126 lines
2.8 KiB
YAML
Executable File
126 lines
2.8 KiB
YAML
Executable File
#!/usr/bin/env ansible-playbook
|
|
---
|
|
# Deploy tunnel
|
|
- hosts: sputnik.adm.crans.org
|
|
vars:
|
|
debian_mirror: http://mirror.crans.org/debian
|
|
wireguard:
|
|
sputnik: true
|
|
private_key: "{{ vault_wireguard_sputnik_private_key }}"
|
|
peer_public_key: "{{ vault_wireguard_boeing_public_key }}"
|
|
roles:
|
|
- wireguard
|
|
|
|
- hosts: boeing.adm.crans.org
|
|
vars:
|
|
# Debian mirror on adm
|
|
debian_mirror: http://mirror.adm.crans.org/debian
|
|
wireguard:
|
|
sputnik: false
|
|
if: ens20
|
|
private_key: "{{ vault_wireguard_boeing_private_key }}"
|
|
peer_public_key: "{{ vault_wireguard_sputnik_public_key }}"
|
|
roles:
|
|
- wireguard
|
|
|
|
# Deploy DHCP server
|
|
- hosts: dhcp.adm.crans.org
|
|
vars:
|
|
dhcp:
|
|
authoritative: true
|
|
roles:
|
|
- isc-dhcp-server
|
|
|
|
# Deploy recursive DNS cache server
|
|
- hosts: odlyd.adm.crans.org
|
|
roles:
|
|
- bind-recursive
|
|
|
|
# Deploy authoritative DNS server
|
|
- hosts: silice.adm.crans.org,sputnik.adm.crans.org,boeing.adm.crans.org
|
|
vars:
|
|
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
|
|
bind:
|
|
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
|
slaves: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-slave')[0] }}"
|
|
zones: "{{ lookup('re2oapi', 'dnszones') }}"
|
|
roles:
|
|
- bind-authoritative
|
|
|
|
# Deploy reverse proxy
|
|
- hosts: bakdaur.adm.crans.org
|
|
vars:
|
|
certbot_dns_secret: "{{ vault_certbot_dns_secret }}"
|
|
bind:
|
|
masters: "{{ lookup('re2oapi', 'get_role', 'dns-authoritary-master')[0] }}"
|
|
roles:
|
|
- certbot
|
|
|
|
# Deploy firewall
|
|
- hosts: gulp.adm.crans.org
|
|
roles: [] # TODO
|
|
|
|
# Deploy Unifi Controller
|
|
- hosts: unifi.adm.crans.org
|
|
roles:
|
|
- unifi-controller
|
|
|
|
# Configure routers
|
|
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
|
|
roles:
|
|
- logall
|
|
- quagga
|
|
|
|
# Deploy BGP server configuration on IPv4 routers
|
|
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
|
|
vars:
|
|
zebra:
|
|
password: "{{ vault_zebra_password }}"
|
|
bgp:
|
|
as: 204515
|
|
router_id: 158.255.113.73
|
|
network: 185.230.76.0/22
|
|
neighbor: 158.255.113.72
|
|
remote_as: 8218
|
|
roles:
|
|
- quagga-ipv4
|
|
|
|
# Deploy BGP server configuration on IPv6 routers
|
|
- hosts: ipv6-zayo.adm.crans.org
|
|
vars:
|
|
zebra:
|
|
password: "{{ vault_zebra_password }}"
|
|
bgp:
|
|
as: 204515
|
|
router_id: 138.231.136.200
|
|
network: 2a0c:700::/32
|
|
neighbor: 2001:1b48:2:103::bb:1
|
|
remote_as: 8218
|
|
roles:
|
|
- quagga-ipv6
|
|
|
|
# Deploy postfix on mail servers
|
|
- hosts: titanic.adm.crans.org
|
|
vars:
|
|
postfix:
|
|
primary: false
|
|
secondary: true
|
|
public: true
|
|
dkim: true
|
|
mailman: false
|
|
titanic: true
|
|
roles:
|
|
- postfix
|
|
|
|
- hosts: sputnik.adm.crans.org
|
|
vars:
|
|
postfix:
|
|
primary: false
|
|
secondary: true
|
|
public: true
|
|
dkim: true
|
|
mailman: false
|
|
titanic: false
|
|
roles:
|
|
- postfix
|