Lumpiasty
17db139125
Move flat tasks/ and vars/routeros-secrets.yml into roles/routeros/ with a main.yml that imports the domain task files in order. Update playbooks/routeros.yml to use the role instead of importing tasks directly.
65 lines
2.0 KiB
YAML
65 lines
2.0 KiB
YAML
---
|
|
- name: Converge MikroTik RouterOS config
|
|
hosts: mikrotik
|
|
gather_facts: false
|
|
connection: local
|
|
|
|
pre_tasks:
|
|
- name: Load router secrets from OpenBao
|
|
ansible.builtin.set_fact:
|
|
routeros_api_username: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.routeros_api.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.routeros_api.username_key]
|
|
}}
|
|
routeros_api_password: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.routeros_api.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.routeros_api.password_key]
|
|
}}
|
|
routeros_pppoe_username: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.wan_pppoe.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.wan_pppoe.username_key]
|
|
}}
|
|
routeros_pppoe_password: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.wan_pppoe.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.wan_pppoe.password_key]
|
|
}}
|
|
routeros_tailscale_container_password: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.routeros_tailscale_container.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.routeros_tailscale_container.container_password_key]
|
|
}}
|
|
no_log: true
|
|
|
|
module_defaults:
|
|
group/community.routeros.api:
|
|
hostname: "{{ ansible_host }}"
|
|
username: "{{ routeros_api_username }}"
|
|
password: "{{ routeros_api_password }}"
|
|
tls: true
|
|
validate_certs: false
|
|
validate_cert_hostname: false
|
|
force_no_cert: true
|
|
encoding: UTF-8
|
|
|
|
roles:
|
|
- role: routeros
|