Jeltz
64772b76e4
This is a fully static version of the config, and it is meant to be temporary (until I figure out a way to properly configure nftables using ansible…).
119 lines
3.2 KiB
YAML
Executable file
119 lines
3.2 KiB
YAML
Executable file
#!/usr/bin/env ansible-playbook
|
|
---
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
- infra-2.router.auro.re
|
|
vars:
|
|
networkd_interfaces:
|
|
vlan111:
|
|
mac_addr: "{{ network.vlan111.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan128:
|
|
mac_addr: "{{ network.vlan128.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan129:
|
|
mac_addr: "{{ network.vlan129.mac_addr }}"
|
|
ip_addrs: "{{ network.vlan129.ipv4_addrs
|
|
+ network.vlan129.ipv6_addrs }}"
|
|
forward: true
|
|
vlan130:
|
|
mac_addr: "{{ network.vlan130.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan131:
|
|
mac_addr: "{{ network.vlan131.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan133:
|
|
mac_addr: "{{ network.vlan133.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan134:
|
|
mac_addr: "{{ network.vlan134.mac_addr }}"
|
|
link_local: false
|
|
forward: true
|
|
vlan135:
|
|
mac_addr: "{{ network.vlan135.mac_addr }}"
|
|
ip_addrs: "{{ network.vlan135.ipv4_addrs
|
|
+ network.vlan135.ipv6_addrs }}"
|
|
forward: true
|
|
roles:
|
|
- systemd_networkd
|
|
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
- infra-2.router.auro.re
|
|
vars:
|
|
bird_router_id: "{{ network.vlan129.ipv4_addrs[0] | ipaddr('address') }}"
|
|
bird_ospf_src: "{{ network.vlan135.ipv4_addrs[0] | ipaddr('address') }}"
|
|
bird_ospf_src_v6: "{{ network.vlan135.ipv6_addrs[0] | ipaddr('address') }}"
|
|
bird_ospf_interfaces:
|
|
vlan111:
|
|
stub: true
|
|
vlan128:
|
|
stub: true
|
|
vlan129:
|
|
broadcast: true
|
|
vlan130:
|
|
stub: true
|
|
vlan131:
|
|
stub: true
|
|
vlan133:
|
|
stub: true
|
|
vlan134:
|
|
stub: true
|
|
roles:
|
|
- bird
|
|
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
- infra-2.router.auro.re
|
|
vars:
|
|
keepalived_notify_master: "/usr/local/sbin/conntrackd_vrrp primary"
|
|
keepalived_notify_backup: "/usr/local/sbin/conntrackd_vrrp backup"
|
|
keepalived_notify_fault: "/usr/local/sbin/conntrackd_vrrp fault"
|
|
keepalived_virtual_router_id: 42
|
|
keepalived_interface: vlan129
|
|
keepalived_virtual_ipv4_addrs:
|
|
vlan111:
|
|
- 45.66.111.10/24 # 45.66.111.1/24
|
|
vlan128:
|
|
- 10.128.0.16/16 # 10.128.0.1/16
|
|
vlan130:
|
|
- 10.130.0.185/16 # 10.130.0.1/16
|
|
vlan131:
|
|
- 10.131.0.1/16
|
|
vlan133:
|
|
- 10.133.0.1/16
|
|
vlan134:
|
|
- 10.134.0.1/16
|
|
keepalived_virtual_ipv6_addrs:
|
|
vlan111:
|
|
- fe80::200:02ff:fe23:ae26/64
|
|
- 2a09:6840:111:0:10::/56 # 2a09:6840:111:0:1::/56
|
|
vlan128:
|
|
- fe80::200:02ff:fe9f:d67a/64
|
|
- 2a09:6840:128:0:16::/48 # 2a09:6840:128:0:1::/48
|
|
vlan130:
|
|
- fe80::200:02ff:fee2:9782/64
|
|
- 2a09:6840:130:0:185::/48 # 2a09:6840:130:0:1::/48
|
|
vlan131:
|
|
- fe80::200:02ff:fee2:9782/64
|
|
- 2a09:6840:131:0:1::/48
|
|
vlan133:
|
|
- fe80::200:02ff:fe8a:0cbc/64
|
|
- 2a09:6840:133:0:1::/48
|
|
vlan134:
|
|
- fe80::200:02ff:fe09:38f7/64
|
|
- 2a09:6840:134:0:1::/48
|
|
roles:
|
|
- keepalived
|
|
|
|
- hosts:
|
|
- infra-1.router.auro.re
|
|
- infra-2.router.auro.re
|
|
roles:
|
|
- nftables_infra
|
|
...
|