Merge group_vars/all into global-config/

Author: jlu5

global-config/bird-lg.yml

@@ -0,0 +1,11 @@
+# Bird looking glass settings
+birdlg_proxy_port: 5000
+birdlg_web_port: 5001
+birdlg_domain: "{{ dns_domain }}"
+birdlg_session_key: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      31633232623465353431343863613532386539653964643337656534383533393330396566323831
+      3766336435363063646334626531613264623862363965660a633331376634376330636461393162
+      66663330613739343236383062393731316535383735336461613165363434396261326464653737
+      6535393461656132380a383335313537346361633938396137336235323335643938316334663932
+      39393431646137653435336335363562656133353264313061373434303939396663

global-config/dns-dn42.yml

@@ -1,4 +1,4 @@
-### General DNS settings for dn42
+### DNS Recursor settings for dn42
 
 # Parse the delegation server IPs and DNSSEC trust anchors from the registry
 delegation_servers: "{{ lookup('file', 'dn42-registry/data/dns/delegation-servers.dn42') | regex_findall('^nserver:\\s+[a-z]\\.delegation-servers\\.dn42 ([0-9a-fA-F.:]+)$', multiline=True) }}"

global-config/dns-entries.yml

@@ -1,4 +1,4 @@
-# Custom DNS entries. This is read by scripts/make-dns-entries.py
+# Custom DNS entries. This is read by scripts/make-dns-entries.py to generate Bind-style zones under dns-zones/
 dns_records:
   "{{ dns_domain }}":
     "@":

global-config/general.yml

@@ -0,0 +1,46 @@
+### Misc settings & AS-specific information
+ownas: "4242421080"
+ownnets4:
+- 172.20.229.112/28
+- 172.22.108.0/26
+ownnets6:
+- fd86:bad:11b7::/48
+
+# Decommissioned nodes to cleanup resources for (e.g. Wireguard tunnels)
+cleanup_remove_nodes:
+   - us-sea01
+
+# DNS related settings
+# This is the main domain used for creating host records for routers (<shortname>.<dns_domains[0]>).
+# Other domains can be specified in global-config/dns-entries.yml
+dns_domain: "jlu5.dn42"
+dns_nameserver_prefix: "ns1"  # used in zone files
+dns_ttl: 300
+dns_zones_dir: "/etc/powerdns/dns-zones"
+
+# Anycast service IPs
+anycast_ip: "172.20.229.112"
+anycast_ip6: "fd86:bad:11b7:53::1"
+anycast_recursors_ip: "172.22.108.22"
+anycast_recursors_ip6: "fd86:bad:11b7:53::2"
+
+# Dummy device names for IGP and Anycast
+# (I should've chose better names here because the script doesn't make changing these simple...)
+dummy_ifname: "igp-dummy0"
+dummy_ifname_anycast: "igp-dummy1"
+dummy_ifname_anycast_recursors: "igp-dummy2"
+dummy_ifname_glob: "igp-dummy*"
+
+# Mitogen needs this to be set; it doesn't follow the interpreter_python setting in ansible.cfg yet
+# See https://github.com/dw/mitogen/issues/740
+ansible_python_interpreter: /usr/bin/python3
+
+# Bird settings
+# See roles/config-bird2/config for the full Bird config
+bird_logs_dir: "/var/log/bird/"
+
+# iptables (stateful firewall)
+# These files are passed into ip(6)tables-restore. If you already have rules here, the ones from this repo
+# will be merged under the *filter block.
+iptables_rules_path:  "/etc/iptables/rules.v4"
+ip6tables_rules_path: "/etc/iptables/rules.v6"

global-config/netdata.yml

@@ -0,0 +1,28 @@
+# Netdata settings
+netdata_stock_config_dir: /usr/lib/netdata/conf.d
+netdata_user_config_dir: /etc/netdata
+
+# Netdata Cloud settings
+netdata_register_cloud: true
+netdata_token: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      63393366303337313432666138653838333739333037383235373863626438633265666566353932
+      3563373764306134663335626336326639333765616331660a656531626235356237333337363935
+      38616461626539303330373063346535623166653531663038396465376439653232326438303665
+      3536356233373537300a303235303235333431396530306236383839663239383333363237333538
+      34376664383765313265346663633666363837363766353538386461616235353766353736363239
+      37396162353966326163323763613733656434373736376264386437363766666134373965383530
+      32626464306165626637356535306537666662383837386334346134653638336430643933623234
+      33613531343335356233343632306263373935333434623235636539653836363362356531386665
+      32316136363061393436333166373137316130666536623835646437373762353632363935386661
+      64346265626661633831356265333666633135383865363930346634323533383434313062346137
+      303061313833363933326138376535666230
+netdata_room_ids: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      36303330393866666664663138336661303761353262393033303437306437653963353666353337
+      6663333566316439656334323539303730663337363362370a383433656663626539303966633766
+      33326237313262336565643738666534303339343565653339616133323436316261653563383037
+      6333316435383663350a386435386165613262316135626666656131396530613939353738316463
+      66313436653363616439636161393036336536306461353761383932313739633931366431363938
+      3362303537333536616639393735663038636366336533376133
+netdata_cloud_url: https://app.netdata.cloud

group_vars/all

@@ -0,0 +1 @@
+../global-config/

group_vars/all.yml

@@ -36,11 +36,6 @@
     - Reconfigure bird
 ###
 
-- name: Read global-config settings
-  include_vars:
-    dir: "{{ playbook_dir }}/global-config/"
-    ignore_unknown_extensions: true
-
 - name: Write global bird settings (static)
   copy:
     src: "{{ item }}"

roles/config-bird2/tasks/main.yml

@@ -3,10 +3,6 @@
     file: "{{ playbook_dir }}/roles/config-wireguard/config/{{ inventory_hostname }}.yml"
   ignore_errors: true
 
-- name: Read IGP tunnel settings
-  include_vars:
-    file: "global-config/igp-tunnels.yml"
-
 - name: "Read iptables rules template"
   set_fact:
     iptables_rules: "{{ lookup('template', 'templates/rules.j2') }}"

roles/config-iptables/tasks/main.yml

@@ -1,8 +1,3 @@
-- name: Read global-config settings
-  include_vars:
-    dir: "{{ playbook_dir }}/global-config/"
-    ignore_unknown_extensions: true
-
 - name: "Print delegation servers"
   debug:
     var: delegation_servers

roles/config-powerdns-recursor/tasks/main.yml

@@ -1,8 +1,3 @@
-- name: Read global-config settings
-  include_vars:
-    dir: "{{ playbook_dir }}/global-config/"
-    ignore_unknown_extensions: true
-
 - name: "Template named.conf for PowerDNS"
   template:
     src: "named.conf.j2"

roles/config-powerdns-zones/tasks/main.yml

@@ -17,10 +17,6 @@
     loop_var: peer_info
   when: peer_info.get('remove')
 
-- name: Read IGP tunnel settings
-  include_vars:
-    file: "global-config/igp-tunnels.yml"
-
 - name: Write Wireguard tunnel settings for internal nodes (v2)
   include_tasks: "write-wg-settings.yml"
   loop: "{{ igp_neighbours[inventory_hostname] | sort }}"

roles/config-wireguard/tasks/main.yml

@@ -4,7 +4,7 @@
 
 This scripts looks at the following files:
 - global-config/dns-entries.yml for custom DNS entries
-- group_vars/all.yml for general AS settings; specifically the following options:
+- global-config/general.yml for general AS settings; specifically the following options:
   "ownnets4", "ownnets6", "dns_*"
 - The inventory file (hosts.yml) to create host records for routers, unless --no-host-records is set
 -
@@ -155,15 +155,15 @@ def write_ptr6_zone(netblock):
 def _load_config():
     global hosts
     hosts = yaml_load(args.hosts)['dn42routers']['hosts']
-    group_vars = yaml_load(args.group_vars)
+    general_vars = yaml_load(args.general_conf)
 
     # Follow Ansible templating for dns-entries.yml
     with open(args.dns_entries) as f:
         dns_entries_raw = f.read()
     dns_entries_tmpl = jinja2.Template(dns_entries_raw)
-    dns_entries = yaml.full_load(dns_entries_tmpl.render(group_vars))
+    dns_entries = yaml.full_load(dns_entries_tmpl.render(general_vars))
 
-    global_vars.update(group_vars)
+    global_vars.update(general_vars)
     global_vars.update(dns_entries)
 
 def main():
@@ -173,8 +173,8 @@ def main():
                         type=str, default='hosts.yml')
     parser.add_argument("-D", "--dns-entries", help="path to DNS entries configuration",
                         type=str, default='global-config/dns-entries.yml')
-    parser.add_argument("-G", "--group-vars", help="path to group vars configuration",
-                        type=str, default='group_vars/all.yml')
+    parser.add_argument("-G", "--general-conf", help="path to general configuration",
+                        type=str, default='global-config/general.yml')
     global args
     args = parser.parse_args()