---
# Deploy tunnel
- hosts: boeing.adm.crans.org,sputnik.adm.crans.org
  vars:
    # Debian mirror on adm
    debian_mirror: http://mirror.adm.crans.org/debian
  roles:
    - wireguard

# Deploy DHCP server
- hosts: dhcp.adm.crans.org
  vars:
    dhcp:
      authoritative: true
  roles:
    - isc-dhcp-server

# Deploy recursive DNS cache server
- hosts: odlyd.adm.crans.org
  roles:
    - bind-recursive

# Deplay authoritative DNS server
- hosts: sputnik.adm.crans.org
  roles:
    - bind-authoritative

# Deploy firewall
- hosts: gulp.adm.crans.org
  roles: []  # TODO

# Deploy Unifi Controller
- hosts: unifi.adm.crans.org
  roles:
    - unifi-controller

# Configure routers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
  roles:
    - logall
    - quagga

# Deploy BGP server configuration on IPv4 routers
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
    bgp:
      as: 204515
      router_id: 158.255.113.73
      network: 185.230.76.0/22
      neighbor: 158.255.113.72
      remote_as: 8218
  roles:
    - quagga-ipv4

# Deploy BGP server configuration on IPv6 routers
- hosts: ipv6-zayo.adm.crans.org
  vars:
    zebra:
      password: "{{ vault_zebra_password }}"
    bgp:
      as: 204515
      router_id: 138.231.136.200
      network: 2a0c:700::/32
      neighbor: 2001:1b48:2:103::bb:1
      remote_as: 8218
  roles:
    - quagga-ipv6

# Deploy postfix on mail servers
- hosts: titanic.adm.crans.org
  vars:
    postfix:
      primary: false
      secondary: true
      public: true
      dkim: true
      mailman: false
      titanic: true
  roles:
    - postfix

- hosts: sputnik.adm.crans.org
  vars:
    postfix:
      primary: false
      secondary: true
      public: true
      dkim: true
      mailman: false
      titanic: false
  roles:
    - postfix