diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml
index fbdbb47ce4a7a410c69e50dcf348bef32fb39e04..47059bf164c93680b5cbfbf5d8f0b50aedfa7de0 100644
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@@ -6,7 +6,7 @@ glob_keepalived:
smtp_server: smtp.adm.crans.org
pool:
all:
- password: "plopisverysecure"
+ password: "{{ vault.keepalived.password }}"
id: 60
ipv6: yes
notify: /usr/scripts/notify-dhcp
diff --git a/plays/dns.yml b/plays/dns-authoritative.yml
similarity index 89%
rename from plays/dns.yml
rename to plays/dns-authoritative.yml
index c246215945d588456459c665345be555d53f5461..928a751e3444c1e8ea403960816c910c57ebc85f 100755
--- a/plays/dns.yml
+++ b/plays/dns-authoritative.yml
@@ -1,10 +1,5 @@
#!/usr/bin/env ansible-playbook
---
-# Deploy recursive DNS cache server
-- hosts: dns_recursive
- roles:
- - bind-recursive
-
# Deploy authoritative DNS server
- hosts: dns_authoritative
vars:
diff --git a/plays/firewall.yml b/plays/firewall.yml
index 4382f9d7a90fff2b7d11f4fe7cbcff0fd4b07908..79ba1112176ccca0c8dd4c905c6c8107db6417e3 100755
--- a/plays/firewall.yml
+++ b/plays/firewall.yml
@@ -1,58 +1,13 @@
#!/usr/bin/env ansible-playbook
---
-# Deploy sysctl config files
-- hosts: crans_routeurs
- vars:
- logs:
- ip: 172.16.10.1
+- hosts: routeurs_vms
roles:
- - sysctl-forwarding
- logall
- - nftables
-
-- hosts: crans_routeurs
- vars:
- subnets:
- - name: infra
- prefix: fd00:0:0:11::/64
- dns:
- - fd00::11:0:ff:fe00:9911
- - name: adh
- prefix: 2a0c:700:12::/64
- dns:
- - 2a0c:700:12::ff:fe00:9912
- - name: adh_nat
- prefix: 2a0c:700:13::/64
- dns:
- - 2a0c:700:13::ff:fe00:9913
- roles:
- - radvd
-# Deploy firewall
-- hosts: crans_routeurs
+- hosts: firewall
vars:
- re2o:
- server: re2o.adm.crans.org
- service_user: "{{ vault.re2o_service_user }}"
- service_password: "{{ vault.re2o_service_password }}"
+ service: "{{ glob_service_firewall | default({}) | combine(loc_service_firewall | default({})) }}"
roles:
- - firewall
-
-# Deploy BGP server configuration on routers
-- hosts: crans_routeurs
- vars:
- bgp:
- as: 204515
- remote_as: 8218
- ipv4:
- router_id: 158.255.113.73
- bind_address: 158.255.113.73
- network: 185.230.76.0/22
- neighbor: 158.255.113.72
- ipv6:
- router_id: 185.230.79.62
- bind_address: 2001:1b48:2:103::bb:2
- network: 2a0c:700::/32
- neighbor: 2001:1b48:2:103::bb:1
- roles:
- - bird
+ - sysctl-forwarding
+ - nftables
+ - service
diff --git a/plays/freeradius.yml b/plays/freeradius.yml
index 404a53920363f4bad595564a170ce5a3ee4c18bd..b52c00850e0ad3eaaac91eff46a48499a08e38ea 100755
--- a/plays/freeradius.yml
+++ b/plays/freeradius.yml
@@ -1,11 +1,11 @@
#!/usr/bin/env ansible-playbook
---
# Deploy re2o
-#- hosts: re2o
-# vars:
-# re2o: "{{ glob_re2o | default({}) | combine(loc_re2o | default({})) }}"
-# roles:
-# - re2o
+- hosts: re2o
+ vars:
+ re2o: "{{ glob_re2o | default({}) | combine(loc_re2o | default({})) }}"
+ roles:
+ - re2o
# Deploy radius server
- hosts: radius
@@ -14,5 +14,5 @@
freeradius: '{{ glob_freeradius | default({}) | combine(loc_freeradius | default({})) }}'
mirror: '{{ glob_mirror | default({}) | combine(loc_mirror | default({})) }}'
roles:
-# - certbot
+ - certbot
- freeradius
diff --git a/plays/keepalived.yml b/plays/keepalived.yml
old mode 100755
new mode 100644
diff --git a/plays/routeurs.yml b/plays/routeurs.yml
new file mode 100755
index 0000000000000000000000000000000000000000..27e34a23493666c81e2fad0072c193dabbe53524
--- /dev/null
+++ b/plays/routeurs.yml
@@ -0,0 +1,7 @@
+#!/usr/bin/env ansible-playbook
+---
+- import_playbook: dhcp.yml
+- import_playbook: bird.yml
+- import_playbook: freeradius.yml
+- import_playbook: firewall.yml
+- import_playbook: dns-recursive.yml