rc/network
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add inside and outside roles for VLANs

Browse source 
Will probably rename inside/outside and office/server to int/ext.
This commit is contained in:
Timotej Lazar 2024-01-30 12:35:33 +01:00
parent 0802dc8637
commit aeb124e346
6 changed files with 65 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

10
roles/exit/templates/networks.intf.j2
View file

@ -1,9 +1,9 @@
{# Note that there must be exactly one VLAN-aware bridge. #}
{% set bridge = interfaces | selectattr('type') | selectattr('type.value', '==', 'bridge') | first %}
{% set my_vlans = bridge.tagged_vlans | sort(attribute='vid') -%}
{% set bridge_vlans = vlans | selectattr('vid', 'in', bridge.tagged_vlans | map(attribute='vid')) -%}
# VRFs.
{% for vlan in my_vlans %}
# A separate VRF for each inside network so we can firewall between them.
{% for vlan in bridge_vlans | selectattr('role.slug', '==', 'inside') %}
auto {{ vlan.name }}
iface {{ vlan.name }}
vrf-table auto
@ -11,12 +11,12 @@ iface {{ vlan.name }}
{% endfor %}
# Interfaces.
{% for vlan in my_vlans %}
{% for vlan in bridge_vlans %}
{% set prefixes = query('netbox.netbox.nb_lookup', 'prefixes', api_filter='vlan_id='~vlan.id, raw_data=true)
| map(attribute='prefix') %}
auto {{ bridge.name }}.{{ vlan.vid }}
iface {{ bridge.name }}.{{ vlan.vid }}
vrf {{ vlan.name }}
vrf {% if vlan.role.slug == 'outside' %}outside{% else %}{{ vlan.name }}{% endif +%}
mtu 9216
{% if peer is defined %}
{% set my_index = inventory_hostname.split('-')[1]|int %}