118 lines
2.4 KiB
YAML
118 lines
2.4 KiB
YAML
---
|
||
# Deploy tunnel
|
||
- hosts: sputnik.adm.crans.org
|
||
vars:
|
||
debian_mirror: http://mirror.crans.org/debian
|
||
wireguard:
|
||
sputnik: true
|
||
private_key: "{{ vault_wireguard_sputnik_private_key }}"
|
||
peer_public_key: "{{ vault_wireguard_boeing_public_key }}"
|
||
roles:
|
||
- wireguard
|
||
|
||
- hosts: boeing.adm.crans.org
|
||
vars:
|
||
# Debian mirror on adm
|
||
debian_mirror: http://mirror.adm.crans.org/debian
|
||
wireguard:
|
||
sputnik: false
|
||
if: ens20
|
||
private_key: "{{ vault_wireguard_boeing_private_key }}"
|
||
peer_public_key: "{{ vault_wireguard_sputnik_public_key }}"
|
||
roles:
|
||
- wireguard
|
||
|
||
# Deploy DHCP server
|
||
- hosts: dhcp.adm.crans.org
|
||
vars:
|
||
dhcp:
|
||
authoritative: true
|
||
roles:
|
||
- isc-dhcp-server
|
||
|
||
# Deploy recursive DNS cache server
|
||
- hosts: odlyd.adm.crans.org
|
||
roles:
|
||
- bind-recursive
|
||
|
||
# Deplay authoritative DNS server
|
||
- hosts: sputnik.adm.crans.org
|
||
vars:
|
||
bind:
|
||
master: false
|
||
master_ip: 10.231.136.118
|
||
zones:
|
||
- crans.org
|
||
- crans.eu
|
||
- crans.fr
|
||
roles:
|
||
- bind-authoritative
|
||
|
||
# Deploy firewall
|
||
- hosts: gulp.adm.crans.org
|
||
roles: [] # TODO
|
||
|
||
# Deploy Unifi Controller
|
||
- hosts: unifi.adm.crans.org
|
||
roles:
|
||
- unifi-controller
|
||
|
||
# Configure routers
|
||
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org,ipv6-zayo.adm.crans.org
|
||
roles:
|
||
- logall
|
||
- quagga
|
||
|
||
# Deploy BGP server configuration on IPv4 routers
|
||
- hosts: gulp.adm.crans.org,odlyd.adm.crans.org
|
||
vars:
|
||
zebra:
|
||
password: "{{ vault_zebra_password }}"
|
||
bgp:
|
||
as: 204515
|
||
router_id: 158.255.113.73
|
||
network: 185.230.76.0/22
|
||
neighbor: 158.255.113.72
|
||
remote_as: 8218
|
||
roles:
|
||
- quagga-ipv4
|
||
|
||
# Deploy BGP server configuration on IPv6 routers
|
||
- hosts: ipv6-zayo.adm.crans.org
|
||
vars:
|
||
zebra:
|
||
password: "{{ vault_zebra_password }}"
|
||
bgp:
|
||
as: 204515
|
||
router_id: 138.231.136.200
|
||
network: 2a0c:700::/32
|
||
neighbor: 2001:1b48:2:103::bb:1
|
||
remote_as: 8218
|
||
roles:
|
||
- quagga-ipv6
|
||
|
||
# Deploy postfix on mail servers
|
||
- hosts: titanic.adm.crans.org
|
||
vars:
|
||
postfix:
|
||
primary: false
|
||
secondary: true
|
||
public: true
|
||
dkim: true
|
||
mailman: false
|
||
titanic: true
|
||
roles:
|
||
- postfix
|
||
|
||
- hosts: sputnik.adm.crans.org
|
||
vars:
|
||
postfix:
|
||
primary: false
|
||
secondary: true
|
||
public: true
|
||
dkim: true
|
||
mailman: false
|
||
titanic: false
|
||
roles:
|
||
- postfix
|