global_defs {
  notification_email {
    monitoring.aurore@lists.crans.org
  }
  notification_email_from routeur-{{ apartment_block }}{% if 'backup' in inventory_hostname %}-backup{% endif %}@auro.re
  smtp_server smtp.crans.org
}


vrrp_instance VI_ROUT_{{ apartment_block }}_IPv4 {
  {% if 'backup' in inventory_hostname %}
  state BACKUP
  priority 100
  {% else %}
  state MASTER
  priority 150
  {% endif %}


  # Interface used for VRRP communication.
  interface ens18

  # Shared by MASTER and BACKUP
  virtual_router_id 4{{ apartment_block_id }}

  # Timeout in seconds before failover kicks in.
  advert_int 2

  # Used to authenticate VRRP communication between master and backup.
  authentication {
    auth_type PASS
    auth_pass {{ keepalived_password }}
  }

  smtp_alert

  virtual_ipaddress {
        # Routing subnet
        10.129.{{ apartment_block_id }}.254/16 brd 10.129.255.255 dev ens19 scope global


        # NATed subnet: wired
        45.66.108.25{{ apartment_block_id }}/24 brd 45.66.108.255 dev ens19 scope global

        # NATed subnet: wifi
        45.66.109.25{{ apartment_block_id }}/24 brd 45.66.109.255 dev ens19 scope global

        # Wired
        10.{{ subnet_ids.users_wired }}.0.254/16 brd 10.{{ subnet_ids.users_wired }}.255.255 dev ens20 scope global

        # Wifi
        10.{{ subnet_ids.users_wifi }}.0.254/16 brd 10.{{ subnet_ids.users_wifi }}.255.255 dev ens21 scope global

	# Accueil
        10.{{ subnet_ids.users_accueil }}.0.254/16 brd 10.{{ subnet_ids.users_accueil }}.255.255 dev ens23 scope global
   }


  virtual_routes {
        # 10.129.0.1 is Yggdrasil
        src 10.129.{{ apartment_block_id }}.254 to 0.0.0.0/0 via 10.129.0.1 dev ens19
  }
}

vrrp_instance VI_ROUT_{{ apartment_block }}_IPv6 {
  {% if 'backup' in inventory_hostname %}
  state BACKUP
  priority 100
  {% else %}
  state MASTER
  priority 150
  {% endif %}


  # Interface used for VRRP communication.
  interface ens18

  # Shared by MASTER and BACKUP
  virtual_router_id 6{{ apartment_block_id }}

  # Timeout in seconds before failover kicks in.
  advert_int 2

  # Used to authenticate VRRP communication between master and backup.
  authentication {
    auth_type PASS
    auth_pass {{ keepalived_password }}
  }

  smtp_alert

  virtual_ipaddress {
        # Routing subnet
        fe80::1/64 dev ens19 scope global
        {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254/64 dev ens19 scope global

        # Wired
        fe80::1/64 dev ens20 scope global

        # Wifi
        fe80::1/64 dev ens21 scope global
   }


  virtual_routes {
        # For IPv6, the master router is routeur-aurore, NOT yggdrasil,
        # because yggdrasil doesn't support BGPv6 announcements.
        src {{ ipv6_base_prefix }}:129::{{ apartment_block_id }}:254 to ::/0 via {{ ipv6_base_prefix }}:129::0:254 dev ens19
  }
}