Lumpiasty
5d1ddd6e5d
Basically, I've exported configuration from Mikrotik router using /export and vibe-coded playbook using the file.
93 lines
2.9 KiB
YAML
93 lines
2.9 KiB
YAML
---
|
|
- name: Converge MikroTik RouterOS config
|
|
hosts: mikrotik
|
|
gather_facts: false
|
|
connection: local
|
|
|
|
vars_files:
|
|
- ../vars/routeros-secrets.yml
|
|
|
|
pre_tasks:
|
|
- name: Load router secrets from OpenBao
|
|
ansible.builtin.set_fact:
|
|
routeros_api_username: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.routeros_api.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.routeros_api.username_key]
|
|
}}
|
|
routeros_api_password: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.routeros_api.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.routeros_api.password_key]
|
|
}}
|
|
routeros_pppoe_username: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.wan_pppoe.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.wan_pppoe.username_key]
|
|
}}
|
|
routeros_pppoe_password: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.wan_pppoe.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.wan_pppoe.password_key]
|
|
}}
|
|
routeros_tailscale_container_password: >-
|
|
{{
|
|
lookup(
|
|
'community.hashi_vault.vault_kv2_get',
|
|
openbao_fields.routeros_tailscale_container.path,
|
|
engine_mount_point=openbao_kv_mount
|
|
).secret[openbao_fields.routeros_tailscale_container.container_password_key]
|
|
}}
|
|
no_log: true
|
|
|
|
module_defaults:
|
|
group/community.routeros.api:
|
|
hostname: "{{ ansible_host }}"
|
|
username: "{{ routeros_api_username }}"
|
|
password: "{{ routeros_api_password }}"
|
|
tls: true
|
|
validate_certs: false
|
|
validate_cert_hostname: false
|
|
force_no_cert: true
|
|
encoding: UTF-8
|
|
|
|
tasks:
|
|
- name: Preflight checks
|
|
ansible.builtin.import_tasks: ../tasks/preflight.yml
|
|
|
|
- name: Base network configuration
|
|
ansible.builtin.import_tasks: ../tasks/base.yml
|
|
|
|
- name: WAN and tunnel interfaces
|
|
ansible.builtin.import_tasks: ../tasks/wan.yml
|
|
|
|
- name: Hardware and platform tuning
|
|
ansible.builtin.import_tasks: ../tasks/hardware.yml
|
|
|
|
- name: RouterOS container configuration
|
|
ansible.builtin.import_tasks: ../tasks/containers.yml
|
|
|
|
- name: Addressing configuration
|
|
ansible.builtin.import_tasks: ../tasks/addressing.yml
|
|
|
|
- name: Firewall configuration
|
|
ansible.builtin.import_tasks: ../tasks/firewall.yml
|
|
|
|
- name: Routing configuration
|
|
ansible.builtin.import_tasks: ../tasks/routing.yml
|
|
|
|
- name: System configuration
|
|
ansible.builtin.import_tasks: ../tasks/system.yml
|