Query prefixes once for all hosts

And group them into vrf_prefixes for VLAN networks and bgp_prefixes for
servers plugged directly into fabric.

This should reduce the number of queries to NetBox when configuring
firewalls and exit switches. Not sure but I think set_fact helps to
avoid queries (as opposed to setting group_vars).

roles/exit/templates/frr.conf.j2

@@ -213,17 +213,15 @@ ipv6 prefix-list default permit ::/0
 ip prefix-list fabric permit 10.34.0.0/24 ge 32
 ipv6 prefix-list fabric permit 2001:1470:fffd:3400::/64 ge 128
 
-{% for vrf in inside_vrfs %}
-{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vrf_id='~vrf.id, raw_data=true)
-        | sort(attribute='family.value') %}
-{% for prefix in prefixes %}
+{% for prefix in vrf_prefixes
+    | selectattr('vrf.id', 'in', inside_vrfs|map(attribute='id'))
+    | sort(attribute='family.value') | sort(attribute='vlan.vid') %}
 {% if prefix.family.value == 4 %}
 ip prefix-list office permit {{ prefix.prefix }} ge 24
 {% else %}
 ipv6 prefix-list office permit {{ prefix.prefix }} ge 64
 {% endif %}
 {% endfor %}
-{% endfor %}
 
 {% if wg_net is defined %}
 ip prefix-list vpn permit {{ wg_net | ipaddr('subnet') }}
@@ -237,7 +235,7 @@ ip prefix-list nat permit {{ wg_ip | ipaddr('host') }}
 ip prefix-list nat permit {{ network }}
 {% endfor %}
 
-{% for prefix in query('netbox.netbox.nb_lookup', 'prefixes', raw_data=true, api_filter='role=bgp') | selectattr('tenant') %}
+{% for prefix in bgp_prefixes | sort(attribute='family.value') %}
 {% if prefix.family.value == 4 %}
 ip prefix-list dc permit {{ prefix.prefix }} ge 32
 {% else %}
@@ -281,7 +279,7 @@ route-map inside-import permit 21
   match ipv6 address prefix-list office
 
 # Route maps for advertised and received routes.
-# Inside ↔ fabric.
+# Default VRF ↔ fabric.
 route-map default->fabric permit 10
   match ip address prefix-list default
 route-map default->fabric permit 11
@@ -296,7 +294,7 @@ route-map fabric->default permit 20
 route-map fabric->default permit 21
   match ipv6 address prefix-list dc
 
-# Inside ↔ firewall.
+# Inside VRF ↔ firewall.
 route-map inside->firewall permit 1
   match interface lo
 route-map inside->firewall permit 20
@@ -313,7 +311,7 @@ route-map firewall->inside permit 10
 route-map firewall->inside permit 11
   match ipv6 address prefix-list default
 
-# Outside ↔ firewall.
+# Outside VRF ↔ firewall.
 route-map outside->firewall permit 10
   match ip address prefix-list default
 route-map outside->firewall permit 11

roles/exit/templates/isc-dhcp-relay.j2

@@ -1,5 +1,5 @@
-{% set dhcp_networks = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='role=dhcp-pool', raw_data=true)
-    | selectattr('vlan') | map(attribute='vlan.vid') | sort -%}
+{% set dhcp_vlans = vrf_prefixes | selectattr('custom_fields.dhcp_ranges')
+    | map(attribute='vlan.vid') | sort -%}
 
 # What servers should the DHCP relay forward requests to?
 SERVERS="{{ dhcp }}"
@@ -10,7 +10,7 @@ SERVERS="{{ dhcp }}"
 # This will be used in the actual dhcrelay command
 # For example, "-i eth0 -i eth1"
 INTF_CMD="{{ interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
-    | selectattr('untagged_vlan') | selectattr('untagged_vlan.vid', 'in', dhcp_networks)
+    | selectattr('untagged_vlan') | selectattr('untagged_vlan.vid', 'in', dhcp_vlans)
     | map(attribute='name') | sort | map('regex_replace', '^', '-id ') | join(' ') }} -iu {{ iface_uplink }} -iu peerlink.4"
 
 # Additional options that are passed to the DHCP relay daemon?