#!/usr/bin/env ansible-playbook
---
# Set up DHCP servers.
- hosts: dhcp-*.adm.auro.re
  vars:
    update_motd:
      unbound: isc-dhcp-server est déployé.
  roles:
    - isc_dhcp_server
    - update_motd

# Deploy unbound DNS server (recursive).
- hosts: dns-*.adm.auro.re,!dns-aurore*.adm.auro.re
  vars:
    update_motd:
      unbound: Unbound est déployé.
  roles:
    - unbound
    - update_motd

# Déploiement du service re2o aurore-firewall et keepalived
# radvd: IPv6 SLAAC (/64 subnets, private IPs).
#   Must NOT be on routeur-aurore-*, or will with DHCPv6!
- hosts: ~routeur-(pacaterie|edc|fleming|gs|rives).*\.adm\.auro\.re
  vars:
    update_motd:
      unbound: Le routage (avec radvd) est déployé.
  roles:
    - router
    - radvd
    - update_motd

# No radvd here
- hosts: ~routeur-aurore.*\.adm\.auro\.re
  vars:
    update_motd:
      unbound: Le routage (avec DHCPv6) est déployé.
  roles:
    - router
    - ipv6_edge_router
    - update_motd

# Radius (backup only for now)
- hosts: radius-*.adm.auro.re
  vars:
    update_motd:
      unbound: FreeRADIUS est déployé.
  roles:
    - radius
    - update_motd

# WIP: Deploy authoritative DNS servers
# - hosts: authoritative_dns
#   vars:
#     service_repo: https://gitlab.crans.org/nounous/re2o-dns.git
#     service_name: dns
#     service_version: crans
#     service_config:
#       hostname: re2o-server.adm.auro.re
#       username: service-user
#       password: "{{ vault_serviceuser_passwd }}"
#   roles:
#     - re2o_service


# Deploy Unifi Controller
# - hosts: unifi-fleming.adm.auro.re,unifi-pacaterie.adm.auro.re
#   roles:
#     - unifi-controller

# Deploy Re2o switch service
# - hosts: switchs-manager.adm.auro.re
#   vars:
#     service_repo: https://gitlab.federez.net/re2o/switchs.git
#     service_name: switchs
#     service_version: master
#     service_config:
#       hostname: re2o-server.adm.auro.re
#       username: service-user
#       password: "{{ vault_serviceuser_passwd }}"
#   roles:
#     - re2o_service