From 0572c533910f7729f8e83174a2469605ac8d965f Mon Sep 17 00:00:00 2001
From: Alexandre Iooss <erdnaxe@crans.org>
Date: Tue, 19 May 2020 20:21:51 +0200
Subject: [PATCH] DHCP, DNS and Wireguard plays

---
 base.yml            |  3 +++
 network.yml         | 49 ---------------------------------------------
 plays/dhcp.yml      |  8 ++++++++
 plays/dns.yml       | 17 ++++++++++++++++
 plays/wireguard.yml | 22 ++++++++++++++++++++
 5 files changed, 50 insertions(+), 49 deletions(-)
 create mode 100755 plays/dhcp.yml
 create mode 100755 plays/dns.yml
 create mode 100755 plays/wireguard.yml

diff --git a/base.yml b/base.yml
index 4e7099a9..a30279a9 100755
--- a/base.yml
+++ b/base.yml
@@ -74,3 +74,6 @@
 # Services that only apply to a subset of server
 - import_playbook: plays/tv.yml
 - import_playbook: plays/mailman.yml
+- import_playbook: plays/dhcp.yml
+- import_playbook: plays/dns.yml
+- import_playbook: plays/wireguard.yml
diff --git a/network.yml b/network.yml
index 1c5e9a39..b033433a 100755
--- a/network.yml
+++ b/network.yml
@@ -1,54 +1,5 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy tunnel
-- hosts: sputnik.adm.crans.org
-  vars:
-    debian_mirror: http://mirror.crans.org/debian
-    wireguard:
-      sputnik: true
-      private_key: "{{ vault_wireguard_sputnik_private_key }}"
-      peer_public_key: "{{ vault_wireguard_boeing_public_key }}"
-  roles:
-    - wireguard
-
-- hosts: boeing.adm.crans.org
-  vars:
-    # Debian mirror on adm
-    debian_mirror: http://mirror.adm.crans.org/debian
-    wireguard:
-      sputnik: false
-      if: ens20
-      private_key: "{{ vault_wireguard_boeing_private_key }}"
-      peer_public_key: "{{ vault_wireguard_sputnik_public_key }}"
-  roles:
-    - wireguard
-
-# Deploy DHCP server
-- hosts: dhcp.adm.crans.org
-  vars:
-    dhcp:
-      authoritative: true
-  roles:
-    - isc-dhcp-server
-
-# Deploy recursive DNS cache server
-- hosts: odlyd.adm.crans.org
-  roles:
-    - bind-recursive
-
-# Deploy authoritative DNS server
-- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
-  vars:
-    certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
-    certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
-    bind:
-      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
-      slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
-      zones: "{{ lookup('re2oapi', 'dnszones') }}"
-      reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
-  roles:
-    - bind-authoritative
-
 # Deploy reverse proxy
 - hosts: bakdaur.adm.crans.org,frontdaur.adm.crans.org
   vars:
diff --git a/plays/dhcp.yml b/plays/dhcp.yml
new file mode 100755
index 00000000..07cd132b
--- /dev/null
+++ b/plays/dhcp.yml
@@ -0,0 +1,8 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy DHCP server
+- hosts: dhcp.adm.crans.org
+  vars:
+    dhcp:
+      authoritative: true
+  roles: ["isc-dhcp-server"]
diff --git a/plays/dns.yml b/plays/dns.yml
new file mode 100755
index 00000000..7f133c1a
--- /dev/null
+++ b/plays/dns.yml
@@ -0,0 +1,17 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy recursive DNS cache server
+- hosts: odlyd.adm.crans.org
+  roles: ["bind-recursive"]
+
+# Deploy authoritative DNS server
+- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
+  vars:
+    certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
+    certbot_adm_dns_secret: "{{ vault_certbot_adm_dns_secret }}"
+    bind:
+      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
+      slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
+      zones: "{{ lookup('re2oapi', 'dnszones') }}"
+      reverse: "{{ lookup('re2oapi', 'dnsreverse') }}"
+  roles: ["bind-authoritative"]
diff --git a/plays/wireguard.yml b/plays/wireguard.yml
new file mode 100755
index 00000000..2de147e1
--- /dev/null
+++ b/plays/wireguard.yml
@@ -0,0 +1,22 @@
+#!/usr/bin/env ansible-playbook
+---
+# Deploy tunnel
+- hosts: sputnik.adm.crans.org
+  vars:
+    debian_mirror: http://mirror.crans.org/debian
+    wireguard:
+      sputnik: true
+      private_key: "{{ vault_wireguard_sputnik_private_key }}"
+      peer_public_key: "{{ vault_wireguard_boeing_public_key }}"
+  roles: ["wireguard"]
+
+- hosts: boeing.adm.crans.org
+  vars:
+    # Debian mirror on adm
+    debian_mirror: http://mirror.adm.crans.org/debian
+    wireguard:
+      sputnik: false
+      if: ens20
+      private_key: "{{ vault_wireguard_boeing_private_key }}"
+      peer_public_key: "{{ vault_wireguard_sputnik_public_key }}"
+  roles: ["wireguard"]