Consolidate base system and networking setup into debian role and BGP configuration into frr role. Add facts role to collect data from NetBox once to avoid many slow lookups. Also many other tweaks and cleanups.
Leave the default sshd alone. If ssh is not necessary in default VRF, another role should disable it.
With sshd in separate management VRF and FRR to announce routes to self over unnumbered BGP.