2.back:
        - 2a09:6840:203::1:4
        - 10.203.1.4
      isp-1.back:
        - 2a09:6840:203::1:5
        - 10.203.1.5
      isp-2.back:
        - 2a09:6840:203::1:6
        - 10.203.1.6
      dhcp-1.isp:
        - 2a09:6840:210::1:1
        - 10.210.1.1
      dhcp-2.isp:
        - 2a09:6840:210::1:2
        - 10.210.1.2
      radius-1.isp:
        - 2a09:6840:210::1:3
        - 10.210.1.3
      radius-2.isp:
        - 2a09:6840:210::1:4
        - 10.210.1.4
      ldap-1.int:
        - 10.128.10.8
        - 2a09:6840:128::10:8
      ldap-2.int:
        - 10.128.10.108
        - 2a09:6840:128::10:108
      ntp-1.int:
        - 2a09:6840:206::1:5
        - 10.206.1.5
      ntp-2.int:
        - 2a09:6840:206::1:6
        - 10.206.1.6
      prometheus-1.monit:
        - 2a09:6840:204::1:1
        - 10.204.1.1
      prometheus-2.monit:
        - 2a09:6840:204::1:2
        - 10.204.1.2
      ff-1.core.sw:
        #- 2a09:6840:207::1:1
        - 10.207.1.1
      ff-2.core.sw:
        #- 2a09:6840:207::1:2
        - 10.207.1.2
      fl-1.core.sw:
        #- 2a09:6840:207::1:3
        - 10.207.1.3
      fl-2.core.sw:
        #- 2a09:6840:207::1:4
        - 10.207.1.4
      fd-1.core.sw:
        #- 2a09:6840:207::1:5
        - 10.207.1.5
      ff-3.core.sw:
        #- 2a09:6840:207::1:6
        - 10.207.1.6
      gk-1.core.sw:
        #- 2a09:6840:207::2:1
        - 10.207.2.1
      eb-1.core.sw:
        #- 2a09:6840:207::3:1
        - 10.207.3.1
      r3-1.core.sw:
        #- 2a09:6840:207::4:1
        - 10.207.4.1
      eb-1.ups:
        - 2a09:6840:201::3:1
        - 10.201.3.1
      ec-1.ups:
        - 2a09:6840:201::3:2
        - 10.201.3.2
      mx.test:
        - 2a09:6840:211::1:5
        - 10.211.1.5
      collabora.ext:
        - 2a09:6840:211::1:1
        - 10.211.1.1
      proxy.pub:
        - 2a09:6840:215::1:1
        - 45.66.111.206
      ns-1.pub:
        - 2a09:6840:215::1:2
        - 45.66.111.205
      ns-2.pub:
        - 2a09:6840:215::1:3
        - 45.66.111.207
      ns-3.ovh:
        - 92.222.211.194
  108.66.45.in-addr.arpa:
    dnssec_policy: ripe
    notify:
      - xfr-ns-1
      - xfr-ns-2
      - xfr-ns-3
    acl:
      - xfr
    soa:
      mname: ns-master.int.infra.auro.re.
    ns:
      - target:
          - ns-1.pub.infra.auro.re.
          - ns-2.pub.infra.auro.re.
          - ns-3.ovh.infra.auro.re.
  109.66.45.in-addr.arpa:
    dnssec_policy: ripe
    notify:
      - xfr-ns-1
      - xfr-ns-2
      - xfr-ns-3
    acl:
      - xfr
    soa:
      mname: ns-master.int.infra.auro.re.
    ns:
      - target:
          - ns-1.pub.infra.auro.re.
          - ns-2.pub.infra.auro.re.
          - ns-3.ovh.infra.auro.re.
  110.66.45.in-addr.arpa:
    dnssec_policy: ripe
    notify:
      - xfr-ns-1
      - xfr-ns-2
      - xfr-ns-3
    acl:
      - xfr
    soa:
      mname: ns-master.int.infra.auro.re.
    ns:
      - target:
          - ns-1.pub.infra.auro.re.
          - ns-2.pub.infra.auro.re.
          - ns-3.ovh.infra.auro.re.
    reverse_hosts: "{{ knotd__hosts['adh.auro.re']
                       | ip_filter(['45.66.110.0/24'])
                       | add_origin_keys('adh.auro.re.') }}"
  111.66.45.in-addr.arpa:
    dnssec_policy: ripe
    notify:
      - xfr-ns-1
      - xfr-ns-2
      - xfr-ns-3
    acl:
      - xfr
    soa:
      mname: ns-master.int.infra.auro.re.
    ns:
      - target:
          - ns-1.pub.infra.auro.re.
          - ns-2.pub.infra.auro.re.
          - ns-3.ovh.infra.auro.re.
    reverse_hosts: "{{ knotd__hosts['auro.re']
                       | ip_filter(['45.66.111.0/24'])
                       | add_origin_keys('auro.re.') }}"
  0.4.8.6.9.0.a.2.ip6.arpa:
    dnssec_policy: ripe
    notify:
      - xfr-ns-1
      - xfr-ns-2
      - xfr-ns-3
    acl:
      - xfr
    soa:
      mname: ns-master.int.infra.auro.re.
    ns:
      - target:
          - ns-1.pub.infra.auro.re.
          - ns-2.pub.infra.auro.re.
          - ns-3.ovh.infra.auro.re.
    reverse_hosts: "{{ knotd__hosts['auro.re']
                       | ip_filter(['2a09:6840::/32'])
                       | add_origin_keys('auro.re.')
                       | combine(knotd__hosts['adh.auro.re']
                                 | ip_filter(['2a09:6840::/32'])
                                 | add_origin_keys('adh.auro.re.')) }}"
 ...
--- a/host_vars/ns-master.int.infra.auro.re/main.yml
+++ b/host_vars/ns-master.int.infra.auro.re/main.yml
@ -0,0 +1,16 @@
 ---
 systemd_link__links:
  int0: 02:00:00:e3:36:c8
  adm0: 42:17:a7:d1:bd:6a
 ifupdown2__interfaces:
  adm0:
    addresses:
      - 2a09:6840:128::110/64
      - 10.128.0.110/16
  int0:
    addresses:
      - 2a09:6840:206::1:7/64
      - 10.206.1.7/16
    gateways: "{{ ifupdown2__gateways.int }}"
 ...
--- a/host_vars/ntp-1.int.infra.auro.re.yml
+++ b/host_vars/ntp-1.int.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  int0: 02:00:00:74:71:83
 ifupdown2__interfaces:
  int0:
    addresses:
      - 2a09:6840:206::1:5/64
      - 10.206.1.5/16
    gateways: "{{ ifupdown2__gateways.int }}"
 ...
--- a/host_vars/ntp-2.int.infra.auro.re.yml
+++ b/host_vars/ntp-2.int.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  int0: 04:00:00:31:be:50
 ifupdown2__interfaces:
  int0:
    addresses:
      - 2a09:6840:206::1:6/64
      - 10.206.1.6/16
    gateways: "{{ ifupdown2__gateways.int }}"
 ...
--- a/host_vars/prometheus-1.monit.infra.auro.re.yml
+++ b/host_vars/prometheus-1.monit.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  monit0: 02:00:00:a8:6b:51
 ifupdown2__interfaces:
  monit0:
    addresses:
      - 2a09:6840:204::1:1/64
      - 10.204.1.1/16
    gateways: "{{ ifupdown2__gateways.monit }}"
 ...
--- a/host_vars/prometheus-2.monit.infra.auro.re.yml
+++ b/host_vars/prometheus-2.monit.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  monit0: 04:00:00:a6:93:5a
 ifupdown2__interfaces:
  monit0:
    addresses:
      - 2a09:6840:204::1:2/64
      - 10.204.1.2/16
    gateways: "{{ ifupdown2__gateways.monit }}"
 ...
--- a/host_vars/proxy.adm.auro.re.yml
+++ b/host_vars/proxy.adm.auro.re.yml
@ -70,3 +70,6 @@ loc_reverseproxy:
    - from: grafana.auro.re
      to: "10.128.0.98:3000"
    - from: office.auro.re
      to: "10.128.0.220"
--- a/host_vars/proxy.pub.infra.auro.re.yml
+++ b/host_vars/proxy.pub.infra.auro.re.yml
@ -0,0 +1,99 @@
 ---
 systemd_link__links:
  pub0: ae:ae:ae:3a:71:0b
 ifupdown2__interfaces:
  pub0:
    addresses:
      - 2a09:6840:215::1:1/64
      - 45.66.111.206/27
    gateways: "{{ ifupdown2__gateways.pub }}"
 caddy__matrix_headers:
  access-control-allow-headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
  access-control-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
  access-control-allow-origin: "*"
 caddy__routes_https:
  www1.test.auro.re:
    - root: /var/www/auro.re
    - path: /.well-known/matrix/server
      headers: "{{ caddy__matrix_headers }}"
      body: '{"m.server": "matrix.auro.re:8448"}'
      status: 200
    - path: /.well-known/matrix/client
      headers: "{{ caddy__matrix_headers }}"
      body: '{"m.homeserver": {"base_url": "https://matrix.auro.re"}}'
      status: 200
  www2.test.auro.re:
    headers:
      location: "https://auro.re{http.request.uri}"
    status: 301
  www3.test.auro.re:
    reverse:
      - "[2a09:6840:128::198]:3000"
      - 10.128.0.198:3000
  grafana.auro.re:
    reverse:
      - "[2a09:6840:128::98]:3000"
      - 10.128.0.98:3000
  office.auro.re:
    reverse:
      - "[2a09:6840:211::1:1]:9980"
      - 10.211.1.1:9980
  nextcloud.auro.re:
    headers:
      location: "https://cloud.auro.re{http.request.uri}"
    status: 301
  cloud.auro.re:
    - path: /.well-known/carddav
      headers:
        location: /remote.php/dav/
      status: 301
    - path: /.well-known/caldav
      headers:
        location: /remote.php/dav/
      status: 301
    - path: /.well-known/webfinger
      headers:
        location: /index.php/.well-known/webfinger
      status: 301
    - path: /.well-known/nodeinfo
      headers:
        location: /index.php/.well-known/nodeinfo
      status: 301
    - path: /remote/*
      rewrite: /remote.php
    - path: /ocm-provider/*
      rewrite: /index.php
    - path: "*.mjs"
      headers:
        content-type: text/javascript
    - reverse:
        - "[2a09:6840:128::58]:8080"
        - 10.128.0.58:8080
      headers:
        x-robots-tag: noindex, nofollow
        referrer-policy: no-referrer
        x-content-type-options: nosniff
        x-frame-options: SAMEORIGIN
        x-permitted-cross-domain-policies: none
        x-xss-protection: "1; mode=block"
 caddy__contact_email: tech.aurore@lists.crans.org
 caddy__errors:
  - root: "{{ caddy__error_dir }}"
  - rewrite: /error.html
  - file_server: true
    templates: true
 caddy__servers:
  https:
    listen: ":443"
    routes: "{{ caddy__routes_https }}"
    errors: "{{ caddy__errors }}"
  http:
    listen: ":80"
 ...
--- a/host_vars/radius-1.isp.infra.auro.re.yml
+++ b/host_vars/radius-1.isp.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  isp0: 02:00:00:6a:3e:f4
 ifupdown2__interfaces:
  isp0:
    addresses:
      - 2a09:6840:210::1:3/64
      - 10.210.1.3/16
    gateways: "{{ ifupdown2__gateways.isp }}"
 ...
--- a/host_vars/radius-2.isp.infra.auro.re.yml
+++ b/host_vars/radius-2.isp.infra.auro.re.yml
@ -0,0 +1,11 @@
 ---
 systemd_link__links:
  isp0: 04:00:00:29:6d:c9
 ifupdown2__interfaces:
  isp0:
    addresses:
      - 2a09:6840:210::1:4/64
      - 10.210.1.4/16
    gateways: "{{ ifupdown2__gateways.isp }}"
 ...
--- a/host_vars/wg-1.vpn.infra.auro.re.yml
+++ b/host_vars/wg-1.vpn.infra.auro.re.yml
@ -0,0 +1,44 @@
 ---
 systemd_link__links:
  vpn0:
    enabled: false
  vpn: 02:00:00:b5:ca:c7
  ext0:
    enabled: false
  ext: 02:00:00:e3:65:49
 ifupdown2__interfaces:
  ext0:
    gateways: "{{ ifupdown2__gateways.ext }}"
    addresses:
      - 2a09:6840:211::1:1/64
      - 10.211.1.1/16
      - 45.66.111.204/30
  vpn0:
    addresses:
      - 2a09:6840:213::1:3/64
      - 10.213.1.3/16
    # FIXME: move to group_vars
    goto_table: "{{ iproute2__custom_tables.wireguard }}"
    #vrf: wg-vrf
  ext:
    gateways: "{{ ifupdown2__gateways.ext }}"
    addresses:
      - 2a09:6840:211::1:1/64
      - 10.211.1.1/16
      - 45.66.111.204/30
  vpn:
    addresses:
      - 2a09:6840:213::1:3/64
      - 10.213.1.3/16
    # FIXME: move to group_vars
    goto_table: "{{ iproute2__custom_tables.wireguard }}"
    #vrf: wg-vrf
 bird__router_id: 10.213.1.3
 bird__bgp_addr:
  vpn:
    - 2a09:6840:213::1:3
    - 10.213.1.3
 ...
--- a/138
+++ b/138
@ -1,9 +1,104 @@
 # Aurore servers inventory
-# How to name your server ?
+[vm_test]
-# > We name servers according to location, then type, then function.
+mx.test.infra.auro.re
 # > Then we regroup everything in global geographic, type and function groups.
 [vm_services]
 collabora.ext.infra.auro.re
 proxy.pub.infra.auro.re
 [aruba]
 eb-1.acs.sw.infra.auro.re
 [quanta]
 ff-1.core.sw.infra.auro.re
 ff-2.core.sw.infra.auro.re
 fl-1.core.sw.infra.auro.re
 fl-2.core.sw.infra.auro.re
 fd-1.core.sw.infra.auro.re
 gk-1.core.sw.infra.auro.re
 eb-1.core.sw.infra.auro.re
 r3-1.core.sw.infra.auro.re
 [eaton_ups]
 eb-1.ups.infra.auro.re
 ec-1.ups.infra.auro.re
 [vpn]
 wg-[1:2].vpn.infra.auro.re
 [dns]
 dns-[1:2].int.infra.auro.re
 [dhcp]
 dhcp-[1:2].isp.infra.auro.re
 [edge]
 edge-[1:2].back.infra.auro.re
 [isp]
 isp-1.back.infra.auro.re
 #isp-[1:2].back.infra.auro.re
 [infra]
 infra-[1:2].back.infra.auro.re
 [prom]
 prometheus-[1:2].monit.infra.auro.re
 [router:children]
 isp
 infra
 edge
 [ns]
 ns-[1:2].pub.infra.auro.re
 ns-3.ovh.infra.auro.re
 [ldap]
 #ldap-[1:2].int.infra.auro.re
 [ntp]
 ntp-[1:2].int.infra.auro.re
 [radiusng]
 radius-[1:2].isp.infra.auro.re
 [vm:children]
 vm_network
 vm_services
 vm_ovh
 [vm_ovh]
 ns-3.ovh.infra.auro.re
 [vm_network:children]
 vpn
 edge
 dhcp
 dns
 radiusng
 ntp
 #ldap
 isp
 infra
 prom
 ns
 nsmaster
 [nsmaster]
 ns-master.int.infra.auro.re
 [pve:children]
 pve_network
 pve_services
 [pve_network]
 network-1.pve.infra.auro.re ansible_ssh_host=10.209.1.1
 network-2.pve.infra.auro.re
 [pve_services]
 services-[1:3].pve.infra.auro.re
 ###############################################################################
 # Aurore : main services
@ -69,6 +164,7 @@ switchs-manager.adm.auro.re
 ldap-replica-ovh.adm.auro.re
 prometheus-ovh.adm.auro.re
 prometheus-federate.adm.auro.re
 ns-2.auro.re
 [ovh_testing_vm]
 #re2o-test.adm.auro.re
@ -89,15 +185,9 @@ dhcp-fleming.adm.auro.re
 dhcp-fleming-backup.adm.auro.re
 dns-fleming.adm.auro.re
 dns-fleming-backup.adm.auro.re
 ntp-1.int.infra.auro.re
 prometheus-fleming.adm.auro.re
-#prometheus-fleming-fo.adm.auro.re
+ns-1.auro.re
 radius-fleming.adm.auro.re
 dns-1.int.infra.auro.re
 isp-1.rtr.infra.auro.re
 isp-2.rtr.infra.auro.re
 dhcp-1.isp.auro.re
 dhcp-2.isp.auro.re
 radius-fleming-backup.adm.auro.re
 unifi-fleming.adm.auro.re
 routeur-fleming.adm.auro.re
@ -505,13 +595,13 @@ rives_unifi
 ovh_container
 # every virtual machine
-[vm:children]
+#[vm:children]
-ovh_vm
+#ovh_vm
-fleming_vm
+#fleming_vm
-pacaterie_vm
+#pacaterie_vm
-edc_vm
+#edc_vm
-gs_vm
+#gs_vm
-rives_vm
+#rives_vm
 # every server
 [server:children]
@ -519,13 +609,13 @@ fleming_server
 edc_server
 # every PVE
-[pve:children]
+#[pve:children]
-ovh_pve
+#ovh_pve
-fleming_pve
+#fleming_pve
-pacaterie_pve
+#pacaterie_pve
-edc_pve
+#edc_pve
-gs_pve
+#gs_pve
-rives_pve
+#rives_pve
 # every unifi
 [unifi:children]
--- a/playbooks/base.yml
+++ b/playbooks/base.yml
@ -1,10 +1,9 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Put a common configuration on all servers
+- hosts:
- hosts: all,!unifi
+    - pve
    - vm
  roles:
-    - baseconfig
+    - base_utils
-    - basesecurity
+    - unattended_upgrades
-    - ldap_client
+...
    - logrotate
    - update_motd
--- a/playbooks/bird.yml
+++ b/playbooks/bird.yml
@ -0,0 +1,484 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - infra
    - isp
    - vpn
  roles:
    - bird
 #- hosts:
 #    - isp-1.back.infra.auro.re
 #    - isp-2.back.infra.auro.re
 #  vars:
 #    bird__router_ids:
 #      isp-1.back.infra.auro.re: 10.203.1.5
 #      isp-2.back.infra.auro.re: 10.203.1.6
 #    bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
 #    bird__radv_interfaces:
 #      client0:
 #        prefix:
 #          - 2a09:6841::/64
 #        domain_search:
 #          - client0.isp.auro.re
 #      client1:
 #        prefix:
 #          - 2a09:6841:0:1::/64
 #        domain_search:
 #          - client1.isp.auro.re
 #      client2:
 #        prefix:
 #          - 2a09:6841:0:2::/64
 #        domain_search:
 #          - client2.isp.auro.re
 #      client3:
 #        prefix:
 #          - 2a09:6841:0:3::/64
 #        domain_search:
 #          - client3.isp.auro.re
 #      client4:
 #        prefix:
 #          - 2a09:6841:0:400::/64
 #        domain_search:
 #          - client4.isp.auro.re
 #    bird__radv_dns_servers:
 #      - 2a09:6840:128::10:103
 #      - 2a09:6840:128::10:3
 #    bird__asn:
 #      aurore: 43619
 #    bird__bgp_addresses:
 #      isp-1.back.infra.auro.re:
 #        - 2a09:6840:203::1:5
 #        - 10.203.1.5
 #      isp-2.back.infra.auro.re:
 #        - 2a09:6840:203::1:6
 #        - 10.203.1.6
 #    bird__bgp_sessions:
 #      edge1:
 #        local:
 #          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6840:203::1:1
 #            - 10.203.1.1
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: true
 #        export:
 #          - accept: false
 #      edge2:
 #        local:
 #          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6840:203::1:2
 #            - 10.203.1.2
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: true
 #        export:
 #          - accept: false
 #    bird__ospf_broadcast_interfaces:
 #      back0: null
 #    bird__ospf_stub_interfaces:
 #      - client0
 #      - client1
 #      - client2
 #      - client3
 #      - client4
 #  roles:
 #    - bird
 #- hosts:
 #    - infra-1.back.infra.auro.re
 #    - infra-2.back.infra.auro.re
 #  vars:
 #    bird__router_ids:
 #      infra-1.back.infra.auro.re: 10.203.1.3
 #      infra-2.back.infra.auro.re: 10.203.1.4
 #    bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
 #    bird__ospf_broadcast_interfaces:
 #      back0: null
 #    bird__ospf_stub_interfaces:
 #      - monit0
 #      - wifi0
 #      - int0
 #      - pub0
 #      - bmc0
 #      - pve0
 #      - isp0
 #      - mgmt0
 #    bird__asn:
 #      aurore: 43619
 #    bird__bgp_addresses:
 #      infra-1.back.infra.auro.re:
 #        - 2a09:6840:203::1:3
 #        - 10.203.1.3
 #      infra-2.back.infra.auro.re:
 #        - 2a09:6840:203::1:4
 #        - 10.203.1.4
 #    bird__bgp_sessions:
 #      edge1:
 #        local:
 #          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6840:203::1:1
 #            - 10.203.1.1
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: true
 #        export:
 #          - accept: false
 #      edge2:
 #        local:
 #          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 ##          address:
 #            - 2a09:6840:203::1:2
 #            - 10.203.1.2
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: true
 #        export:
 #          - accept: false
 #  roles:
 #    - bird
 #- hosts:
 #    - edge-1.back.infra.auro.re
 #    - edge-2.back.infra.auro.re
 #  vars:
 #    bird__router_ids:
 #      edge-1.back.infra.auro.re: 10.203.1.1
 #      edge-2.back.infra.auro.re: 10.203.1.2
 #    bird__asn:
 #      aurore: 43619
 #      crans: 204515
 #      zayo: 8218
 #      viarezo: 212424
 #      rezel: 199116
 #    bird__orig_prefixes:
 #      aurore:
 #        - 45.66.108.0/22
 #        - 2a09:6840::/32
 #        - 2a09:6841::/32
 #        - 2a09:6842::/32
 #      crans:
 #        - 185.230.76.0/22
 #        - 2a0c:700::/32
 #      viarezo:
 #        - 138.195.144.0/20
 #        - 192.159.121.0/24
 #        - 2a0c:b641:2f0::/44
 #      rezel:
 #        - 137.194.8.0/22
 #        - 2a09:6847::/32
 #      martians:
 #        - 10.0.0.0/8
 #        - 172.16.0.0/12
 #        - 192.168.0.0/16
 #        - 100.64.0.0/10
 #        - 127.0.0.0/8
 #        - 169.254.0.0/16
 #        - 192.0.0.0/24
 #        - 192.0.2.0/24
 #        - 198.18.0.0/15
 #        - 198.51.100.0/24
 #        - 203.0.113.0/24
 #        - 224.0.0.0/4
 #        - 240.0.0.0/4
 #        - ::/128
 #        - ::1/128
 #        - ::ffff:0:0/96
 #        - ::/96
 #        - 100::/64
 #        - 2001:10::/28
 #        - 2001:db8::/32
 #        - fc00::/7
 #        - fe80::/10
 #        - fec0::/10
 #        - ff00::/8
 #    bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
 #    bird__bgp_addresses:
 #      edge:
 #        edge-1.back.infra.auro.re:
 #          - 2a09:6840:203::1:1
 #          - 10.203.1.1
 #        edge-2.back.infra.auro.re:
 #            - 2a09:6840:203::1:2
 #            - 10.203.1.2
 #      legacy:
 #        edge-1.back.infra.auro.re:
 #          - 2a09:6840:129::10:2
 #          - 10.129.10.2
 #        edge-2.back.infra.auro.re:
 #          - 2a09:6840:129::10:102
 #          - 10.129.10.102
 #      rezel:
 #        edge-1.back.infra.auro.re:
 #          - 2a09:6842:19:9116::1
 #          - 45.66.111.1
 #        edge-2.back.infra.auro.re:
 #          - 2a09:6842:19:9116::3
 #          - 45.66.111.3
 #    bird__bgp_sessions:
 #      edge:
 #        local:
 #          address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address: "{{ bird__bgp_addresses.edge
 #                       | dict2items
 #                       | selectattr('key', '!=', inventory_hostname)
 #                       | map(attribute='value')
 #                       | first }}"
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: true
 #        export:
 #          - local_pref: 75
 #            accept: true
 #      vpn1:
 #        local:
 #          address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6840:203::1:7
 #            - 10.203.1.7
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: false
 #        export:
 #          - accept: true
 #      vpn2:
 #        local:
 #          address: "{{ bird__bgp_addresses.edge[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6840:203::1:8
 #            - 10.203.1.8
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: false
 #        export:
 #          - accept: false
 #      legacy:
 #        next_hop_self: true
 #        local:
 #          address: "{{ bird__bgp_addresses.legacy[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6840:129::240
 #            - 10.129.0.240
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: false
 #        export:
 #          - bgp_proto:
 #              - crans
 #              - zayo
 #              - rezel1
 #              - rezel2
 #            accept: true
 #          - accept: false
 #      zayo:
 #        local:
 #          address:
 #            - 83.167.52.69
 #            - 2001:1b48:2:103::d7:2
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 83.167.52.68
 #            - 2001:1b48:2:103::d7:1
 #          as: "{{ bird__asn.zayo }}"
 #        import:
 #          - prefix: "{{ bird__orig_prefixes.martians }}"
 #            sub: true
 #            accept: false
 #          - accept: true
 #        export:
 #          - prefix: "{{ ['aurore', 'crans', 'viarezo', 'rezel']
 #                        | map('extract', bird__orig_prefixes)
 #                        | flatten }}"
 #            sub: true
 #            accept: true
 ##          - accept: false
 #      crans:
 #        local:
 #          address:
 #            - 185.230.79.254
 #            - 2a0c:700:28::2
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 185.230.79.253
 #            - 2a0c:700:28::1
 #          as: "{{ bird__asn.crans }}"
 #        import:
 #          - prefix: "{{ bird__orig_prefixes.crans }}"
 #            sub: true
 #            accept: true
 #          - accept: false
 #        export:
 #          - bgp_proto:
 #              - viarezo
 #              - rezel1
 #              - rezel2
 #              - zayo
 #            accept: true
 #          - prefix: "{{ bird__orig_prefixes.aurore }}"
 #            sub: true
 #            accept: true
 #          - accept: false
 #      rezel1:
 #        local:
 #          address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6842:19:9116::2
 #            - 45.66.111.2
 #          as: "{{ bird__asn.rezel }}"
 #        import:
 #          - prefix: "{{ bird__orig_prefixes.rezel }}"
 #            sub: true
 #            accept: true
 #          - accept: false
 #        export:
 #          - bgp_proto:
 #              - edge
 #              - viarezo
 #              - crans
 #              - zayo
 #            accept: true
 #          - prefix: "{{ bird__orig_prefixes.aurore }}"
 #            sub: true
 #            accept: true
 #          - accept: false
 #      rezel2:
 #        local:
 #          address: "{{ bird__bgp_addresses.rezel[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6842:19:9116::4
 #            - 45.66.111.4
 #          as: "{{ bird__asn.rezel }}"
 #        import:
 #          - local_pref: 75
 #          - prefix: "{{ bird__orig_prefixes.rezel }}"
 #            sub: true
 #            accept: true
 #          - accept: false
 #        export:
 #          - bgp_proto:
 #              - edge
 #              - viarezo
 #              - crans
 #              - zayo
 #            accept: true
 #          - prefix: "{{ bird__orig_prefixes.aurore }}"
 #            sub: true
 #            accept: true
 #          - accept: false
 #      viarezo:
 #        local:
 #          address:
 #            - 192.159.121.134
 #            - 2a0c:b641:2ff::6
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 192.159.121.133
 #            - 2a0c:b641:2ff::5
 #          as: "{{ bird__asn.viarezo }}"
 #        import:
 #          - prefix: "{{ bird__orig_prefixes.martians }}"
 #            accept: false
 #          - prefix: "{{ bird__orig_prefixes.viarezo }}"
 #            sub: true
 #            negate: true
 #            local_pref: 50
 #          - accept: true
 #        export:
 #          - prefix: "{{ bird__orig_prefixes.aurore }}"
 #            as_prepend:
 #              asn: "{{ bird__asn.aurore }}"
 #              size: 5
 #          - bgp_proto:
 #              - crans
 #              - zayo
 #            accept: true
 #          - accept: false
 #    bird__ospf_broadcast_interfaces:
 #      back0: null
 #    bird__ospf_stub_interfaces:
 #      - crans0
 #      - zayo0
 #      - rezel0
 #      - viarezo0
 #    bird__static_unreachable: "{{ bird__orig_prefixes.aurore }}"
 #  roles:
 #    - bird
 #- hosts:
 #    - vpn-1.back.infra.auro.re
 #    - vpn-2.back.infra.auro.re
 #  vars:
 #    bird__asn:
 #      aurore: 43619
 #    bird__router_ids:
 #      vpn-1.back.infra.auro.re: 10.203.1.7
 #      vpn-2.back.infra.auro.re: 10.203.1.8
 #    bird__router_id: "{{ bird__router_ids[inventory_hostname] }}"
 #    bird__bgp_addresses:
 #      vpn-1.back.infra.auro.re:
 #        - 2a09:6840:203::1:7
 #        - 10.203.1.7
 #      vpn-2.back.infra.auro.re:
 #        - 2a09:6840:203::1:8
 #        - 10.203.1.8
 #    bird__bgp_sessions:
 #      edge1:
 #        local:
 #          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6840:203::1:1
 #            - 10.203.1.1
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: true
 #        export:
 #          - accept: false
 #      edge2:
 #        local:
 #          address: "{{ bird__bgp_addresses[inventory_hostname] }}"
 #          as: "{{ bird__asn.aurore }}"
 #        remote:
 #          address:
 #            - 2a09:6840:203::1:2
 #            - 10.203.1.2
 #          as: "{{ bird__asn.aurore }}"
 #        import:
 #          - accept: true
 #        export:
 #          - accept: false
 #    bird__ospf_broadcast_interfaces:
 #      back0: null
 #    bird__ospf_stub_interfaces:
 ##      - wg0
 #  roles:
 #    - bird
 ...
--- a/playbooks/caddy.yml
+++ b/playbooks/caddy.yml
@ -0,0 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - proxy.pub.infra.auro.re
  roles:
    - caddy
 ...
--- a/playbooks/chronyd.yml
+++ b/playbooks/chronyd.yml
@ -1,27 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
-    - ntp-1.int.infra.auro.re
+    - pve_network
-  vars:
+    - vm_network
-    chronyd__allow_networks:
+    - vm_services
-      - 10.128.0.0/16
+    - ntp
      - 2a09:6840:128::/48
    chronyd__pools:
      - 0.pool.ntp.org
      - 1.pool.ntp.org
      - 2.pool.ntp.org
      - 3.pool.ntp.org
    chronyd__local_stratum: 10
  roles:
    - chronyd
 - hosts:
    - all
    - "!ntp-1.int.infra.auro.re"
    - "!unifi"
  vars:
    chronyd__pools:
      - ntp-1.int.infra.auro.re
  roles:
    - chronyd
 ...
--- a/playbooks/collabora.yml
+++ b/playbooks/collabora.yml
@ -0,0 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - collabora.ext.infra.auro.re
  roles:
    - collabora
 ...
--- a/playbooks/dhcpd.yml
+++ b/playbooks/dhcpd.yml
@ -0,0 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - dhcp
  roles:
    - dhcpd
 ...
--- a/playbooks/firewall.yml
+++ b/playbooks/firewall.yml
@ -0,0 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - infra
    - isp
  roles:
    - firewall
 ...
--- a/playbooks/freeradius.yml
+++ b/playbooks/freeradius.yml
@ -0,0 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - radius
  roles:
    - freeradius
 ...
--- a/playbooks/grafana.yml
+++ b/playbooks/grafana.yml
@ -17,8 +17,9 @@
        bind_password: "{{ vault_ldap_grafana_password }}"
        search_base_dns: "cn=Utilisateurs,dc=auro,dc=re"
        group_search_base_dns: "ou=posix,ou=groups,dc=auro,dc=re"
-        editors_group_dn:
+        admins_group_dn:
          - cn=sudoldap,ou=posix,ou=groups,dc=auro,dc=re
        editors_group_dn:
          - cn=technicien,ou=posix,ou=groups,dc=auro,dc=re
    update_motd:
      grafana: Grafana est déployé (/etc/grafana).
--- a/playbooks/hostname.yml
+++ b/playbooks/hostname.yml
@ -0,0 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - vm
    - pve
  roles:
    - hostname
 ...
--- a/playbooks/ifupdown2.yml
+++ b/playbooks/ifupdown2.yml
@ -1,213 +1,7 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
-    - ntp-1.int.infra.auro.re
+    - vm
    - dns-1.int.infra.auro.re
    - dhcp-1.isp.auro.re
    - dhcp-2.isp.auro.re
    - isp-1.rtr.infra.auro.re
    - isp-2.rtr.infra.auro.re
  vars:
    # TODO: netbox
    ifupdown2__hosts:
      ntp-1.int.infra.auro.re:
        ens18:
          gateways:
            - 2a09:6840:128::254
            - 10.128.0.254
          addresses:
            - 2a09:6840:128::203/56
            - 10.128.0.203/16
      dns-1.int.infra.auro.re:
        ens18:
          gateways:
            - 2a09:6840:128::254
            - 10.128.0.254
          addresses:
            - 2a09:6840:128::127/56
            - 10.128.0.127/16
      dhcp-1.isp.auro.re:
        ens18:
          gateways:
            - 2a09:6840:128::254
            - 10.128.0.254
          addresses:
            - 2a09:6840:128::204/56
            - 10.128.0.204/16
        ens19: null
        clients:
          bridge_vlan_aware: true
          bridge_ports:
            - ens19
          bridge_vids:
            - 1000-1004
        client-0:
          addresses:
            - 100.64.0.2/27
          vlan_id: 1000
          vlan_raw_device: clients
        client-1:
          addresses:
            - 100.64.0.34/27
          vlan_id: 1001
          vlan_raw_device: clients
        client-2:
          addresses:
            - 100.64.0.66/27
          vlan_id: 1002
          vlan_raw_device: clients
        client-3:
          addresses:
            - 100.64.0.98/27
          vlan_id: 1003
          vlan_raw_device: clients
        client-4:
          addresses:
            - 100.64.0.130/27
          vlan_id: 1004
          vlan_raw_device: clients
      dhcp-2.isp.auro.re:
        ens18:
          gateways:
            - 2a09:6840:128::254
            - 10.128.0.254
          addresses:
            - 2a09:6840:128::91/56
            - 10.128.0.91/16
        ens19: null
        clients:
          bridge_vlan_aware: true
          bridge_ports:
            - ens19
          bridge_vids:
            - 1000-1004
        client-0:
          addresses:
            - 100.64.0.3/27
          vlan_id: 1000
          vlan_raw_device: clients
        client-1:
          addresses:
            - 100.64.0.35/27
          vlan_id: 1001
          vlan_raw_device: clients
        client-2:
          addresses:
            - 100.64.0.67/27
          vlan_id: 1002
          vlan_raw_device: clients
        client-3:
          addresses:
            - 100.64.0.99/27
          vlan_id: 1003
          vlan_raw_device: clients
        client-4:
          addresses:
            - 100.64.0.131/27
          vlan_id: 1004
          vlan_raw_device: clients
      isp-1.rtr.infra.auro.re:
        ens18:
          gateways:
            - 2a09:6840:128::254
            - 10.128.0.254
          addresses:
            - 2a09:6840:128::255/56
            - 10.128.0.255/16
        ens19: null
        clients:
          bridge_vlan_aware: true
          bridge_ports:
            - ens19
          bridge_vids:
            - 1000-1004
          bridge_disable_pvid: true
          forward: true
          ipv6_addrgen: false
        client-0:
          forward: true
          vlan_id: 1000
          vlan_raw_device: clients
          ipv6_addrgen: false
        client-1:
          forward: true
          vlan_id: 1001
          vlan_raw_device: clients
          ipv6_addrgen: false
        client-2:
          forward: true
          vlan_id: 1002
          vlan_raw_device: clients
          ipv6_addrgen: false
        client-3:
          forward: true
          vlan_id: 1003
          vlan_raw_device: clients
          ipv6_addrgen: false
        client-4:
          forward: true
          vlan_id: 1004
          vlan_raw_device: clients
          ipv6_addrgen: false
      isp-2.rtr.infra.auro.re:
        ens18:
          gateways:
            - 2a09:6840:128::254
            - 10.128.0.254
          addresses:
            - 2a09:6840:128::158/56
            - 10.128.0.158/16
        ens19: null
        clients:
          bridge_vlan_aware: true
          bridge_ports:
            - ens19
          bridge_vids:
            - 1000-1004
        client-0:
          forward: true
          vlan_id: 1000
          vlan_raw_device: clients
          ipv6_addrgen: false
        client-1:
          forward: true
          vlan_id: 1001
          vlan_raw_device: clients
          ipv6_addrgen: false
        client-2:
          forward: true
          vlan_id: 1002
          vlan_raw_device: clients
          ipv6_addrgen: false
        client-3:
          forward: true
          vlan_id: 1003
          vlan_raw_device: clients
          ipv6_addrgen: false
        client-4:
          forward: true
          vlan_id: 1004
          vlan_raw_device: clients
          ipv6_addrgen: false
    ifupdown2__interfaces: "{{ ifupdown2__hosts[inventory_hostname] }}"
  roles:
    - ifupdown2
 - hosts:
    - ntp-1.int.infra.auro.re
    - dns-1.int.infra.auro.re
    - dhcp-1.isp.auro.re
    - dhcp-2.isp.auro.re
    - isp-1.rtr.infra.auro.re
    - isp-2.rtr.infra.auro.re
  vars:
    resolvconf__nameservers:
      - 2a09:6840:128::127
      - 10.128.0.127
    resolvconf__domain: auro.re
    resolvconf__search:
      - "{{ inventory_hostname | remove_domain_suffix }}"
      - auro.re
  roles:
    - resolvconf
 ...
--- a/playbooks/ip_forward.yml
+++ b/playbooks/ip_forward.yml
@ -0,0 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - edge
    - infra
    - isp
    - vpn
  roles:
    - ip_forward
 ...
--- a/playbooks/iproute2.yml
+++ b/playbooks/iproute2.yml
@ -0,0 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - edge
    - isp
    - infra
    - vpn
  roles:
    - iproute2
 ...
--- a/playbooks/isc-dhcp-server.yml
+++ b/playbooks/isc-dhcp-server.yml
@ -1,9 +0,0 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: dhcp-*.adm.auro.re
  vars:
    update_motd:
      unbound: isc-dhcp-server est déployé.
  roles:
    - isc_dhcp_server
    - update_motd
--- a/playbooks/keepalived.yml
+++ b/playbooks/keepalived.yml
@ -1,32 +1,9 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
-    - isp-1.rtr.infra.auro.re
+    - isp
-    - isp-2.rtr.infra.auro.re
+    - edge
-  vars:
+    - infra
    keepalived__virtual_router_id: 80
    keepalived__interface: ens18
    keepalived__virtual_addresses:
      client-0:
        - 100.64.0.1/27
        - 2a09:6841::/56
        - fe80::1/10
      client-1:
        - 100.64.0.33/27
        - 2a09:6841:0:100::/56
        - fe80::1/10
      client-2:
        - 100.64.0.65/27
        - 2a09:6841:0:100::/56
        - fe80::1/10
      client-3:
        - 100.64.0.97/27
        - 2a09:6841:0:200::/56
        - fe80::1/10
      client-4:
        - 100.64.0.129/27
        - 2a09:6841:0:300::/56
        - fe80::1/10
  roles:
    - keepalived
 ...
--- a/playbooks/knot.yml
+++ b/playbooks/knot.yml
@ -1,17 +0,0 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: all
  roles: []
 # WIP: Deploy authoritative DNS servers
 # - hosts: authoritative_dns
 #   vars:
 #     service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
 #     service_name: dns
 #     service_version: crans
 #     service_config:
 #       hostname: re2o-server.adm.auro.re
 #       username: service-user
 #       password: "{{ vault_serviceuser_passwd }}"
 #   roles:
 #     - re2o_service
--- a/playbooks/knotd.yml
+++ b/playbooks/knotd.yml
@ -0,0 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - ns-master.int.infra.auro.re
    - ns
  roles:
    - knotd
 ...
--- a/playbooks/kresd.yml
+++ b/playbooks/kresd.yml
@ -0,0 +1,6 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts: dns
  roles:
    - kresd
 ...
--- a/playbooks/locales.yml
+++ b/playbooks/locales.yml
@ -0,0 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - pve
    - vm
  roles:
    - locales
 ...
--- a/playbooks/mail.yml
+++ b/playbooks/mail.yml
@ -0,0 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - vm_test
  roles:
    - postfix
    - dovecot
 ...
--- a/playbooks/openssh.yml
+++ b/playbooks/openssh.yml
@ -0,0 +1,10 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - pve_network
    - vm_test
    - vm_services
    - vm_network
  roles:
    - openssh_server
 ...
--- a/playbooks/prometheus.yml
+++ b/playbooks/prometheus.yml
@ -1,241 +1,228 @@
 #!/usr/bin/env ansible-playbook
 ---
- hosts: prometheus-fleming.adm.auro.re
+- hosts:
-  vars:
+    - pve
-    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
+    - vm
    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
    snmp_switch_community: "{{ vault_snmp_switch_community }}"
    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
    snmp_ilo_user: aurore
    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
    prometheus_servers_targets: |
      {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
    prometheus_unifi_snmp_targets: |
      {{ groups['fleming_unifi'] | list | sort }}
    prometheus_ilo_snmp_targets: |
      {{ groups['fleming_ilo'] | list | sort }}
    update_motd:
      prometheus: >-
        Prometheus (en configuration fleming) est déployé (/etc/prometheus).
  roles:
    - prometheus
    - update_motd
 - hosts: prometheus-pacaterie.adm.auro.re
  vars:
    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
    snmp_switch_community: "{{ vault_snmp_switch_community }}"
    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
    snmp_ilo_user: aurore
    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
    prometheus_servers_targets: |
      {{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
    prometheus_unifi_snmp_targets: |
      {{ groups['pacaterie_unifi'] | list | sort }}
    prometheus_ups_snmp_targets:
      - ups-pn-1.ups.auro.re
      - ups-ps-1.ups.auro.re
    prometheus_ilo_snmp_targets: |
      {{ groups['pacaterie_ilo'] | list | sort }}
    update_motd:
      prometheus: >-
        Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
  roles:
    - prometheus
    - update_motd
 - hosts: prometheus-edc.adm.auro.re
  vars:
    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
    snmp_switch_community: "{{ vault_snmp_switch_community }}"
    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
    snmp_ilo_user: aurore
    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
    prometheus_ups_snmp_targets:
      - ups-ec-1.ups.auro.re
      # - ups-ec-2.ups.auro.re
      - ups-ec-3.ups.auro.re
    prometheus_servers_targets: |
      {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
    prometheus_unifi_snmp_targets: |
      {{ groups['edc_unifi'] | list | sort }}
    prometheus_ilo_snmp_targets: |
      {{ groups['edc_ilo'] | list | sort }}
    update_motd:
      prometheus: >-
        Prometheus (en configuration edc) est déployé (/etc/prometheus).
  roles:
    - prometheus
    - update_motd
 - hosts: prometheus-gs.adm.auro.re
  vars:
    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
    snmp_switch_community: "{{ vault_snmp_switch_community }}"
    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
    snmp_ilo_user: aurore
    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
    prometheus_servers_targets: |
      {{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
    prometheus_unifi_snmp_targets: |
      {{ groups['gs_unifi'] | list | sort }}
    prometheus_ups_snmp_targets:
      - ups-gk-1.ups.auro.re
    prometheus_apc_pdu_snmp_targets:
      - pdu-ga-1.ups.auro.re
    prometheus_ilo_snmp_targets: |
      {{ groups['gs_ilo'] | list | sort }}
    update_motd:
      prometheus: >-
        Prometheus (en configuration gs) est déployé (/etc/prometheus).
  roles:
    - prometheus
    - update_motd
 - hosts: prometheus-rives.adm.auro.re
  vars:
    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
    snmp_switch_community: "{{ vault_snmp_switch_community }}"
    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
    snmp_ilo_user: aurore
    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
    prometheus_ups_snmp_targets:
      - ups-r3-1.ups.auro.re
      - ups-r1-1.ups.auro.re
    prometheus_servers_targets: |
      {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
    prometheus_unifi_snmp_targets: |
      {{ groups['rives_unifi'] | list | sort }}
    prometheus_ilo_snmp_targets: |
      {{ groups['rives_ilo'] | list | sort }}
    update_motd:
      prometheus: >-
        Prometheus (en configuration rives) est déployé (/etc/prometheus).
  roles:
    - prometheus
    - update_motd
 - hosts: prometheus-aurore.adm.auro.re
  vars:
    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
    snmp_switch_community: "{{ vault_snmp_switch_community }}"
    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
    snmp_ilo_user: aurore
    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
    prometheus_servers_targets: |
      {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
    prometheus_postgresql_targets: |
      {{ groups['bdd'] + groups['radius'] | list | sort }}
    prometheus_switch_snmp_targets:
      - yggdrasil.switch.auro.re
      - sw-pn-serveurs.switch.auro.re
      - sw-ec-serveurs.switch.auro.re
      - sw-gk-serveurs.switch.auro.re
      - sw-fl-serveurs.switch.auro.re
      - sw-ff-uplink.switch.auro.re
      - sw-fl-core.switch.auro.re
      - sw-fd-vcore.switch.auro.re
      - sw-fl-vcore.switch.auro.re
      - sw-ff-vcore.switch.auro.re
      - sw-pn-core.switch.auro.re
      - sw-ec-core.switch.auro.re
      - sw-gk-core.switch.auro.re
      - sw-r3-core.switch.auro.re
    prometheus_ilo_snmp_targets: |
      {{ groups['aurore_ilo'] | list | sort }}
    update_motd:
      prometheus: >-
        Prometheus (en configuration aurore) est déployé (/etc/prometheus).
  roles:
    - prometheus
    - update_motd
 - hosts: prometheus-ovh.adm.auro.re
  vars:
    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
    snmp_switch_community: "{{ vault_snmp_switch_community }}"
    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
    snmp_ilo_user: aurore
    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
    prometheus_servers_targets: |
      {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
    prometheus_postgresql_targets:
      - bdd-ovh.adm.auro.re
    prometheus_docker_targets:
      - docker-ovh.adm.auro.re
    update_motd:
      prometheus: >-
        Prometheus (en configuration ovh) est déployé (/etc/prometheus).
  roles:
    - prometheus
    - update_motd
 - hosts: prometheus-federate.adm.auro.re
  vars:
    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
    snmp_ilo_user: aurore
    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
    prometheus_servers_targets:
      - prometheus-edc.adm.auro.re
      - prometheus-gs.adm.auro.re
      - prometheus-fleming.adm.auro.re
      - prometheus-pacaterie.adm.auro.re
      - prometheus-rives.adm.auro.re
      - prometheus-aurore.adm.auro.re
      - prometheus-ovh.adm.auro.re
    update_motd:
      prometheus_federate: >-
        Prometheus (en configuration fédération) est déployé (/etc/prometheus).
  roles:
    - prometheus_federate
    - update_motd
 # Postgres Exporters
 - hosts: bdd,radius
  roles:
    - prometheus_postgres
 # Monitor all hosts
 - hosts: all,!edc_unifi,!fleming_unifi,!pacaterie_unifi,!gs_unifi,!rives_unifi,!aurore_testing_vm,!ovh_container
  roles:
    - prometheus_node
 - hosts:
    - router
  roles:
    - prometheus_keepalived
    - prometheus_bird
 - hosts:
    - prom
  roles:
    - prometheus_snmp
    - prometheus
 #- hosts: prometheus-fleming.adm.auro.re
 #  vars:
 #    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
 #    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 #    snmp_switch_community: "{{ vault_snmp_switch_community }}"
 #    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
 #    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 #    snmp_ilo_user: aurore
 #    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
 #    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
 #
 #    prometheus_servers_targets: |
 #      {{ groups['fleming_pve'] + groups['fleming_vm'] | list | sort }}
 #    prometheus_unifi_snmp_targets: |
 #      {{ groups['fleming_unifi'] | list | sort }}
 #    prometheus_ilo_snmp_targets: |
 #      {{ groups['fleming_ilo'] | list | sort }}
 #
 #    update_motd:
 #      prometheus: >-
 #        Prometheus (en configuration fleming) est déployé (/etc/prometheus).
 #  roles:
 #    - prometheus
 #    - update_motd
 #
 #- hosts: prometheus-pacaterie.adm.auro.re
 #  vars:
 #    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
 #    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 #    snmp_switch_community: "{{ vault_snmp_switch_community }}"
 #    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
 #    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 #    snmp_ilo_user: aurore
 #    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
 #    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
 #
 #    prometheus_servers_targets: |
 #      {{ groups['pacaterie_pve'] + groups['pacaterie_vm'] | list | sort }}
 #    prometheus_unifi_snmp_targets: |
 #      {{ groups['pacaterie_unifi'] | list | sort }}
 #    prometheus_ups_snmp_targets:
 #      - ups-pn-1.ups.auro.re
 #      - ups-ps-1.ups.auro.re
 #    prometheus_ilo_snmp_targets: |
 #      {{ groups['pacaterie_ilo'] | list | sort }}
 #
 #    update_motd:
 #      prometheus: >-
 #        Prometheus (en configuration pacaterie) est déployé (/etc/prometheus).
 #  roles:
 #    - prometheus
 #    - update_motd
 #
 #- hosts: prometheus-edc.adm.auro.re
 #  vars:
 #    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
 #    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 #    snmp_switch_community: "{{ vault_snmp_switch_community }}"
 #    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
 #    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 #    snmp_ilo_user: aurore
 #    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
 #    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
 #
 #    prometheus_ups_snmp_targets:
 #      - ups-ec-1.ups.auro.re
 #      # - ups-ec-2.ups.auro.re
 #      - ups-ec-3.ups.auro.re
 #    prometheus_servers_targets: |
 #      {{ groups['edc_pve'] + groups['edc_vm'] + groups['edc_server'] | list | sort }}
 #    prometheus_unifi_snmp_targets: |
 #      {{ groups['edc_unifi'] | list | sort }}
 #    prometheus_ilo_snmp_targets: |
 #      {{ groups['edc_ilo'] | list | sort }}
 #
 #    update_motd:
 #      prometheus: >-
 #        Prometheus (en configuration edc) est déployé (/etc/prometheus).
 #  roles:
 #    - prometheus
 #    - update_motd
 #
 #- hosts: prometheus-gs.adm.auro.re
 #  vars:
 #    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
 #    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 #    snmp_switch_community: "{{ vault_snmp_switch_community }}"
 #    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
 #    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 #    snmp_ilo_user: aurore
 #    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
 #    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
 #
 #    prometheus_servers_targets: |
 #      {{ groups['gs_pve'] + groups['gs_vm'] | list | sort }}
 #    prometheus_unifi_snmp_targets: |
 #      {{ groups['gs_unifi'] | list | sort }}
 #    prometheus_ups_snmp_targets:
 #      - ups-gk-1.ups.auro.re
 #    prometheus_apc_pdu_snmp_targets:
 #      - pdu-ga-1.ups.auro.re
 #    prometheus_ilo_snmp_targets: |
 #      {{ groups['gs_ilo'] | list | sort }}
 #
 #    update_motd:
 #      prometheus: >-
 #        Prometheus (en configuration gs) est déployé (/etc/prometheus).
 #  roles:
 #    - prometheus
 #    - update_motd
 #
 #- hosts: prometheus-rives.adm.auro.re
 #  vars:
 #    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
 #    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 #    snmp_switch_community: "{{ vault_snmp_switch_community }}"
 #    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
 #    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 #    snmp_ilo_user: aurore
 #    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
 #    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
 #
 #    prometheus_ups_snmp_targets:
 #      - ups-r3-1.ups.auro.re
 #      - ups-r1-1.ups.auro.re
 #    prometheus_servers_targets: |
 #      {{ groups['rives_pve'] + groups['rives_vm'] | list | sort }}
 #    prometheus_unifi_snmp_targets: |
 #      {{ groups['rives_unifi'] | list | sort }}
 #    prometheus_ilo_snmp_targets: |
 #      {{ groups['rives_ilo'] | list | sort }}
 #
 #    update_motd:
 #      prometheus: >-
 #        Prometheus (en configuration rives) est déployé (/etc/prometheus).
 #  roles:
 #    - prometheus
 #    - update_motd
 #
 #- hosts: prometheus-aurore.adm.auro.re
 #  vars:
 #    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
 #    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 #    snmp_switch_community: "{{ vault_snmp_switch_community }}"
 #    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
 #    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 #    snmp_ilo_user: aurore
 #    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
 #    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
 #
 #    prometheus_servers_targets: |
 #      {{ groups['aurore_pve'] + groups['aurore_vm'] | list | sort }}
 #    prometheus_postgresql_targets: |
 #      {{ groups['bdd'] + groups['radius'] | list | sort }}
 #    prometheus_switch_snmp_targets:
 #      - yggdrasil.switch.auro.re
 #      - sw-pn-serveurs.switch.auro.re
 #      - sw-ec-serveurs.switch.auro.re
 #      - sw-gk-serveurs.switch.auro.re
 #      - sw-fl-serveurs.switch.auro.re
 #      - sw-ff-uplink.switch.auro.re
 #      - sw-fl-core.switch.auro.re
 #      - sw-fd-vcore.switch.auro.re
 #      - sw-fl-vcore.switch.auro.re
 #      - sw-ff-vcore.switch.auro.re
 #      - sw-pn-core.switch.auro.re
 #      - sw-ec-core.switch.auro.re
 #      - sw-gk-core.switch.auro.re
 #      - sw-r3-core.switch.auro.re
 #    prometheus_ilo_snmp_targets: |
 #      {{ groups['aurore_ilo'] | list | sort }}
 #
 #    update_motd:
 #      prometheus: >-
 #        Prometheus (en configuration aurore) est déployé (/etc/prometheus).
 #  roles:
 #    - prometheus
 #    - update_motd
 #
 #- hosts: prometheus-ovh.adm.auro.re
 #  vars:
 #    prometheus_alertmanager: docker-ovh.adm.auro.re:9093
 #    snmp_unifi_password: "{{ vault_snmp_unifi_password }}"
 #    snmp_switch_community: "{{ vault_snmp_switch_community }}"
 #    snmp_pdu_user: "{{ vault_snmp_pdu_user }}"
 #    snmp_pdu_password: "{{ vault_snmp_pdu_password }}"
 #    snmp_ilo_user: aurore
 #    snmp_ilo_auth: "{{ vault_snmp_ilo_auth }}"
 #    snmp_ilo_priv: "{{ vault_snmp_ilo_priv }}"
 #
 #    prometheus_servers_targets: |
 #      {{ groups['ovh_pve'] + groups['ovh_vm'] | list | sort }}
 #    prometheus_postgresql_targets:
 #      - bdd-ovh.adm.auro.re
 #    prometheus_docker_targets:
 #      - docker-ovh.adm.auro.re
 #
 #    update_motd:
 #      prometheus: >-
 #        Prometheus (en configuration ovh) est déployé (/etc/prometheus).
 #  roles:
 #    - prometheus
 #    - update_motd
 #
 ## Postgres Exporters
 #- hosts: bdd,radius
 #  roles:
 #    - prometheus_postgres
--- a/playbooks/pve.yml
+++ b/playbooks/pve.yml
@ -0,0 +1,8 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - pve
    - vm
  roles:
    - locales
 ...
--- a/playbooks/qemu_guest.yml
+++ b/playbooks/qemu_guest.yml
@ -0,0 +1,9 @@
 #!/usr/bin/env ansible-playbook
 ---
 - hosts:
    - vm_network
    - vm_services
    - vm_test
  roles:
    - qemu_guest
 ...
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Jeltz	3b1ae6206f	misc: dns + locales + pve + …	2024-06-22 20:27:15 +02:00
Jeltz	81f95aa14d	collabora: misc	2024-05-19 16:30:50 +02:00
Jeltz	708781b722	collabora: migrate to new infra	2024-05-19 15:26:16 +02:00
Jeltz	0782695471	misc: misc	2024-05-19 13:59:17 +02:00
Jeltz	1e1783fd59	caddy: add email addr	2024-05-02 22:43:25 +02:00
Jeltz	4d0f820df0	Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra	2024-05-02 22:40:45 +02:00
Jeltz	48c4ecafae	WIP: caddy: add support for error msg	2024-05-02 22:40:26 +02:00
Vincent Lafeychine	9aaa619173	chore(bird): Improve code readability	2024-04-01 00:20:41 +02:00
Vincent Lafeychine	54d227232b	chore(bird): Fix None flag	2024-04-01 00:13:22 +02:00
Vincent Lafeychine	ba033f9099	feat(bird): Add net.match	2024-04-01 00:06:05 +02:00
Vincent Lafeychine	8d0139925e	feat(bird): Add as_path.{contains,len}, net.len	2024-03-31 18:12:38 +02:00
Vincent Lafeychine	7f9ccf3e59	chore(black): Add configuration file (line-limit)	2024-03-31 16:12:51 +02:00
elkmaennchen	4f18b6c8ef	relax temperature alert for quanta switch	2024-03-10 12:04:00 +01:00
Jeltz	004a033606	Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra	2024-03-09 20:18:43 +01:00
Jeltz	d20c89defe	WIP: caddy: very early role	2024-03-09 20:18:12 +01:00
elkmaennchen	97496ef4b8	path security issue (getting root privileges)	2024-03-09 20:09:24 +01:00
elkmaennchen	0b40cc4b9b	configure timeout on snmp scraping for quanta	2024-03-09 19:35:38 +01:00
Jeltz	66e6c960d3	misc	2024-03-09 12:13:19 +01:00
jeltz	a004555681	Merge pull request 'collabora' (#106 ) from collabora into new-infra Reviewed-on: #106	2024-02-24 19:34:24 +01:00
elkmaennchen	7fe391c16f	grafana: minor fixes again again again !!!!	2024-02-24 18:55:10 +01:00
elkmaennchen	e660d8688a	grafana: minor fixes again again !!!!	2024-02-24 14:32:51 +01:00
elkmaennchen	e5e6dd8056	grafana: minor fixes again	2024-02-24 14:28:08 +01:00
elkmaennchen	67b29517e2	grafana: i am dumb	2024-02-24 14:06:17 +01:00
elkmaennchen	b141a1d955	grafana: minor fixes	2024-02-24 13:16:19 +01:00
Jeltz	f70e515769	collabora: minor fixes	2024-02-20 20:44:57 +01:00
elkmaennchen	806fa25b06	Initial config of collabora	2024-02-17 12:45:33 +01:00
Jeltz	00dcf27614	Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra	2024-01-28 19:33:04 +01:00
Jeltz	029b001f9b	misc: add collabora.pub	2024-01-28 19:30:51 +01:00
Vincent Lafeychine	39119a4ffa	feat(mail): Add dovecot configuration	2023-12-17 18:08:54 +01:00
Vincent Lafeychine	10087b354b	feat(mail): Add postfix configuration	2023-12-17 17:30:28 +01:00
Jeltz	3f02039de1	base_utils: add some useful utils	2023-12-17 15:47:45 +01:00
Jeltz	91d3087047	WIP: misc: test infrastructure for mail	2023-12-17 15:47:06 +01:00
Jeltz	887aadb5fe	misc: WIP: vpn again	2023-11-07 06:07:48 +01:00
Jeltz	02910a8fc0	misc: WIP: vpn	2023-11-07 04:11:28 +01:00
Jeltz	061b6f1049	prometheus_snmp: WIP: lldp	2023-11-06 22:07:06 +01:00
Jeltz	94ba30cc3b	prometheus: remove redundant '%' symbols	2023-11-06 22:05:53 +01:00
Jeltz	934137903a	misc: move some plugins to roles	2023-11-06 22:05:06 +01:00
Vincent Lafeychine	8359d2ebea	prometheus: Add LLDP for quanta	2023-11-04 23:26:10 +01:00
Jeltz	5c8358ec95	bird: add rr client/cluster id option	2023-11-04 21:43:32 +01:00
Jeltz	261ccfeb5c	WIP: misc: add eaton ups	2023-11-04 21:36:27 +01:00
Jeltz	9eb5793b38	prometheus: fix quanta temp alert queries	2023-11-04 14:02:06 +01:00
Jeltz	68f36ae048	prometheus: filter out outtake quanta sensors	2023-11-04 13:49:52 +01:00
Jeltz	c2f2c03af6	prometheus: use humanize/humanizePercentage	2023-11-04 13:33:06 +01:00
Jeltz	19953b2951	misc: add ff-3.core.sw	2023-11-04 13:23:47 +01:00
Jeltz	3864b641eb	prometheus: cleanup bird alerts	2023-11-03 20:52:12 +01:00
Jeltz	c4744e9ab6	prometheus: fix typo	2023-11-03 20:51:49 +01:00
Jeltz	98f122bb69	prometheus: lower changes threshold for keepalived alerts	2023-11-03 20:51:17 +01:00
Jeltz	41852b4ab8	prometheus: add keep_firing_for for QuantaTemp	2023-11-03 20:50:56 +01:00
Jeltz	a61c997366	prometheus: monitor link usage for switches	2023-11-03 20:50:34 +01:00
Jeltz	3e16224213	misc: add more quanta switches	2023-11-03 20:50:09 +01:00
Jeltz	136dcb693f	misc: add r3-1.core.sw	2023-11-02 22:22:32 +01:00
Jeltz	db7729b3cb	prometheus_snmp: set type of ifType	2023-11-02 22:22:14 +01:00
Jeltz	6949cc202f	firewall: allow monit → prometheus-bird-exporter on infra	2023-11-02 21:32:32 +01:00
Jeltz	83ff27b856	misc: add ec-1.core.sw	2023-11-02 21:32:11 +01:00
Jeltz	16a0d95936	prometheus: refactoring of the config	2023-11-02 20:27:45 +01:00
Jeltz	2928d7e809	misc: infra: edge bgp session	2023-11-02 17:55:52 +01:00
Jeltz	071d82529d	misc: edge: oti vip	2023-11-02 17:55:07 +01:00
Jeltz	f9f278cb65	prometheus: temporarily disable alerts for rezel, vr & isp	2023-11-02 06:15:47 +01:00
Jeltz	4c61d2bc18	prometheus: add bird bgp import alert rules	2023-11-02 06:11:32 +01:00
Jeltz	3fa998ae68	prometheus: cleanup + bird alert rules	2023-11-02 05:53:02 +01:00
Jeltz	071daad994	prometheus_snmp: retype if(Admin\|Oper)Status	2023-11-02 00:37:43 +01:00
Jeltz	fc7f59b231	misc: various monitoring changes	2023-11-02 00:25:35 +01:00
Jeltz	9e483d5285	prometheus: add quanta alerts	2023-11-01 18:56:44 +01:00
Jeltz	4c33b77695	Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra	2023-11-01 18:46:26 +01:00
Jeltz	5e5d2268f3	prometheus_snmp: add various overrides	2023-11-01 18:45:53 +01:00
Vincent Lafeychine	51674bc1f6	prometheus_snmp: Add alerts on Quanta system	2023-11-01 18:43:32 +01:00
Jeltz	190f31dffd	misc: add gk-1.core.sw	2023-11-01 17:51:29 +01:00
Jeltz	a00a9b123f	prometheus_snmp: set snChasPwrSupplyOperStatus type	2023-11-01 17:14:07 +01:00
Jeltz	9524f29d1f	prometheus_snmp: change snChasFanOperStatus type	2023-11-01 17:00:02 +01:00
Jeltz	14b1f47842	prometheus_snmp: remove snNTP	2023-11-01 16:43:50 +01:00
Jeltz	229a6617de	prometheus: add queue overflow quanta alert	2023-11-01 07:11:30 +01:00
Jeltz	69701f4875	prometheus_snmp: remove index on pwr + add snAgentTemp	2023-11-01 06:41:31 +01:00
Jeltz	6728d2bb00	prometheus_snmp: add snChasPwr and snNTP	2023-11-01 06:30:47 +01:00
Jeltz	be261ab257	prometheus_snmp: add snChasFan	2023-11-01 06:11:27 +01:00
Jeltz	13f22bc7b8	Merge branch 'new-infra' of gitea.auro.re:aurore/ansible into new-infra	2023-11-01 05:58:29 +01:00
Jeltz	2e2e4995ed	misc: prometheus_snmp + various minor fixes	2023-11-01 05:57:21 +01:00
Vincent Lafeychine	7d58a98bb4	unattended_upgrades: remove codename in origins-pattern	2023-10-03 14:28:20 +02:00
Vincent Lafeychine	45d380c641	unattended_upgrades: migration	2023-10-03 14:09:48 +02:00
Jeltz	35cdf782c8	wip: bird: misc	2023-09-18 17:15:57 +02:00
Jeltz	fbdeddfc72	misc: move variables to {host,group}_vars	2023-09-17 20:32:05 +02:00
Jeltz	17b46bab5e	firewall: add default value for file based zones	2023-09-17 20:30:09 +02:00
Jeltz	93bccaddfd	quemu_guest: add role + playbook	2023-09-16 02:30:17 +02:00
Jeltz	ddc0597e2a	nftables: remove old role + playbook	2023-09-16 01:57:35 +02:00
Jeltz	fa87d9789d	wip: misc: setup infra-2	2023-09-16 01:52:35 +02:00
Jeltz	078d9a3de9	wip: misc: setup infra-1	2023-09-16 01:24:01 +02:00
Jeltz	e87de918db	keepalived: add blackhole routes	2023-09-11 13:28:27 +02:00
Jeltz	14288224b4	keepalived: add vroute for infra-*:ext0	2023-09-11 11:16:02 +02:00
Vincent Lafeychine	0e581e7d23	update interface on infra-{1,2}	2023-09-11 03:14:57 +02:00
Jeltz	175e375682	firewall: add role + playbook	2023-09-11 01:58:32 +02:00
Jeltz	cb6ef5dae0	add oti and vpn interfaces	2023-09-07 17:28:05 +02:00
Jeltz	15dda43f21	WIP: readressing + wireguard	2023-07-05 01:25:25 +02:00
Jeltz	1a63ba3bea	add vpn-1	2023-07-05 01:23:21 +02:00
Jeltz	75f0ee785b	bird: param bird__bgp_sessions is now a dict	2023-07-05 01:20:47 +02:00
Jeltz	9de88d0a28	ifupdown2: improve wireguard support - add prio to ensure idempotency when reloading the iface - add proto to ease route filtering in bird	2023-07-05 01:18:52 +02:00
Jeltz	655f744a11	ifupdown2: wireguard + routing tables support	2023-07-04 04:05:31 +02:00
Jeltz	0c7b5a2c68	openssh: cleanup playblook + role	2023-07-04 04:04:48 +02:00
Jeltz	e0c95b8f10	iproute2: create role + playbook	2023-07-04 03:45:29 +02:00
Jeltz	058fe0b3f5	freeradius: fix vlan logging	2023-07-02 21:56:37 +02:00
Jeltz	2f4c6a53d8	freeradius: fallback to default vlan whem proxying to federez	2023-07-02 21:26:02 +02:00
Jeltz	ddd8c6dcc0	freeradius: fixes + minimal support for federez	2023-07-02 20:51:42 +02:00
Jeltz	2c64d27fd3	freeradius: add vlan support	2023-07-02 16:45:32 +02:00
Jeltz	b3d18e92b6	freeradius: rewrite *-Station-Id and log SSID	2023-06-25 19:49:12 +02:00
Jeltz	ace765b682	freeradius: user domain is optional	2023-06-25 19:33:33 +02:00
Jeltz	ca1c6c8040	freeradius: remove some modules	2023-06-25 19:33:16 +02:00
Jeltz	f8b932014f	freeradius: improve logging robustness	2023-06-25 19:25:50 +02:00
Jeltz	a5b527ec0e	freeradius: add logging	2023-06-25 00:27:08 +02:00
Jeltz	20bce8a0da	pve: add loutr	2023-06-24 17:25:40 +02:00
Jeltz	4a5b3bbfde	Merge branch 'radius' into new-infra	2023-06-22 17:39:00 +02:00
Jeltz	4a9c0e6d8e	bird: add rezel	2023-06-22 17:30:37 +02:00
Jeltz	aa1e422c58	ifupdown2: add rezel addrs	2023-06-22 17:30:17 +02:00
Jeltz	455a0bdc2a	prometheus: temporarily disable BirdProtocolDown	2023-06-22 17:29:16 +02:00
Jeltz	452066fcfb	pve: add pz2891	2023-04-15 17:13:08 +02:00
Jeltz	669c7ec801	resolvconf: add dns-2	2023-04-08 00:54:33 +02:00
Jeltz	d455bbe00e	kresd + prometheus: monitor kresd	2023-04-08 00:54:13 +02:00
Jeltz	6522a6f076	ansible.cfg: retry SSH connections	2023-04-07 08:57:29 +02:00
Jeltz	5391f2b956	all: update playbook	2023-04-07 08:57:20 +02:00
Jeltz	bbaab0b767	pve_auth: disable root user	2023-04-06 18:22:37 +02:00
Jeltz	676dabd76b	pve: configure users	2023-04-06 00:01:21 +02:00
Jeltz	1978f12794	pve_auth: fix groups + enabled	2023-04-05 23:27:11 +02:00
Jeltz	8f51a2fb80	pve_auth: create role	2023-04-05 22:06:50 +02:00
Jeltz	32ed73735f	pve_activate: add role	2023-04-05 00:19:04 +02:00
Jeltz	4ad25f7057	hostname: add role	2023-04-05 00:18:41 +02:00
Jeltz	454f1d75cb	rename rtr → back	2023-04-05 00:18:25 +02:00
Jeltz	cc1786eb2b	backbone → back + ap → wifi	2023-04-04 01:33:16 +02:00
Jeltz	8bf1f1a1fa	keepalived: add dbus support	2023-04-04 01:32:52 +02:00
Jeltz	dcd56413e8	prometheus: monitor keepalived	2023-04-04 01:29:13 +02:00
Jeltz	e160b98f0e	prometheus_node: collect textfiles	2023-04-04 01:28:51 +02:00
Jeltz	94953e1aa7	snmpd: remove role	2023-04-04 01:28:09 +02:00
Jeltz	833d25078d	prometheus_keepalived: add role	2023-04-04 01:27:26 +02:00
Jeltz	8b5d587f26	keepalived: add snmp support	2023-04-03 18:02:49 +02:00
Jeltz	6ee7a19f21	snmpd: create role	2023-04-02 14:25:09 +02:00
Jeltz	0807dc1d70	prometheus-bird-role → dedicated role + various alerts	2023-04-02 13:25:03 +02:00
Jeltz	922b6894a7	prometheus: cleanup role (lots of features missing)	2023-04-02 05:08:01 +02:00
Jeltz	7db15d9c63	prometheus_node: cleanup	2023-04-01 22:32:42 +02:00
Jeltz	b4fe111c91	knotd: add vote + gisti :)	2023-04-01 21:54:44 +02:00
Jeltz	67ac2a7618	rename hyperv → pve + backbone → back	2023-04-01 21:53:48 +02:00
Jeltz	fcb9ac9d17	rename interfaces	2023-03-28 20:36:46 +02:00
Jeltz	9e24c5373e	root_account: set PS1 statically	2023-03-28 20:35:24 +02:00
Jeltz	b36dd15d3c	rename interfaces + fix fallback	2023-03-27 21:51:07 +02:00
Jeltz	a2e181493d	systemd_link: rename interfaces	2023-03-27 13:09:58 +02:00
Jeltz	71befe1b44	ifupdown2: remove useless forward directives	2023-03-27 11:57:58 +02:00
Jeltz	9c41558d62	ip_forward: create role + playbook	2023-03-27 11:56:17 +02:00
Jeltz	66a015c135	migrate again	2023-03-26 19:02:18 +02:00
Jeltz	eb8368b2e6	migrate edge routers (routeur-aurore.adm -> edge-{1,2}.rtr)	2023-03-26 17:06:34 +02:00
nartan	67f0e4ccbc	changed ip	2023-03-25 19:20:26 +01:00
Jeltz	f3d67e93b4	ifupdown2: add ens23 & enp2s1	2023-03-25 17:56:19 +01:00
nartan	45f5920cdd	corrected error	2023-03-25 17:48:40 +01:00
nartan	3294cde7a6	added ens20 adresses for later testing	2023-03-25 17:47:03 +01:00
elkmaennchen	6eeb578d89	bird: more filtering	2023-01-13 10:50:23 +01:00
Jeltz	8b39a7f7dc	filter_plugins: remove soft_unicode import	2023-01-13 09:59:40 +01:00
Jeltz	dcc038bd7c	nftables + bird: add role + fix IP addresses	2023-01-13 08:56:16 +01:00
Jeltz	0a621b53b4	keepalived: set keepalived_main	2023-01-13 08:55:17 +01:00
Jeltz	8ec059ce55	root_account: add alias for bridge	2023-01-13 08:54:57 +01:00
Jeltz	621f39a8f2	base_utils: add tcpdump + tmux	2023-01-13 08:54:38 +01:00
Jeltz	f579e08e21	keepalived: change priorities	2023-01-13 08:53:56 +01:00
Jeltz	48deabba50	bird + ifupdown2: fix IP addrs + iBGP for isp-{1,2}	2023-01-07 09:12:44 +01:00
Jeltz	9f850aa4da	add format_rev plugin	2023-01-07 08:59:16 +01:00
Jeltz	1aba1e5606	dhcpd: remove dhcpd__failover_peer	2023-01-07 08:56:12 +01:00
Jeltz	6d66e56b15	bird: filter by proto (ugly)	2023-01-07 08:53:44 +01:00
Jeltz	e7c3a9c771	ansible: use 'debug' stdout_callback	2023-01-07 08:52:46 +01:00
Jeltz	5eff05f8c5	keepalived + bird: fix IP addrs + OSPF	2023-01-07 03:19:40 +01:00
Jeltz	eca5d1563d	dhcpd: add new VMs	2023-01-07 02:42:18 +01:00
Jeltz	c32b949d04	Merge branch 'dhcp' into new-infra	2023-01-07 02:26:35 +01:00
Jeltz	19c623ab0a	Add config for new VMs	2023-01-07 02:25:53 +01:00
Jeltz	7c21275a11	Merge branch 'bird' into new-infra	2023-01-04 08:05:04 +01:00
Jeltz	95c812b101	root_account: add ip alias	2023-01-04 08:04:51 +01:00
Jeltz	830e5b103d	kresd: add dns-{1,2}	2023-01-04 08:04:36 +01:00
Jeltz	873b5cc6f5	knotd: add network-{1,2} hosts	2023-01-04 08:04:08 +01:00
Jeltz	e995b06ea9	chronyd: add ntp-{1,2}	2023-01-04 08:03:52 +01:00
Jeltz	34b67791bd	Add network-{1,2} hosts	2023-01-04 08:03:28 +01:00
Jeltz	9c19e41afd	Simplify ansible_managed	2023-01-04 08:03:09 +01:00
Jeltz	5c17bc9664	WIP: playbooks: OSPF config for infra-{1,2}	2022-12-22 15:56:52 +01:00
Jeltz	d653432d18	playbooks: add infra-{1,2}.rtr	2022-12-22 15:45:07 +01:00
Jeltz	5a43708a87	playbooks: add infra-{1,2}.rtr	2022-12-22 15:17:00 +01:00
Jeltz	9cd983aa4c	playbooks: add edge-{1,2}.rtr.infra.auro.re	2022-12-22 14:40:53 +01:00
Jeltz	0a0fc8e52c	bird: typos	2022-12-22 13:12:24 +01:00
Jeltz	2db69a8f1c	bird: return -> accept/reject	2022-12-22 12:35:32 +01:00
Jeltz	ac9947c50f	bird: function -> filter	2022-12-22 12:12:01 +01:00
Jeltz	6773c5e90d	bird: cleanup + bogons filtering	2022-12-22 12:02:56 +01:00
Jeltz	cc82841560	bird: typos	2022-12-22 11:00:37 +01:00
Jeltz	b9fb9f377f	bird: remove unused OSPF protocol instances	2022-12-22 10:50:51 +01:00
Jeltz	f43775fc02	bird: don't export static routes to kernel	2022-12-22 10:48:52 +01:00
Jeltz	412a63dc6c	playbooks: add edge-{1,2}	2022-12-21 21:02:12 +01:00
Jeltz	a670cbaba4	bird: typos	2022-12-21 21:01:47 +01:00
Jeltz	ea78f609b5	bird: indent with spaces	2022-12-21 19:53:40 +01:00
Jeltz	aac9151280	bird: restart prometheus-bird-exporter reload is not supported by the service	2022-12-21 19:49:46 +01:00
Jeltz	1c47ccc4a8	bird: install prometheus-bird-exporter	2022-12-21 19:48:22 +01:00
Jeltz	64dcb4b282	bird: add suffix filter	2022-12-21 18:50:05 +01:00
Jeltz	99ba67f074	bird: add IPv6 support	2022-12-21 18:43:00 +01:00
Jeltz	618cad720a	bird: add OSPF stubnet support	2022-12-21 16:51:43 +01:00
Jeltz	8863eed924	bird: add minimal BGP support	2022-12-21 16:39:28 +01:00
Jeltz	0254b82356	Add edge-{1,2}	2022-10-07 21:34:58 +02:00
Jeltz	d0175e961e	knotd: add services-{1..3}.pve.infra (+ CNAME pve)	2022-09-28 14:11:56 +02:00
Jeltz	e13e450a1f	Disable some unused modules	2022-09-23 12:47:07 +02:00
Jeltz	a15a05ce69	resolvconf: add defaults	2022-09-04 07:42:57 +02:00
Jeltz	45ca2a3236	keepalived: change global VIP + interface for VRRP adv.	2022-09-04 07:41:17 +02:00
Jeltz	b0e12b19f8	bird: prevent duplicate rules	2022-09-04 07:40:51 +02:00
Jeltz	61cdb980ea	keepalived: add minimal support for virtual_routes	2022-09-03 14:09:37 +02:00
Jeltz	c7d7320367	ifupdown2: configure isp-{1,2}.rtr interfaces	2022-09-03 04:06:48 +02:00
Jeltz	866f175ed2	bird: add role + playbook, with support for OSPF + RAdv	2022-09-03 04:06:39 +02:00
Jeltz	c4e9ecacd7	freeradius: disable chase_referal + rebind	2022-09-01 22:28:11 +02:00
Jeltz	2d6ee91f93	freeradius: support for EAP-TTLS/PAP and EAP-PEAP/GTC	2022-09-01 17:35:22 +02:00
Jeltz	e99f183743	knotd: replace A/AAAA to CNAME for pz28.adh Temporary fix until a dynamic DNS service is available.	2022-09-01 13:45:40 +02:00
Jeltz	231c3aac09	freeradius: remove trailing whitespace	2022-09-01 08:19:15 +02:00
Jeltz	3f29960a04	freeradius: explicitly disable OCSP	2022-09-01 08:18:39 +02:00
Jeltz	67994d988b	freeradius: disable detail + detail.log modules	2022-09-01 03:42:33 +02:00
Jeltz	ea843e2f47	freeradius: minimal config for attr_filter	2022-09-01 03:42:24 +02:00
Jeltz	c6afab5728	freeradius: add eap_inner module	2022-09-01 02:21:12 +02:00
Jeltz	553b371797	ifupdown2: configure radius-1.isp	2022-08-31 10:16:06 +02:00
Jeltz	a816fb1f01	freeradius: add support for sites	2022-08-31 05:04:19 +02:00
Jeltz	4bd54fe371	freeradius: remove more unused files	2022-08-31 04:54:20 +02:00
Jeltz	8f27164c17	freeradius: include clients.conf	2022-08-31 04:54:00 +02:00
Jeltz	8937e4f8e8	freeradius: fix clients.conf (ipv4addr + ipv6addr)	2022-08-31 04:53:37 +02:00
Jeltz	3d6e0f21b6	freeradius: configure eap module + remove more modules	2022-08-31 03:44:20 +02:00
Jeltz	953403d0b3	freeradius: create minimal role + playbook	2022-08-31 02:01:41 +02:00
Jeltz	5a7c8b280d	Merge branch 'master' into dns	2022-08-30 13:54:54 +02:00
Jeltz	8f452c76aa	Add radius-1.isp	2022-08-30 13:48:17 +02:00
Jeltz	a505441f4d	hosts: add dhcp-{1,2}	2022-08-27 10:43:19 +02:00
Jeltz	b894959c91	dhcpd: add sample playbook	2022-08-27 10:37:56 +02:00
Jeltz	204ad7f2ce	Merge branch 'master' into dhcp	2022-08-27 10:26:39 +02:00
Jeltz	138ffd6097	knotd: add isp-2.rtr	2022-08-27 05:33:54 +02:00
Jeltz	526eaf84d2	knotd: add isp-1.rtr	2022-08-27 05:17:43 +02:00
Jeltz	ec01fbde95	hosts: add ns-1.auro.re	2022-08-27 05:15:16 +02:00
Jeltz	35087971c3	kresd: increase amount of cache	2022-08-26 10:00:04 +02:00
Jeltz	2ff44c58b7	add requirements.txt	2022-08-26 02:23:01 +02:00
Jeltz	9fc0aa1fe8	kresd: create role + playbook	2022-08-26 02:01:12 +02:00
Jeltz	cdc68cedd5	knotd: add dns-1.int	2022-08-26 01:51:33 +02:00
Jeltz	50b0e023dc	Add ntp-1.int	2022-08-25 20:52:48 +02:00
Jeltz	3216307404	Add pz28.adh.auro.re	2022-08-25 20:44:06 +02:00
Jeltz	1938cc24da	isc_dhcp_server: remove old role	2022-08-20 19:34:54 +02:00
Jeltz	874f75d47d	dns_zone: add requirements.txt	2022-08-20 19:09:35 +02:00
Jeltz	4d82018f62	knotd + hosts: add ldap-1	2022-08-20 19:08:33 +02:00
Jeltz	69c3949ef8	dhcpd: add support for failover	2022-08-20 16:53:10 +02:00
Jeltz	6bb2bbb54f	dhcpd: create role with support for DHCPv4 only	2022-08-20 16:08:25 +02:00
Jeltz	d5ab886dd4	dns_zone: add support for diff and check modes	2022-08-20 04:34:47 +02:00
Jeltz	426296d8bd	knotd: fix typo	2022-08-20 04:34:28 +02:00
Jeltz	2389367582	playbooks: add isp.auro.re	2022-08-20 00:06:01 +02:00
Jeltz	c1833e77b3	playbooks: various fixes for knotd.yml	2022-08-19 21:50:43 +02:00
Jeltz	4446c2c47e	dns_zone: do not relativize zone file	2022-08-19 21:50:15 +02:00
Jeltz	8d92035a81	playbooks: add adh.auro.re	2022-08-19 15:54:03 +02:00
Jeltz	6f32c9bc2c	knotd: do not try to load zone file of slave zones	2022-08-19 15:52:06 +02:00
Jeltz	5542e63d14	add filter_plugins path in ansible.cfg	2022-08-19 05:06:59 +02:00
Jeltz	b34c232904	playbooks: WIP: add knotd playbook	2022-08-19 05:03:19 +02:00
Jeltz	5740b64b1e	hosts: add ns-{1,2,master} to inventory	2022-08-19 05:03:19 +02:00
Jeltz	bb2590358d	vault: add TSIG keys	2022-08-19 05:03:18 +02:00
Jeltz	c775a48ca8	net_utils: add miscellaneous Jinja2 filters	2022-08-19 05:03:07 +02:00
Jeltz	126d0f49df	dns_zone + knotd: add 'reverse_hosts' option	2022-08-19 04:44:49 +02:00
Jeltz	4a29c317a5	knotd: hide version in chaos txt	2022-08-18 21:24:12 +02:00
Jeltz	e36e31d18b	remove playbooks/knot.yml	2022-08-18 21:23:48 +02:00
Jeltz	b1f26f2cd7	knotd: fix knotd__queryacl type	2022-08-18 19:50:35 +02:00
Jeltz	9f8dcecf63	dns_zone: ensure zone files are sorted	2022-08-18 16:35:16 +02:00
Jeltz	b9dd74af40	dns_zone + knot: rename some fields + add record types	2022-08-18 16:32:56 +02:00
Jeltz	86277d05c2	knotd: add knotd__soa_rname variable	2022-08-18 03:59:43 +02:00
Jeltz	642b3eb801	knotd: use human times for SOA fields	2022-08-18 03:47:59 +02:00
Jeltz	2744b3b512	dns_zone: make rname relative to zone origin	2022-08-18 03:47:23 +02:00
Jeltz	f321b12d2f	knotd: add queryacl support	2022-08-18 01:35:35 +02:00
Jeltz	43693c2fc8	dns_zone: bug: replace generator with set	2022-08-18 01:33:52 +02:00
Jeltz	961a2f1105	Add knotd role	2022-08-17 19:00:07 +02:00
Jeltz	11939a6032	Add library path in ansible.cfg	2022-08-17 18:59:40 +02:00
Jeltz	4dbe0e562d	dns_zone: cleanup + hosts + product	2022-08-17 18:23:47 +02:00
Jeltz	c97dca8fa8	Add library/dns_zone.py	2022-08-16 20:13:25 +02:00