diff --git a/host_vars/crs310-maker.yml b/host_vars/crs310-maker.yml new file mode 100644 index 0000000..ec77567 --- /dev/null +++ b/host_vars/crs310-maker.yml @@ -0,0 +1,23 @@ +--- +# Identity facts recorded during Phase 0.6 (edit to match the device) +switch_identity_name: "crs310-maker" +switch_mgmt_vlan_id: 99 +switch_mgmt_address: "10.0.99.2/24" # EDIT: real mgmt IP +switch_mgmt_gateway: "10.0.99.1" # EDIT: real gateway +switch_dns_servers: "10.0.99.1" +switch_ntp_servers: "10.0.99.1" + +switch_admin_user: "sjat" + +# Real VLAN/port topology (EDIT to the makerspace plan when known) +switch_vlans: + - {id: 99, name: "mgmt"} + - {id: 10, name: "members"} +switch_bridge_ports: + - {interface: "ether1", pvid: 10, mode: access} + - {interface: "ether2", pvid: 10, mode: access} + - {interface: "sfp-sfpplus1", pvid: 1, mode: trunk, tagged_vlans: [99, 10]} + +# Firmware (opt-in) +# switch_firmware_enabled: true +# switch_firmware_target: "7.x.y" # EDIT to the version pinned in Phase 0.3 diff --git a/play_switch.yml b/play_switch.yml new file mode 100644 index 0000000..393764a --- /dev/null +++ b/play_switch.yml @@ -0,0 +1,6 @@ +--- +- name: Configure MikroTik switches (day-2, key auth) + hosts: mikrotik + gather_facts: false + roles: + - makerfloss.mikrotik_switch diff --git a/roles/makerfloss.mikrotik_switch/defaults/main.yml b/roles/makerfloss.mikrotik_switch/defaults/main.yml new file mode 100644 index 0000000..fba749b --- /dev/null +++ b/roles/makerfloss.mikrotik_switch/defaults/main.yml @@ -0,0 +1,38 @@ +--- +# ----- Identity / management ----- +switch_identity_name: "{{ inventory_hostname }}" +switch_mgmt_vlan_id: 99 +switch_mgmt_address: "192.168.88.1/24" # PLACEHOLDER — override in host_vars +switch_mgmt_gateway: "192.168.88.254" # PLACEHOLDER — override in host_vars +switch_dns_servers: "192.168.88.254" +switch_ntp_servers: "192.168.88.254" + +# Services to disable for hardening (winbox kept on by default for recovery) +switch_disabled_services: + - telnet + - ftp + - www + - www-ssl + - api + - api-ssl +switch_ssh_port: 22 + +# ----- Users ----- +switch_admin_user: "sjat" +switch_admin_group: "full" +switch_admin_ssh_pubkey_file: "~/.ssh/id_ed25519.pub" +switch_disable_default_admin: true + +# ----- VLAN / bridge / ports (PLACEHOLDER example) ----- +# Real topology is defined in host_vars/.yml. +switch_bridge_name: "bridge" +switch_vlans: + - {id: 99, name: "mgmt"} + - {id: 10, name: "members"} +switch_bridge_ports: + # ether1..ether8 = 2.5GbE access ports; sfp-sfpplus1/2 = 10G uplinks + - {interface: "ether1", pvid: 10, mode: access} + - {interface: "sfp-sfpplus1", pvid: 1, mode: trunk, tagged_vlans: [99, 10]} + +# ----- Firmware ----- +switch_firmware_target: "" # set in host_vars when opting into upgrades diff --git a/roles/makerfloss.mikrotik_switch/meta/main.yml b/roles/makerfloss.mikrotik_switch/meta/main.yml new file mode 100644 index 0000000..39c4864 --- /dev/null +++ b/roles/makerfloss.mikrotik_switch/meta/main.yml @@ -0,0 +1,10 @@ +--- +galaxy_info: + role_name: mikrotik_switch + namespace: makerfloss + author: sjat + description: Configure a MikroTik RouterOS switch (CRS310) over SSH. + license: MIT + min_ansible_version: "2.17" + platforms: [] +dependencies: [] diff --git a/roles/makerfloss.mikrotik_switch/tasks/backup.yml b/roles/makerfloss.mikrotik_switch/tasks/backup.yml new file mode 100644 index 0000000..fe0a9a3 --- /dev/null +++ b/roles/makerfloss.mikrotik_switch/tasks/backup.yml @@ -0,0 +1,4 @@ +--- +- name: Placeholder + ansible.builtin.debug: + msg: "not yet implemented" diff --git a/roles/makerfloss.mikrotik_switch/tasks/firmware.yml b/roles/makerfloss.mikrotik_switch/tasks/firmware.yml new file mode 100644 index 0000000..fe0a9a3 --- /dev/null +++ b/roles/makerfloss.mikrotik_switch/tasks/firmware.yml @@ -0,0 +1,4 @@ +--- +- name: Placeholder + ansible.builtin.debug: + msg: "not yet implemented" diff --git a/roles/makerfloss.mikrotik_switch/tasks/identity.yml b/roles/makerfloss.mikrotik_switch/tasks/identity.yml new file mode 100644 index 0000000..fe0a9a3 --- /dev/null +++ b/roles/makerfloss.mikrotik_switch/tasks/identity.yml @@ -0,0 +1,4 @@ +--- +- name: Placeholder + ansible.builtin.debug: + msg: "not yet implemented" diff --git a/roles/makerfloss.mikrotik_switch/tasks/main.yml b/roles/makerfloss.mikrotik_switch/tasks/main.yml new file mode 100644 index 0000000..101959f --- /dev/null +++ b/roles/makerfloss.mikrotik_switch/tasks/main.yml @@ -0,0 +1,25 @@ +--- +- name: Identity, management and services + ansible.builtin.import_tasks: identity.yml + when: switch_identity_enabled | bool + tags: [identity] + +- name: Users and SSH keys + ansible.builtin.import_tasks: users.yml + when: switch_users_enabled | bool + tags: [users] + +- name: VLANs, bridge and ports + ansible.builtin.import_tasks: vlans.yml + when: switch_vlans_enabled | bool + tags: [vlans] + +- name: Backup configuration + ansible.builtin.import_tasks: backup.yml + when: switch_backup_enabled | bool + tags: [backup] + +- name: Firmware upgrade + ansible.builtin.import_tasks: firmware.yml + when: switch_firmware_enabled | bool + tags: [firmware] diff --git a/roles/makerfloss.mikrotik_switch/tasks/users.yml b/roles/makerfloss.mikrotik_switch/tasks/users.yml new file mode 100644 index 0000000..fe0a9a3 --- /dev/null +++ b/roles/makerfloss.mikrotik_switch/tasks/users.yml @@ -0,0 +1,4 @@ +--- +- name: Placeholder + ansible.builtin.debug: + msg: "not yet implemented" diff --git a/roles/makerfloss.mikrotik_switch/tasks/vlans.yml b/roles/makerfloss.mikrotik_switch/tasks/vlans.yml new file mode 100644 index 0000000..fe0a9a3 --- /dev/null +++ b/roles/makerfloss.mikrotik_switch/tasks/vlans.yml @@ -0,0 +1,4 @@ +--- +- name: Placeholder + ansible.builtin.debug: + msg: "not yet implemented"