feat: role skeleton, host_vars, day-2 play (stubbed domains)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
sjat 2026-06-07 08:34:13 +02:00
parent 5c04b3405b
commit ad2c00f84a
10 changed files with 122 additions and 0 deletions

View file

@ -0,0 +1,23 @@
---
# Identity facts recorded during Phase 0.6 (edit to match the device)
switch_identity_name: "crs310-maker"
switch_mgmt_vlan_id: 99
switch_mgmt_address: "10.0.99.2/24" # EDIT: real mgmt IP
switch_mgmt_gateway: "10.0.99.1" # EDIT: real gateway
switch_dns_servers: "10.0.99.1"
switch_ntp_servers: "10.0.99.1"
switch_admin_user: "sjat"
# Real VLAN/port topology (EDIT to the makerspace plan when known)
switch_vlans:
- {id: 99, name: "mgmt"}
- {id: 10, name: "members"}
switch_bridge_ports:
- {interface: "ether1", pvid: 10, mode: access}
- {interface: "ether2", pvid: 10, mode: access}
- {interface: "sfp-sfpplus1", pvid: 1, mode: trunk, tagged_vlans: [99, 10]}
# Firmware (opt-in)
# switch_firmware_enabled: true
# switch_firmware_target: "7.x.y" # EDIT to the version pinned in Phase 0.3

6
play_switch.yml Normal file
View file

@ -0,0 +1,6 @@
---
- name: Configure MikroTik switches (day-2, key auth)
hosts: mikrotik
gather_facts: false
roles:
- makerfloss.mikrotik_switch

View file

@ -0,0 +1,38 @@
---
# ----- Identity / management -----
switch_identity_name: "{{ inventory_hostname }}"
switch_mgmt_vlan_id: 99
switch_mgmt_address: "192.168.88.1/24" # PLACEHOLDER — override in host_vars
switch_mgmt_gateway: "192.168.88.254" # PLACEHOLDER — override in host_vars
switch_dns_servers: "192.168.88.254"
switch_ntp_servers: "192.168.88.254"
# Services to disable for hardening (winbox kept on by default for recovery)
switch_disabled_services:
- telnet
- ftp
- www
- www-ssl
- api
- api-ssl
switch_ssh_port: 22
# ----- Users -----
switch_admin_user: "sjat"
switch_admin_group: "full"
switch_admin_ssh_pubkey_file: "~/.ssh/id_ed25519.pub"
switch_disable_default_admin: true
# ----- VLAN / bridge / ports (PLACEHOLDER example) -----
# Real topology is defined in host_vars/<switch>.yml.
switch_bridge_name: "bridge"
switch_vlans:
- {id: 99, name: "mgmt"}
- {id: 10, name: "members"}
switch_bridge_ports:
# ether1..ether8 = 2.5GbE access ports; sfp-sfpplus1/2 = 10G uplinks
- {interface: "ether1", pvid: 10, mode: access}
- {interface: "sfp-sfpplus1", pvid: 1, mode: trunk, tagged_vlans: [99, 10]}
# ----- Firmware -----
switch_firmware_target: "" # set in host_vars when opting into upgrades

View file

@ -0,0 +1,10 @@
---
galaxy_info:
role_name: mikrotik_switch
namespace: makerfloss
author: sjat
description: Configure a MikroTik RouterOS switch (CRS310) over SSH.
license: MIT
min_ansible_version: "2.17"
platforms: []
dependencies: []

View file

@ -0,0 +1,4 @@
---
- name: Placeholder
ansible.builtin.debug:
msg: "not yet implemented"

View file

@ -0,0 +1,4 @@
---
- name: Placeholder
ansible.builtin.debug:
msg: "not yet implemented"

View file

@ -0,0 +1,4 @@
---
- name: Placeholder
ansible.builtin.debug:
msg: "not yet implemented"

View file

@ -0,0 +1,25 @@
---
- name: Identity, management and services
ansible.builtin.import_tasks: identity.yml
when: switch_identity_enabled | bool
tags: [identity]
- name: Users and SSH keys
ansible.builtin.import_tasks: users.yml
when: switch_users_enabled | bool
tags: [users]
- name: VLANs, bridge and ports
ansible.builtin.import_tasks: vlans.yml
when: switch_vlans_enabled | bool
tags: [vlans]
- name: Backup configuration
ansible.builtin.import_tasks: backup.yml
when: switch_backup_enabled | bool
tags: [backup]
- name: Firmware upgrade
ansible.builtin.import_tasks: firmware.yml
when: switch_firmware_enabled | bool
tags: [firmware]

View file

@ -0,0 +1,4 @@
---
- name: Placeholder
ansible.builtin.debug:
msg: "not yet implemented"

View file

@ -0,0 +1,4 @@
---
- name: Placeholder
ansible.builtin.debug:
msg: "not yet implemented"