2023-12-18 10:22:14 +00:00
|
|
|
{# Note that there must be exactly one VLAN-aware bridge. #}
|
|
|
|
|
{% set bridge = interfaces | selectattr('type') | selectattr('type.value', '==', 'bridge') | first %}
|
2024-01-30 11:35:33 +00:00
|
|
|
{% set bridge_vlans = vlans | selectattr('vid', 'in', bridge.tagged_vlans | map(attribute='vid')) -%}
|
2023-12-18 10:22:14 +00:00
|
|
|
|
2024-01-30 11:35:33 +00:00
|
|
|
# A separate VRF for each inside network so we can firewall between them.
|
|
|
|
|
{% for vlan in bridge_vlans | selectattr('role.slug', '==', 'inside') %}
|
2023-12-18 10:22:14 +00:00
|
|
|
auto {{ vlan.name }}
|
|
|
|
|
iface {{ vlan.name }}
|
|
|
|
|
vrf-table auto
|
|
|
|
|
|
|
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
|
|
# Interfaces.
|
2024-01-30 11:35:33 +00:00
|
|
|
{% for vlan in bridge_vlans %}
|
2023-12-18 10:22:14 +00:00
|
|
|
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vlan_id='~vlan.id, raw_data=true)
|
|
|
|
|
| map(attribute='prefix') %}
|
|
|
|
|
auto {{ bridge.name }}.{{ vlan.vid }}
|
|
|
|
|
iface {{ bridge.name }}.{{ vlan.vid }}
|
2024-01-30 11:35:33 +00:00
|
|
|
vrf {% if vlan.role.slug == 'outside' %}outside{% else %}{{ vlan.name }}{% endif +%}
|
2023-12-18 10:22:14 +00:00
|
|
|
mtu 9216
|
|
|
|
|
{% if peer is defined %}
|
|
|
|
|
{% set my_index = inventory_hostname.split('-')[1]|int %}
|
|
|
|
|
{% for prefix in prefixes %}
|
|
|
|
|
address {{ prefix | ipaddr(1 + my_index) }}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
{% if prefixes %}
|
|
|
|
|
address-virtual 00:00:5e:00:01:01 {{ prefixes | ipaddr(1) | join(' ') }}
|
|
|
|
|
{% endif %}
|
|
|
|
|
{% else %}
|
|
|
|
|
{% for prefix in prefixes %}
|
|
|
|
|
address {{ prefix }}
|
|
|
|
|
{% endfor %}
|
|
|
|
|
{% endif %}
|
|
|
|
|
|
|
|
|
|
{% endfor %}
|
