dch-gw: Initial commit

The *dch-gw* role, and the corresponding `dch-gw.yml` playbook, apply all of the necessary configuration to the edge router on my home network.
2018-03-23 10:14:46 -05:00
parent 5d1b646d14
commit a7ac6c586d
12 changed files with 344 additions and 0 deletions
--- a/group_vars/dch-gw/dch-network.yml
+++ b/group_vars/dch-gw/dch-network.yml
@@ -0,0 +1,64 @@
+dch_networks:
+  jazz:
+    description: Legacy network
+    vlan_id: 1
+    ipv4_address: 172.31.0.0/27
+    router_iface: vlan1
+    dns_search:
+    - pyrocufflink.jazz
+    dns_servers:
+    - fd99:8dc7:6528::10:1
+    - fd99:8dc7:6528::100:1
+    dns_servers_v4:
+    - 172.31.0.4
+    - 172.31.0.10
+    sla_id: 1
+
+  blue:
+    description: pyrocufflink.blue AD domain members only
+    vlan_id: 30
+    ipv4_address: 172.30.0.0/26
+    router_iface: vlan30
+    sla_id: 0
+
+  red:
+    description: Non-domain member machines
+    vlan_id: 101
+    ipv4_address: 172.31.1.1/24
+    router_iface: vlan101
+    sla_id: 101
+
+  guest:
+    description: Guest Wi-Fi
+    vlan_id: 100
+    ipv4_address: 172.24.100.0/24
+    router_iface: vlan100
+
+  dmz:
+    description: DMZ
+    vlan_id: 254
+    router_iface: vlan254
+
+
+nat_port_forwards:
+- protocol: tcp
+  port: http
+  destination: 172.31.0.6
+- protocol: tcp
+  port: https
+  destination: 172.31.0.6
+- protocol: tcp
+  port: ssh
+  destination: 172.31.0.5
+- protocol: tcp
+  port: rsync
+  destination: 172.31.0.5
+- protocol: udp
+  port: 16881-16999
+  destination: 172.31.0.5
+- protocol: udp
+  port: isakmp
+  destination: 172.31.0.2
+- protocol: udp
+  port: ipsec-nat-t
+  destination: 172.31.0.2
--- a/group_vars/dch-gw/dhcpd.yml
+++ b/group_vars/dch-gw/dhcpd.yml
@@ -0,0 +1,126 @@
+dhcp_ddns: true
+
+dhcp_subnets:
+# pyrocufflink.jazz
+- address: 172.31.0.1/27
+  pools:
+  - start: 172.31.0.11
+    end: 172.31.0.30
+  routers:
+  - 172.31.0.1
+  dns_servers:
+  - 172.31.0.4
+  - 172.31.0.10
+  domain_name: pyrocufflink.jazz
+  domain_search: pyrocufflink.jazz
+  ntp_servers:
+  - 172.31.0.4
+  - 172.31.0.10
+
+# pyrocufflink.blue
+- address: 172.30.0.0/26
+  pools:
+  - start: 172.30.0.11
+    end: 172.30.0.59
+  routers:
+  - 172.30.0.1
+  dns_servers:
+  - 172.30.0.4
+  domain_name: pyrocufflink.blue
+  domain_search: pyrocufflink.blue
+  ntp_servers:
+  - 172.30.0.10
+
+# pyrocufflink.red
+- address: 172.31.1.0/24
+  pools:
+  - start: 172.31.1.2
+    end: 172.31.1.254
+  routers:
+  - 172.31.1.1
+  dns_servers:
+  - 172.31.0.4
+  - 172.31.0.10
+  domain_name: pyrocufflink.red
+  domain_search: pyrocufflink.red pyrocufflink.blue pyrocufflink.jazz
+  ntp_servers:
+  - 172.31.0.4
+  - 172.31.0.10
+  dynamic_hostnames: true
+  default_lease: 3600
+  max_lease: 28800
+
+# tachyglossus.net (Guest)
+- address: 172.24.100.0/24
+  pools:
+  - start: 172.24.100.2
+    end: 172.24.100.254
+  routers:
+  - 172.24.100.1
+  dns_servers:
+  - 208.67.222.222
+  - 208.67.220.220
+  ntp_servers:
+  - 0.fedora.pool.ntp.org
+  - 1.fedora.pool.ntp.org
+  - 2.fedora.pool.ntp.org
+  - 3.fedora.pool.ntp.org
+
+
+dhcp_reservations:
+# pyrocufflink.jazz
+- host: odette.pyrocufflink.jazz
+  ip_addr: 172.31.0.2
+  mac_addr: 52:54:00:a5:8f:59
+- host: GSS108E.pyrocufflink.jazz
+  ip_addr: 172.31.0.3
+  mac_addr: c0:ff:d4:c9:80:a4
+- host: tyrande.pyrocufflink.jazz
+  ip_addr: 172.31.0.4
+  mac_addr: 52:54:00:8d:58:c9
+- host: caithe.pyrocufflink.jazz
+  ip_addr: 172.31.0.5
+  mac_addr: 52:54:00:a0:22:a0
+- host: myala.pyrocufflink.jazz
+  ip_addr: 172.31.0.6
+  mac_addr: 52:54:00:49:55:9a
+- host: Downstairs-AP.pyrocufflink.jazz
+  ip_addr: 172.31.0.7
+  mac_addr: 80:2a:a8:90:ed:d6
+- host: jaina.pyrocufflink.jazz
+  ip_addr: 172.31.0.8
+  mac_addr: 08:62:66:2b:a6:eb
+- host: Upstairs-AP.pyrocufflink.jazz
+  ip_addr: 172.31.0.9
+  mac_addr: f0:9f:c2:cb:b9:b0
+- host: malfurion.pyrocufflink.jazz
+  ip_addr: 172.31.0.10
+  mac_addr: 52:54:00:aa:5c:01
+
+# pyrocufflink.blue
+- host: dc0.pyrocufflink.blue
+  ip_addr: 172.30.0.10
+  mac_addr: 52:54:00:e0:fa:f9
+- host: dc1.pyrocufflink.blue
+  ip_addr: 172.30.0.9
+  mac_addr: b8:27:eb:0d:db:19
+- host: dns0.pyrocufflink.blue
+  ip_addr: 172.30.0.4
+  mac_addr: 52:54:00:b8:8b:64
+
+
+dhcp_ddns_keys:
+- name: dhcp-ddns
+  secret: +0zVSpY8oFrxl2F1qB8tT2HMgbuD31JurL9w4zilNCg=
+
+dhcp_ddns_zones:
+- zone: pyrocufflink.jazz
+  primary: 172.31.0.4
+- zone: 0.31.0.172.in-addr.arpa
+  primary: 172.31.0.4
+- zone: pyrocufflink.red
+  primary: 172.30.0.4
+  key: dhcp-ddns
+- zone: 1.31.172.in-addr.arpa
+  primary: 172.30.0.4
+  key: dhcp-ddns
--- a/group_vars/dch-gw/radvd.yml
+++ b/group_vars/dch-gw/radvd.yml
@@ -0,0 +1,11 @@
+radvd_interfaces:
+- interface: '{{ dch_networks.jazz.router_iface }}'
+  prefix: '::/64'
+  rdnss: '{{ dch_networks.jazz.dns_servers }}'
+  dnssl: '{{ dch_networks.jazz.dns_search }}'
+
+- interface: '{{ dch_networks.blue.router_iface }}'
+  prefix: '::/64'
+
+- interface: '{{ dch_networks.red.router_iface }}'
+  prefix: '::/64'