From bac8ffdc72f89e628c29d5c6b6245690b238788a Mon Sep 17 00:00:00 2001
From: Yohann D'ANELLO <ynerant@crans.org>
Date: Tue, 28 Jun 2022 13:39:34 +0200
Subject: [PATCH] Deploy arpproxy service

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>
---
 group_vars/arpproxy.yml                  | 11 +++++++++++
 host_vars/boeing.adm.crans.org.yml       | 12 ++++++++++++
 host_vars/routeur-ft.adm.crans.org.yml   | 10 ++++++++++
 host_vars/routeur-thot.adm.crans.org.yml | 10 ++++++++++
 hosts                                    |  5 +++++
 plays/arpproxy.yml                       |  7 +++++++
 6 files changed, 55 insertions(+)
 create mode 100644 group_vars/arpproxy.yml
 create mode 100755 plays/arpproxy.yml

diff --git a/group_vars/arpproxy.yml b/group_vars/arpproxy.yml
new file mode 100644
index 00000000..172e0743
--- /dev/null
+++ b/group_vars/arpproxy.yml
@@ -0,0 +1,11 @@
+---
+glob_service_proxy:
+  git:
+    remote: https://gitlab.adm.crans.org/nounous/proxy.git
+    version: main
+  name: proxy
+  install_dir: /var/local/services/proxy
+  generated: false
+  cron:
+    frequency: "* * * * *"
+    options: "--alter"
diff --git a/host_vars/boeing.adm.crans.org.yml b/host_vars/boeing.adm.crans.org.yml
index ef288088..e7a38043 100644
--- a/host_vars/boeing.adm.crans.org.yml
+++ b/host_vars/boeing.adm.crans.org.yml
@@ -16,3 +16,15 @@ loc_wireguard:
           endpoint: "{{ query('ldap', 'ip', 'sputnik', 'srv') | ipv4 | first }}:51820"
       post_up: "sysctl -w net.ipv4.conf.ens18.proxy_arp=1; sysctl -w net.ipv4.conf.sputnik.proxy_arp=1; sysctl -w net.ipv6.conf.ens18.proxy_ndp=1; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=1; ip neigh add proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18"
       post_down: "sysctl -w net.ipv4.conf.ens18.proxy_arp=0; sysctl -w net.ipv4.conf.sputnik.proxy_arp=0; sysctl -w net.ipv6.conf.ens18.proxy_ndp=0; sysctl -w net.ipv6.conf.sputnik.proxy_ndp=0; ip neigh delete proxy {{ query('ldap', 'ip', 'sputnik', 'adm') | ipv6 | first }} dev ens18"
+
+loc_service_proxy:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+    protocol: "proxy"
+    filter: "adm.crans.org"
+    proxy:
+      default: "ens18"
+      viarezo: "sputnik"
+      aurore: "sputnik"
+      ovh: "sputnik"
diff --git a/host_vars/routeur-ft.adm.crans.org.yml b/host_vars/routeur-ft.adm.crans.org.yml
index 307e18eb..ecd69b9f 100644
--- a/host_vars/routeur-ft.adm.crans.org.yml
+++ b/host_vars/routeur-ft.adm.crans.org.yml
@@ -2,3 +2,13 @@
 interfaces:
   adm: ens18
   auto: ens19
+
+loc_service_proxy:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+    protocol: "proxy"
+    filter: "adm.crans.org"
+    proxy:
+      default: "wg0"
+      viarezo: "ens18"
diff --git a/host_vars/routeur-thot.adm.crans.org.yml b/host_vars/routeur-thot.adm.crans.org.yml
index 307e18eb..3d46351a 100644
--- a/host_vars/routeur-thot.adm.crans.org.yml
+++ b/host_vars/routeur-thot.adm.crans.org.yml
@@ -2,3 +2,13 @@
 interfaces:
   adm: ens18
   auto: ens19
+
+loc_service_proxy:
+  config:
+    ldap:
+      server: "ldaps://{{ query('ldap', 'ip', 'tealc', 'adm') | ipv4 | first }}/"
+    protocol: "proxy"
+    filter: "adm.crans.org"
+    proxy:
+      default: "wg0"
+      aurore: "ens18"
diff --git a/hosts b/hosts
index 20038cb8..110bedc9 100644
--- a/hosts
+++ b/hosts
@@ -3,6 +3,11 @@
 [adh_server]
 zamok.adm.crans.org
 
+[arpproxy]
+boeing.adm.crans.org
+routeur-ft.adm.crans.org
+#routeur-thot.adm.crans.org
+
 [autoconfig]
 hodaur.adm.crans.org
 
diff --git a/plays/arpproxy.yml b/plays/arpproxy.yml
new file mode 100755
index 00000000..ddc4fdd2
--- /dev/null
+++ b/plays/arpproxy.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- hosts: arpproxy
+  vars:
+    service: "{{ glob_service_proxy | default({}) | combine(loc_service_proxy | default({})) }}"
+  roles:
+    - service