#!/usr/bin/env ansible-playbook
---
# Deploy sysctl config files
- hosts: crans_routeurs
  roles:
    - sysctl-forwarding
    - nftables

- hosts: routeur-sam.adm.crans.org
  roles:
    - arp-proxy

- hosts: crans_routeurs
  vars:
    subnets:
      - name: infra
        prefix: fd00:0:0:11::/64
        dns:
          - fd00::11:0:ff:fe00:9911
      - name: adh
        prefix: 2a0c:700:12::/64
        dns:
          - 2a0c:700:12::ff:fe00:9912
      - name: adh_nat
        prefix: 2a0c:700:13::/64
        dns:
          - 2a0c:700:13::ff:fe00:9913
  roles:
    - radvd

# Deploy firewall
- hosts: crans_routeurs
  vars:
    re2o:
      server: re2o.adm.crans.org
      service_user: "{{ vault_re2o_service_user }}"
      service_password: "{{ vault_re2o_service_password }}"
  roles:
    - firewall

# Deploy BGP server configuration on IPv4 routers
- hosts: crans_routeurs
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
    bgp:
      as: 204515
      router_id_v4: 158.255.113.73
      network_v4: 185.230.76.0/22
      neighbor_v4: 158.255.113.72
      router_id_v6: 138.231.136.200
      network_v6: 2a0c:700::/32
      neighbor_v6: 2001:1b48:2:103::bb:1
      remote_as: 8218
  roles:
    - quagga