ansible/playbooks/router.yml
Jeltz 64772b76e4
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
Add nftables role
This is a fully static version of the config, and it is meant to be
temporary (until I figure out a way to properly configure nftables using
ansible…).
2022-01-08 23:41:51 +01:00

119 lines
3.2 KiB
YAML
Executable file

#!/usr/bin/env ansible-playbook
---
- hosts:
- infra-1.router.auro.re
- infra-2.router.auro.re
vars:
networkd_interfaces:
vlan111:
mac_addr: "{{ network.vlan111.mac_addr }}"
link_local: false
forward: true
vlan128:
mac_addr: "{{ network.vlan128.mac_addr }}"
link_local: false
forward: true
vlan129:
mac_addr: "{{ network.vlan129.mac_addr }}"
ip_addrs: "{{ network.vlan129.ipv4_addrs
+ network.vlan129.ipv6_addrs }}"
forward: true
vlan130:
mac_addr: "{{ network.vlan130.mac_addr }}"
link_local: false
forward: true
vlan131:
mac_addr: "{{ network.vlan131.mac_addr }}"
link_local: false
forward: true
vlan133:
mac_addr: "{{ network.vlan133.mac_addr }}"
link_local: false
forward: true
vlan134:
mac_addr: "{{ network.vlan134.mac_addr }}"
link_local: false
forward: true
vlan135:
mac_addr: "{{ network.vlan135.mac_addr }}"
ip_addrs: "{{ network.vlan135.ipv4_addrs
+ network.vlan135.ipv6_addrs }}"
forward: true
roles:
- systemd_networkd
- hosts:
- infra-1.router.auro.re
- infra-2.router.auro.re
vars:
bird_router_id: "{{ network.vlan129.ipv4_addrs[0] | ipaddr('address') }}"
bird_ospf_src: "{{ network.vlan135.ipv4_addrs[0] | ipaddr('address') }}"
bird_ospf_src_v6: "{{ network.vlan135.ipv6_addrs[0] | ipaddr('address') }}"
bird_ospf_interfaces:
vlan111:
stub: true
vlan128:
stub: true
vlan129:
broadcast: true
vlan130:
stub: true
vlan131:
stub: true
vlan133:
stub: true
vlan134:
stub: true
roles:
- bird
- hosts:
- infra-1.router.auro.re
- infra-2.router.auro.re
vars:
keepalived_notify_master: "/usr/local/sbin/conntrackd_vrrp primary"
keepalived_notify_backup: "/usr/local/sbin/conntrackd_vrrp backup"
keepalived_notify_fault: "/usr/local/sbin/conntrackd_vrrp fault"
keepalived_virtual_router_id: 42
keepalived_interface: vlan129
keepalived_virtual_ipv4_addrs:
vlan111:
- 45.66.111.10/24 # 45.66.111.1/24
vlan128:
- 10.128.0.16/16 # 10.128.0.1/16
vlan130:
- 10.130.0.185/16 # 10.130.0.1/16
vlan131:
- 10.131.0.1/16
vlan133:
- 10.133.0.1/16
vlan134:
- 10.134.0.1/16
keepalived_virtual_ipv6_addrs:
vlan111:
- fe80::200:02ff:fe23:ae26/64
- 2a09:6840:111:0:10::/56 # 2a09:6840:111:0:1::/56
vlan128:
- fe80::200:02ff:fe9f:d67a/64
- 2a09:6840:128:0:16::/48 # 2a09:6840:128:0:1::/48
vlan130:
- fe80::200:02ff:fee2:9782/64
- 2a09:6840:130:0:185::/48 # 2a09:6840:130:0:1::/48
vlan131:
- fe80::200:02ff:fee2:9782/64
- 2a09:6840:131:0:1::/48
vlan133:
- fe80::200:02ff:fe8a:0cbc/64
- 2a09:6840:133:0:1::/48
vlan134:
- fe80::200:02ff:fe09:38f7/64
- 2a09:6840:134:0:1::/48
roles:
- keepalived
- hosts:
- infra-1.router.auro.re
- infra-2.router.auro.re
roles:
- nftables_infra
...