site.yml

---
- name: Ensure gateways are up to date
  hosts: gateways
  roles:
    - apt_upgrade
  tags: apt_upgrade

- name: Ensure gateways are set up
  hosts: gateways
  roles:
    - noc_users
    - unattended_upgrades
    - convenience
    - gateway
    - mesh_vpn
    - mesh_gre
    - bgp4 # Required for default route distribution
    - role: firewall_mss_clamp
      vars:
        iface: br-{{ site.code }}
        mss: 1200
    - disable_offload
  tags: gateway

- name: Ensure hetzner cloud servers have bird quirk workaround installed
  hosts: hetzner_cloud
  roles:
    - bird-wan-prefix-quirk
  tags: gateway

- name: Ensure gateways are peered with ffnw via ipv6
  hosts: peering_ffnw6
  roles:
    - ffnw6
  tags: gateway

- name: Ensure gateways are peered with ffnw via ipv4
  hosts: peering_ffnw4
  roles:
    - ffnw4
  tags: gateway

- name: Ensure gateways are peered with ffrl via ipv6
  hosts: peering_ffrl6
  roles:
    - ffrl6
  tags: gateway

- name: Ensure gateways are peered with ffrl via ipv4
  hosts: peering_ffrl4
  roles:
    - ffrl4
  tags: gateway

- name: Ensure gateways channel out IPv4 traffic locally
  hosts: local_exit4
  roles:
    - local_exit4
  tags: gateway

- name: Ensure a tier2 firmware mirror is set up
  hosts: firmware_mirror_tier2
  roles:
    - firmware_mirror_tier2
  tags: gateway

- name: Ensure Layer 3 sites are set up
  hosts: site_l3
  roles:
    - site_l3
    - disable_offload
  tags: site_l3

- name: Ensure gateways for layer 3 sites are set up
  hosts: gateway_site_l3
  roles:
    - gateway_site_l3
  tags: gateway_site_l3, gateway