ansible/plays/firewall.yml

#!/usr/bin/env ansible-playbook
---
# Deploy sysctl config files
- hosts: crans_routeurs
  vars:
    logs:
      ip: 172.16.10.1
  roles:
    - sysctl-forwarding
    - logall
    - nftables

- hosts: crans_routeurs
  vars:
    subnets:
      - name: infra
        prefix: fd00:0:0:11::/64
        dns:
          - fd00::11:0:ff:fe00:9911
      - name: adh
        prefix: 2a0c:700:12::/64
        dns:
          - 2a0c:700:12::ff:fe00:9912
      - name: adh_nat
        prefix: 2a0c:700:13::/64
        dns:
          - 2a0c:700:13::ff:fe00:9913
  roles:
    - radvd

# Deploy firewall
- hosts: crans_routeurs
  vars:
    re2o:
      server: re2o.adm.crans.org
      service_user: "{{ vault.re2o_service_user }}"
      service_password: "{{ vault.re2o_service_password }}"
  roles:
    - firewall

# Deploy BGP server configuration on routers
- hosts: crans_routeurs
  vars:
    bgp:
      as: 204515
      remote_as: 8218
      ipv4:
        router_id: 158.255.113.73
        bind_address: 158.255.113.73
        network: 185.230.76.0/22
        neighbor: 158.255.113.72
      ipv6:
        router_id: 185.230.79.62
        bind_address: 2001:1b48:2:103::bb:2
        network: 2a0c:700::/32
        neighbor: 2001:1b48:2:103::bb:1
  roles:
    - bird