[routeurs] playbook to deploy routing

group_vars/keepalived.yml

@@ -6,7 +6,7 @@ glob_keepalived:
   smtp_server: smtp.adm.crans.org
   pool:
     all:
-      password: "plopisverysecure"
+      password: "{{ vault.keepalived.password }}"
       id: 60
       ipv6: yes
       notify: /usr/scripts/notify-dhcp

plays/dns-authoritative.yml

@@ -1,10 +1,5 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy recursive DNS cache server
-- hosts: dns_recursive
-  roles:
-    - bind-recursive
-
 # Deploy authoritative DNS server
 - hosts: dns_authoritative
   vars:

plays/firewall.yml

@@ -1,58 +1,13 @@
 #!/usr/bin/env ansible-playbook
 ---
-# Deploy sysctl config files
+- hosts: routeurs_vms
-- hosts: crans_routeurs
+  roles:
+    - logall
+
+- hosts: firewall
   vars:
-    logs:
+    service: "{{ glob_service_firewall | default({}) | combine(loc_service_firewall | default({})) }}"
-      ip: 172.16.10.1
   roles:
     - sysctl-forwarding
-    - logall
     - nftables
-
+    - service
-- hosts: crans_routeurs
-  vars:
-    subnets:
-      - name: infra
-        prefix: fd00:0:0:11::/64
-        dns:
-          - fd00::11:0:ff:fe00:9911
-      - name: adh
-        prefix: 2a0c:700:12::/64
-        dns:
-          - 2a0c:700:12::ff:fe00:9912
-      - name: adh_nat
-        prefix: 2a0c:700:13::/64
-        dns:
-          - 2a0c:700:13::ff:fe00:9913
-  roles:
-    - radvd
-
-# Deploy firewall
-- hosts: crans_routeurs
-  vars:
-    re2o:
-      server: re2o.adm.crans.org
-      service_user: "{{ vault.re2o_service_user }}"
-      service_password: "{{ vault.re2o_service_password }}"
-  roles:
-    - firewall
-
-# Deploy BGP server configuration on routers
-- hosts: crans_routeurs
-  vars:
-    bgp:
-      as: 204515
-      remote_as: 8218
-      ipv4:
-        router_id: 158.255.113.73
-        bind_address: 158.255.113.73
-        network: 185.230.76.0/22
-        neighbor: 158.255.113.72
-      ipv6:
-        router_id: 185.230.79.62
-        bind_address: 2001:1b48:2:103::bb:2
-        network: 2a0c:700::/32
-        neighbor: 2001:1b48:2:103::bb:1
-  roles:
-    - bird

plays/freeradius.yml

@@ -1,11 +1,11 @@
 #!/usr/bin/env ansible-playbook
 ---
 # Deploy re2o
-#- hosts: re2o
+- hosts: re2o
-#  vars:
+  vars:
-#    re2o: "{{ glob_re2o | default({}) | combine(loc_re2o | default({})) }}"
+    re2o: "{{ glob_re2o | default({}) | combine(loc_re2o | default({})) }}"
-#  roles:
+  roles:
-#    - re2o
+    - re2o
 
 # Deploy radius server
 - hosts: radius
@@ -14,5 +14,5 @@
     freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}'
     mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
   roles:
-#    - certbot
+    - certbot
     - freeradius

plays/routeurs.yml

@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- import_playbook: dhcp.yml
+- import_playbook: bird.yml
+- import_playbook: freeradius.yml
+- import_playbook: firewall.yml
+- import_playbook: dns-recursive.yml