#!/usr/bin/env ansible-playbook
---
- hosts: gitzly.adm.crans.org
  vars:
    certbot:
      dns_rfc2136_name: certbot_adm_challenge.
      dns_rfc2136_secret: "{{ vault_certbot_adm_dns_secret }}"
      mail: root@crans.org
      certname: adm.crans.org
      domains: "*.adm.crans.org"
    bind:
      masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
  roles:
    - certbot

# Deploy firewall
- hosts: gulp.adm.crans.org
  roles: []  # TODO

# Deploy Unifi Controller
- hosts: unifi.adm.crans.org
  roles:
    - unifi-controller

# Configure routers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
  roles:
    - logall
    - quagga

# Deploy BGP server configuration on IPv4 routers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
    bgp:
      as: 204515
      router_id: 158.255.113.73
      network: 185.230.76.0/22
      neighbor: 158.255.113.72
      remote_as: 8218
  roles:
    - quagga-ipv4

# Deploy BGP server configuration on IPv6 routers
- hosts: ipv6-zayo.adm.crans.org
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
    bgp:
      as: 204515
      router_id: 138.231.136.200
      network: 2a0c:700::/32
      neighbor: 2001:1b48:2:103::bb:1
      remote_as: 8218
  roles:
    - quagga-ipv6