exit: store VLAN interface addresses in NetBox

… instead of generating them from prefixes. A NetBox script can be used to create and configure all necessary data for a new VLAN. Instead of VLAN roles “inside" and “outside” we now create separate VRFs for inside VLANs to match the actual exit/firewall configuration. The “outside” VRF is for all VLANs that are directly accessible from the internet.
2024-04-10 14:03:50 +02:00 · 2024-04-10 14:03:50 +02:00 · db397cb2b1
commit db397cb2b1
parent ece3b8a377
7 changed files with 32 additions and 51 deletions
--- a/roles/exit/templates/radvd.conf.j2
+++ b/roles/exit/templates/radvd.conf.j2
@ -1,6 +1,5 @@
-{# Note that there must be exactly one VLAN-aware bridge. #}
-{% set bridge = interfaces | selectattr('type') | selectattr('type.value', '==', 'bridge') | first %}
-{% set my_vlans = bridge.tagged_vlans | sort(attribute='vid') -%}
+{% set my_vlans = interfaces | selectattr('parent') | selectattr('parent.name', '==', 'bridge')
+    | selectattr('untagged_vlan') | map(attribute='untagged_vlan') -%}

 # Send IPv6 RAs from virtual router IP for each network. Also set DNS options.
 # Both exits announce the same gateway, so don’t revoke it if we go down.