--- # ----- Identity / management ----- switch_identity_name: "{{ inventory_hostname }}" switch_mgmt_vlan_id: 99 switch_mgmt_address: "192.168.88.1/24" # PLACEHOLDER — override in host_vars switch_mgmt_gateway: "192.168.88.254" # PLACEHOLDER — override in host_vars switch_dns_servers: "192.168.88.254" switch_ntp_enabled: true # set false for an isolated mgmt plane switch_ntp_servers: "192.168.88.254" # Services to disable for hardening (winbox kept on by default for recovery) switch_disabled_services: - telnet - ftp - www - www-ssl - api - api-ssl switch_ssh_port: 22 # ----- Users ----- switch_admin_user: "sjat" switch_admin_group: "full" switch_admin_ssh_pubkey_file: "~/.ssh/id_ed25519.pub" switch_disable_default_admin: true # ----- VLAN / bridge / ports (PLACEHOLDER example) ----- # Real topology is defined in host_vars/.yml. switch_bridge_name: "bridge" switch_vlans: - {id: 99, name: "mgmt"} - {id: 10, name: "members"} switch_bridge_ports: # ether1..ether8 = 2.5GbE access ports; sfp-sfpplus1/2 = 10G uplinks - {interface: "ether1", pvid: 10, mode: access} - {interface: "sfp-sfpplus1", pvid: 1, mode: trunk, tagged_vlans: [99, 10]} # ----- Firmware ----- switch_firmware_target: "" # set in host_vars when opting into upgrades