--- hiera_include: - frrouting profiles::dns::resolver::acls: acl-main.unkin.net: addresses: - 10.10.8.1/32 - 198.18.21.160/27 - 198.18.21.192/27 - 198.18.13.0/24 - 198.18.14.0/24 - 198.18.15.0/24 - 198.18.16.0/24 - 198.18.17.0/24 - 198.18.18.0/24 - 198.18.19.0/24 - 198.18.20.0/24 - 198.18.21.0/24 - 198.18.22.0/24 - 198.18.23.0/24 acl-dmz: addresses: - 198.18.24.0/24 acl-common: addresses: - 198.18.25.0/24 - 198.18.26.0/24 - 198.18.27.0/24 - 198.18.28.0/24 - 198.18.29.0/24 acl-nomad-jobs: addresses: - 198.18.64.0/24 - 198.18.65.0/24 - 198.18.66.0/24 - 198.18.67.0/24 - 198.18.68.0/24 - 198.18.69.0/24 profiles::dns::resolver::zones: 8.10.10.in-addr.arpa-forward: domain: '8.10.10.in-addr.arpa' zone_type: 'forward' forwarders: - 10.10.16.32 - 10.10.16.33 forward: 'only' 16.10.10.in-addr.arpa-forward: domain: '16.10.10.in-addr.arpa' zone_type: 'forward' forwarders: - 10.10.16.32 - 10.10.16.33 forward: 'only' 20.10.10.in-addr.arpa-forward: domain: '20.10.10.in-addr.arpa' zone_type: 'forward' forwarders: - 10.10.16.32 - 10.10.16.33 forward: 'only' dmz.unkin.net-forward: domain: 'dmz.unkin.net' zone_type: 'forward' forwarders: - 10.10.16.32 - 10.10.16.33 forward: 'only' network.unkin.net-forward: domain: 'network.unkin.net' zone_type: 'forward' forwarders: - 10.10.16.32 - 10.10.16.33 forward: 'only' prod.unkin.net-forward: domain: 'prod.unkin.net' zone_type: 'forward' forwarders: - 10.10.16.32 - 10.10.16.33 forward: 'only' unkin.net-forward: domain: 'unkin.net' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' main.unkin.net-forward: domain: 'main.unkin.net' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 13.18.198.in-addr.arpa-forward: domain: '13.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 14.18.198.in-addr.arpa-forward: domain: '14.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 15.18.198.in-addr.arpa-forward: domain: '15.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 16.18.198.in-addr.arpa-forward: domain: '16.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 17.18.198.in-addr.arpa-forward: domain: '17.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 19.18.198.in-addr.arpa-forward: domain: '19.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 20.18.198.in-addr.arpa-forward: domain: '20.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 21.18.198.in-addr.arpa-forward: domain: '21.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 22.18.198.in-addr.arpa-forward: domain: '22.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 23.18.198.in-addr.arpa-forward: domain: '23.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 24.18.198.in-addr.arpa-forward: domain: '24.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 25.18.198.in-addr.arpa-forward: domain: '25.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 26.18.198.in-addr.arpa-forward: domain: '26.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 27.18.198.in-addr.arpa-forward: domain: '27.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 28.18.198.in-addr.arpa-forward: domain: '28.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' 29.18.198.in-addr.arpa-forward: domain: '29.18.198.in-addr.arpa' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_unkin')}" forward: 'only' consul-forward: domain: 'consul' zone_type: 'forward' forwarders: "%{alias('profiles_dns_upstream_forwarder_consul')}" forward: 'only' profiles::dns::resolver::views: openforwarder: recursion: true zones: - unkin.net-forward - main.unkin.net-forward - dmz.unkin.net-forward - network.unkin.net-forward - prod.unkin.net-forward - consul-forward - 13.18.198.in-addr.arpa-forward - 14.18.198.in-addr.arpa-forward - 15.18.198.in-addr.arpa-forward - 16.18.198.in-addr.arpa-forward - 17.18.198.in-addr.arpa-forward - 19.18.198.in-addr.arpa-forward - 20.18.198.in-addr.arpa-forward - 21.18.198.in-addr.arpa-forward - 22.18.198.in-addr.arpa-forward - 23.18.198.in-addr.arpa-forward - 24.18.198.in-addr.arpa-forward - 25.18.198.in-addr.arpa-forward - 26.18.198.in-addr.arpa-forward - 27.18.198.in-addr.arpa-forward - 28.18.198.in-addr.arpa-forward - 29.18.198.in-addr.arpa-forward - 8.10.10.in-addr.arpa-forward - 16.10.10.in-addr.arpa-forward - 20.10.10.in-addr.arpa-forward match_clients: - acl-main.unkin.net - acl-nomad-jobs - acl-common - acl-dmz # networking anycast_ip: 198.18.19.16 systemd::manage_networkd: true systemd::manage_all_network_files: true networking::interfaces: eth0: type: physical forwarding: true dhcp: true anycast0: type: dummy ipaddress: "%{hiera('anycast_ip')}" netmask: 255.255.255.255 mtu: 1500 # frrouting frrouting::ospfd_router_id: "%{facts.networking.ip}" frrouting::ospfd_redistribute: - connected frrouting::ospfd_interfaces: eth0: area: 0.0.0.0 anycast0: area: 0.0.0.0 frrouting::daemons: ospfd: true # additional repos profiles::yum::global::repos: frr-extras: name: frr-extras descr: frr-extras repository target: /etc/yum.repos.d/frr-extras.repo baseurl: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os gpgkey: https://packagerepo.service.consul/frr/el9/extras-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR mirrorlist: absent frr-stable: name: frr-stable descr: frr-stable repository target: /etc/yum.repos.d/frr-stable.repo baseurl: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os gpgkey: https://packagerepo.service.consul/frr/el9/stable-daily/%{facts.os.architecture}/os/RPM-GPG-KEY-FRR mirrorlist: absent