Initial commit, squashed

roles/exit/templates/firewall.intf.j2

@@ -0,0 +1,41 @@
+{% set exit = inventory_hostname.split('-')[1]|int %}
+{% set lo_address = interfaces
+    | selectattr('name', '==', 'lo')
+    | map(attribute='ip_addresses') | first
+    | selectattr('role') | selectattr('role.value', '==', 'loopback')
+    | map(attribute='address') %}
+{% set ip = lo_address | ipv4 | first %}
+{% set ip6 = lo_address | ipv6 | first -%}
+
+auto inside
+iface inside
+    vrf-table auto
+    address {{ ip }}
+    address {{ ip6 }}
+
+auto outside
+iface outside
+    vrf-table auto
+    address {{ ip }}
+    address {{ ip6 }}
+
+{% for iface in ifaces_firewall %}
+auto {{ iface }}.2
+iface {{ iface }}.2
+    vrf inside
+
+auto {{ iface }}.4
+iface {{ iface }}.4
+    vrf outside
+
+{% endfor -%}
+
+# Backup firewall routes are exchanged over these subinterfaces.
+auto peerlink.2
+iface peerlink.2
+    vrf inside
+
+auto peerlink.4
+iface peerlink.4
+    vrf outside
+    address {{ "169.254.1.0/24" | ipaddr(exit + 1) }}