Out with NetworkManager, in with networkd

2025-07-12 22:52:18 -06:00 · 2025-07-12 22:52:18 -06:00 · f8ccf6f053
commit f8ccf6f053
parent 0bff8b768e
35 changed files with 768 additions and 276 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -2,4 +2,5 @@
 remote_user = ansible
 inventory = inventory/hosts.yml
 roles_path = ./roles
-vault_password_file = ~/.ansible-vault-key
+vault_password_file = ~/.ansible-vault-key
 allow_unsafe_writes = true
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -1,96 +1,130 @@
 $ANSIBLE_VAULT;1.1;AES256
-38333861353432643165366435353534316564346533666439376631373562366530386636623333
+39616266383865336462366632626362363833643065393933373338613261373735643832386232
-6130343936376163336432366437623062643161636466640a383232343564636234376330323138
+6336303836636130346365356432643832623532633533350a626531303736363639356234633562
-37393731643030313230613363343639363737393364346231643835613532636530363964383933
+30643465633332373232356630623366393232343166653633383165303535336139306332366438
-3834343936353965390a313439663463626461376461636462316237366430356437346164393034
+6165646636613135380a613165646136663365373030663662343935393564323761663661396365
-38633331646465666165343365616366623636613264663062613238656466326537373135393234
+64373438333961303662346666383264383037386564623232623531636462336639363133333431
-38623034306461386132373262666532633562376532303762356663343930623464376661366238
+33636133613665353066313264386666633763616566623334373232333330613638306264656461
-33373638386366643030366632636138653032633436373932613261656331633663643839306633
+36306639363138636239663564343161303762373562626634303831613431373861633333326263
-39613136306130626635393333366136646665393932383563373739323730396633363334643639
+36663733346132666234336232386636633031303663623236623434333532346533376139373261
-36323337336563616165626463306637653865643931613731636233313061616130623662393465
+36393931393839663934363130626266383638623132303034643862623538643538383065623436
-63366131643135623337313735386566616663343263353561316132343138653761303436386433
+34633938656466613436633561393165613863336332333166393565313332343230393866333466
-64653736616439623331373865383439343637343737313466363265333033663836633635623732
+35343930366634646263396239363935313337366135656461656630346466663634616563616633
-30643137633738356665326138363734623766613462323831623931633163373933353661653434
+30333463326330303032363830336337386431616662316461376565353565343835306464336636
-35343466363132663765623739336136656332333932303332363164366630376638353166316636
+30623531366230316363393138343932656661343430623164393934333534633764393434323837
-31653133386461323532666661363865383430653230636233616238356431623462316133633239
+35666233393662353337633136353832366366373265313834373837666635383232383637646333
-34316561333530353166626632653566333966326663383635323165356231386232346263363666
+39623361626135316138373836633163313265663337333435643030313534643464646636363335
-61366430353239353732663437353165353562313438383063393935306534646165336232333861
+35393939393733326661393533633766613133333034383864393730663863303536643963626438
-32633138323036323334343866333963353965303536373930336164323565333862353032336566
+35363437373165383762333862653030333138353737646663616465646431653933313761366163
-39613263303966343337393165633866323233653132626264316238313131663961613037643865
+35316632613434313239643934643061656164656135303032373332363166303561383932326531
-35376138643934383435636534343231303933396138643231613336613536333961333562343963
+63346463343331656638386637303762303136313461646361343838613030346533656166396333
-31376438366438346231656364303535336465623237336263383761363630623632356335326231
+36336334323433626639623737383564353263613364616239336239343733356233353034303135
-61366132613062353833613162623634383134666334366435646238343462396535336534316264
+32356266653461646336363639303238323835316232316139366631356139353537393435666238
-35326461653331636462366536653430646438626562373635613464313031666434333732616239
+32346439656238373735626137346332616464363864653963383535313137646666363534326263
-61383536623762653463363031343332393166646264663031656531363761666364653866326230
+65663162633764646663343263346533363462333836623764643239646430636232636634393938
-33363264663366653930616133363539633463306434653732383435613430626439313935633162
+62306465663338386337393562306565353163623832343532313263323537653938346562396661
-62323366653639343063353662383265626538646361383030396533366635353830383365636435
+63643033646534656431303232613634333863343034373066346433346364633036306636616134
-36636433393635633237316131616630383464313535303137376131646566383366333935303830
+39353830356138616366643931636134336264373635346662396564363038396465386664356336
-34663630613438613836393333626463623466393831303833626666636338356533616436636331
+30343737613933653631353561636630366633633533336437323031383434643832383264326135
-32393665346538353539633634303161616662366433386139343034333963336630353634346232
+61343361336430613261666434386266633133333463623638363633306438303232376566336134
-63333561326532336533326333613961643134306264373730346137653962663930326261333763
+39626461313633656363363661623437303263353233396335663236363730323038396539306266
-32353264616333313263343964663465636235333438343334393963653530663130366133353031
+37613362643761663661663162613861373261373365376230343737326239323631373537613939
-64626537663362316239643436646236636361656365373232663931613634333465643137313964
+65303865633931326335303131666161616262306335666639626137323763316562633035376530
-31323464303432346337616530333135346166623561623531313561633533643161363930323265
+64633532356339313333373435663832663138656132323565633431363631326632383365353361
-32363538323134383434316332383064663437653161316162636339663036316139633636646131
+65366433323661386465656631396537653738373566356165336337313865383438393831646339
-34343939383935623333613835613431346532323530366331613065666566323731663336623137
+38343436633263613363313431623765353763376436633035356134396432646466383865323435
-36653165623235343832653438393836353630663063613337346364393439303738656564626432
+63653066643230326466333066336435343536346566366264386234376462383230366435373237
-64613863376463343433303933656163666532326430383863383636386331643265623963653730
+37323536343637393264353762613964613335663830623631663364646337326232633462623930
-31666430303666373030343831383436376666346236646231346565643564656339326231383337
+39383263336266373839643430646331386365326135626231656638373164393062653331643161
-32386239646634643261393531636666666637386633396136653661373835636237323031333434
+30393732376239396366366334393164333663333435626530386134613162646531623538383931
-31633237633566313131306261613834356139306436393862333533336534383662663837626464
+37356539666239313332663330653762323232373332376461633936326464323963316136383562
-63653831373235373638303864323531623965333662386239396637636562373632393365663062
+38303133333466303430626531303762303264636134373935363538366461393831623064656235
-61333934613865626639393236303562643165316466386461636239373336623965333531303335
+65306261393064633637636266343964373063323536663864353838326138383635363965656233
-63393030326230303537383431663634616133353734353835636565326261386165633730386665
+37343763353463356630343766383661313665313837663766353638303939333763323436333332
-61363736653762326634316634663530306163366165303464373833633363613338383330353062
+37333334633463303063623530653261316563666237623266643065306464333238316639366637
-62313331343830323063663363386566373964356566313638653331336366343236356565656331
+35653562313562333962633939336263666539373935373339633531326533633537633434326533
-61326466653362326337626532353637636535373762383034653464313961353430666132376163
+63633466653931393733613061373130623565613466616132343066626532376531643939346261
-63323636393331376565343037613631323130646466656531663335373461653063353166346336
+38623866396264353130636438356134623937653938323837613266623934373531323837646633
-32613564373634663863343036623038656462643532653539396538646532383161333535313164
+38373334343834663537323566373734626638633836393963323830396639383939376433363766
-66306532393137393736316330383466646265633539326437643039643037393735306136383337
+31353330643434313630306465303462383038353161393966316434616162393064623330343364
-35353465643762313762653938376331356232356131336131616531303162383737623736363130
+62626634666232633032663730396232646662346365316236623239353037323137343562613533
-38336634653564363564323964356564313665396461623836633533633534653961323632653766
+66393132333539323032623734623339326265643839313131386163633833306633386430393362
-39383236663664643666333730623731663438326539346135326564326666396463323661393132
+36613738383131646530626235393832623261313431366432626539633964643531313965656132
-35343862653264323564343730313938663664663035303332333163633137323661323431343138
+34383565663434333364353930613765353839313331326366653639616337366438656436383539
-66336666386635643662323431626636636231666561396438336234366331616138323636336664
+66316235383032636163366361336432656263623166663537343039633161393764383162323137
-36396133323937306463386261363766623366663965623361313264663861626161366166366237
+34363163346630646363363930333032383137356164653537623539376163366231363664303764
-36393962613135326339623261333635326138336466306132333230643536376334386166346364
+34656564643833353464326539333737356335376330363031383738306237313934386434343466
-61643231363737656131363935626433373164363161646365633536383563343936653333333832
+63303439356637373032393663616366353236663834393363613266313535663535613735393731
-33383565346366616365363030646432363633663537316335376333313236616637633066333664
+38323930333465623434363461613631386238386537356330393461633437303064666261633535
-63313039656664663664393633353466376264356161343532353838373366393835653134353438
+31616530616438633264626665336362646336353633656231613238353163613638393439653765
-61396164636566313535656533396332316565336664363034353235643635616564663563633338
+37343433633738616537373835326265656264333561376538313236363434303666363134373438
-32313662666566336437366666376630336466373831343431636662323431393061326139326537
+33373139363130343733623165393565343637333561623531343730303465313635323264306363
-35303362366338383230643734333533323535303534303637623136613634333436656131376635
+34343232303233643938626537376333393561386361306439373836633338666464303134396131
-30623736356634616366323563636535633530623435613634636662636436303337373762393734
+38663137386436363965306265643262353834303765363463386331306333313262363331386432
-63363637323733306532343239303030626135663366333763623933613034333339323636653338
+62363062326335626264633461363338636562643534336464653738326235633534343461306331
-37646665343632363466383762623763363238633265333166396165633461666662303332373164
+35376161383534666333356538643837343233643131626433376232313361633034353064343263
-30356231356132323037396231613939353463656333613735376562323837323430623665373364
+61343965343137383737646232383733653933376463613561303136663135646266313864373438
-63656238356161303462366130636236633238623861373830323237376563353934356239656539
+61373562363830323130363161343861333964613239393333646364363437376561656463656639
-62346638643263383636666437646466393361366465366362336634663636306230373466366266
+35656635393732633064613464613331646263396566383836646163386330346162363334646365
-38353133383937336336633239373739663731666162643037623630323739363464623763353163
+30313335383839303535303833633561363538313133656566353130366638363761633038363562
-36653733663138386432323465383537383137623333333933366232323934623730613139656536
+34323933313137643837326136653931656661613462393763373832633432393737383631336366
-39623564316135373830316238396664323663663137653130326163356566653630613662613638
+39393066633638396237373936633931643133366365653032373235633861396465633064343562
-32626261383533393833633539633330383537323534346134366333346438323232336337623861
+31393635323161363532383364353631616539396432356230383636653435663865373839396462
-35306632356165313063373738303130386436396532616365313633656637373362313639626338
+39343732326630306534623466333937336530636636636564323762303462646264623036653834
-36616665386663303636323264623839303562303064306139333263343839323436333930393136
+39663131343762333939343136343965623634633366346239303131346638633837373534666461
-36663531643363643537636437646266643032616437656239666539653163343935633366646534
+39313436333966656334316461626137353030326533386631353639316264663839653563633635
-36623935356565653831366462653830393465353065386130303065626365663235366530303431
+36623563626365653338363530616666333030306662626661373063386135636461333231646430
-63353635653163303138383163663931356139626264383331346532663961316261393832626430
+39383737373761363039646666313461633763316463656134623661613631656466376332616239
-66303435393739303461363731363733646534363766626462333761623537343734343833393634
+63633930303030633236396664633532363936363735396664656137333831343336623663333037
-31356537653630363563313539356535663032613538303264633864396365613366386366656336
+33333564383262316436323863396235636337653837376366363539343064366437323366393164
-37643666636436626162636234333938303266393162393933393038366437613165366630386438
+38373262623130623238326661636630383432656261343264313663326539363962356134393266
-37313634656632653238383134653039323739643366343631343530386237336139313164393133
+64633636363661336433633662316366613531376632373532626438643336396233353038383662
-64653638363662333461323365333861396266653238306530613064316362663131633461366161
+64333734653662663666363264363431643534616636626263303638393864613062323364353131
-32633835393832646530623033346238343761393036353137626463613139393839616432626263
+36356637336138663135306635316666623137363931643734393734316238663661666563343931
-35663232323734333631613139666366666436653566653064393666356165336439303937326637
+36656463643833653837633539326565373933336634626663333864383866613366613966353636
-36633438623933323964303065313332373762346463343263386439646533306332363136386434
+63653263626235313635333764303139356162356335666430313038646538303464396631356439
-34363236383733323232306264613137383831633534666337356137316433656238363864646138
+65363734393230333837633334313762366638366231383535383132353165373063343731353864
-39303661383963313833323330656666373536303931383464343036663035616630343063383139
+37313463653437326231383338666434323035373664393730326632386533666234623131356263
-63653263323533303933653138666138336530633162653533336466353235366333643835313365
+65653931663232356663336537636531363835336633366264666162336233633338653334623530
-38303462623430356339323731646238636663393838653466323030653866646435323636343337
+36636266626630666333313034353262663164363638323335393766373961643366646138653634
-37316336383234323336383061666235663539616631663936613430313138643061393439383636
+36656131393435623337623663326663313139633862663833663438343463626231363635383834
-31656535366361326566666264656465633337643365393765303732633238653231623735313638
+34643166653830343235316561333866653536323833353061343737386330303837633233643230
-36303537393038306165393365343334373333393933356133313264396236623936343763366330
+39643436386562333536376230353865626563393266323737303237303362346463373232383232
-37373262393230326132393237633335353964346434616137636662343635306632373532663830
+66633939303536343638313132346231386265346232613134306330653934356130626333376662
-66333039613330306231363364323861363964313336666165616635363166623435636366343364
+66623661353436653263653638626138656331666333653431333661383364313530623437353766
-64356364373832366435656539613238646538623035346434346364386434623461653763656135
+32636564383132613336303830343164346165386166656433623666363333636532623765623261
-646161643166613037303031663863666465
+36626466343161363030353036326566646363613238663262653632323137646165316362346161
 35396232666539343366373230393466396434353263383138396662343165383566346537666330
 64316434383938306561353164666534313038653963303330366362363233386638386466353539
 35396266373663343863356538333963363934653439623965376533383066393234616534323565
 66336562353634313139316230646531653432336130363838616434353663653261383061383736
 31376432383531333231396336363936373031313062393437363637336538613431653237353866
 64663630346333333730613765346266663639633766353533343263303166616465623162383530
 66353065346139316635626630623838393166373163313064373637333038333662666363343961
 34343265366539366632613139633339333437663533356538303062393834306335376537326563
 35323137386439303332303032346366656164356634633139353339343731613862396132323464
 31376333656364373361396461386538643765613636323236663736303633643663323163313136
 64326338646639336462306261633535653237333432646238656636303837343134353534363962
 30613132376336326234396138323331613536626663346433393739373761363462373865323931
 63333166623637643033383332393933333137656437366633306232666332626239373065366437
 65633636343263333664336264366237396639663530343965623564653938383032616465643333
 36383933613163626531343762363739353761306630616539666561363834616335616130653039
 64326133623034636133376164663439306539383332373337393864306663366630333337636633
 61623931663237333566663035373965663538666630383934656139643237643733303035303534
 61386662626162616635333739386131623130326165663162333230336666393564303738353265
 38363039616161396534373638633366633432386534363765326134353131303061303965383161
 66623930363831343837303062326433323237306335376331633536626263656338313464323637
 37633563303566396232616432386466666235646631616134643662643664366630343534613632
 31353561623663366237653564626233653136363665646530643563366332386566653965346164
 35356339626365623235306231336634626233653635626235313638396135623437393061653661
 38326636663733663632393561303062613635346237346562666233636563313166623935336631
 33353139633534613333353339373636323563366465383037626537353437396530316235613439
 63306332343038633633366262653732366534363035363564386461303363383763643031373139
 65613930343937306639393130646366333835353463626238336533343030386134323135343131
 37356266666562376431643564643731623439616533353536626461643130363764323262653636
 30363961616636656362633731643563313432316363373461363532366437666133373438353839
 33373564383231343936353262383164636336353462303739653135643934386263323061643939
 32643931333030663134636638333561646232353663343761323138626539336431633539363937
 38643435373539623961386135613232616466653665323231383631383462613565363265376261
 63383934663662643832343835626364383035313663666561653233653430346661343936616164
 38333463653034393965613338313336396666646236316338383065333733386633
--- a/inventory/group_vars/cluster_prep.yml
+++ b/inventory/group_vars/cluster_prep.yml
@ -1,2 +1,10 @@
-iscsi_target_ip: nas.lan.xbazzi.com  # TrueNAS IP
+$ANSIBLE_VAULT;1.1;AES256
-iscsi_target_iqn: iqn.2005-10.org.freenas.ctl:pve-iscsi
+65353761626163643330363566616138653361623139306463623964303730396633316665346161
 6533653962353462333566363530653237646539336165660a613565643063393962646265646634
 62383133396338646564323335393832636165316262633466376462643737613939353433643764
 6337616265353435630a333063653137626437373833383966373164393537653839336161383266
 66343266316664663639323630323135363034343031353030323832333437303964313465333233
 62383731613066366262353063306262326431663937316135396465646433613965373237353062
 39626531303539386330653864353236393566626533303864336633303866323761306562383838
 64386534313331646632613031653735326365656235343862613765646365616665396233343862
 62303335646536393030343463306231376466396639373364626336303639363665
--- a/inventory/group_vars/prod-vm.yml
+++ b/inventory/group_vars/prod-vm.yml
@ -0,0 +1,39 @@
 $ANSIBLE_VAULT;1.1;AES256
 31313561353530643630326363363839636465303566643435316132663163343365303430636461
 3830656432383635326262363564653034626338626465650a363766373965393238326632323136
 36656536613736666532386636323533646331333437643437353230636139623637363263636562
 3766663535386232340a356164306633336366623065323632623638356536373364306236613231
 31366361373763326561343562616462663066303634633466616164333265366539383366343261
 38626632666564666539376631303835316531313436616533343864316131323564303666633737
 61343333376235303637653632393636326333383737306439393664343031653434666130626664
 32363662353566346164386137633033663738393936316662633030313763316236373833366636
 32333264383161653931376235316235386333323866633531656561646531383036623565313534
 32343463313639653730623135313661316434613666393931306165333262306635386635326664
 61346336393131656663653363333563326663336366643639626534346161643864643366626338
 33643162653731366332333232363433306332633763623631653064643539326561313631656434
 63313366633834356634386362363334303562656565623539633535636437356366633236613435
 31633231613663393234373733643737366334356534383430656536343465333965383431313339
 31646161333766393965316236373431653737376263383865383338343665653031616533323235
 32646334636661333565623462366463343737636634616134376637373930633361663762663630
 66393037306631373662626364663834303765626534363033653331626234623661623033626364
 39333034353762396664386431313263653161306137323836653635343966656133353463363637
 36666130343665636332393532323265386138613063383066636230363839643336306434346137
 32616566666632643335613432633636653261383439326136333833623064643061383065346365
 37626334353432613835386138623166366162316261333234363262336564636639356330376566
 31656432653564363764383935353130346439663633313661393232626339616263303962363961
 37383539663139303464326566303066356463346636313834626166613232616664323831366637
 34616266333933346333316634303262383938613436333630393133393566656530303461313332
 36303363313561613264346663656636663033653563303436316665336532343037613765656565
 38363132616666363766366238643639373136626662353137633936333364616262623432386237
 36636163363935376363366664373835356535373433343036373137646330353635373931656665
 30366535353435353338383461343036323764393365353230363735656337663135306337633035
 39356565616338346332633633653433363662383037613533666536666632333639623332316339
 34376435393435373238336135636431323436366533363239366530663632356436376266633061
 62306662316230306164343932353137316266643234363335333235653637656239383439363465
 65613833666264656463623963306233366662353536666233643038343731663238643461373666
 63346131363035346136366563303236313664636637626664316666623361623162623730663834
 31383736663438383839653434623766643736326463633166303163306336306331376634333666
 39653839336637346266323363336265346630613032633734343632643362333139346237396434
 65613165383135653536393232353033356363373432613831333932623165313432616132323630
 31353537366230343339303661623837306566316534393739393430636362623361373337313530
 3461383431616534646339643330653734346434663230626235
--- a/inventory/host_vars/pve1.yml
+++ b/inventory/host_vars/pve1.yml
@ -1,11 +1,11 @@
 $ANSIBLE_VAULT;1.1;AES256
-61636264373765333930663036663164363332363765353836326361383438303065623938353338
+63376135396163393863613564316331626339613064323733353633626463313863383736353330
-3861383264346132613466666363623562383437643464640a343830356164323732313631666532
+6666656566613832336431343433356134396530383939370a383437363631393437333065336131
-61646636633062333539393266366537613037646137376463343638356562383538376534376533
+32393234343432663636653665646538656133396665343833363935666264613963373638356438
-6361373233623565310a343466666233623138316439616239376266343932616366636232633735
+3333363762383066380a356632336439363761363461333662373938306537366436633436646263
-32623335633732653637336163666265383066303565386261353539656333656337393530323639
+30376638343566353331303638643132383636663236373031306438386564313236613930343665
-65313233376434343761653264626563653031623236616362396262643463656535613237383435
+62383262643831626132393635336536366133333031333864613039303838356435333830316331
-35343439643330343362333362396338646162313063623334326264316235636333376434626535
+39353432366666366261336465386461333630313232656137666665336633616266353961643230
-34353332653138653765323936346536323038366238323932393335363762623237653962616664
+30336230353835383262386262346339336436383336336162343461326161663038623634613064
-37653963633936653866656537663435333731343937616237353734383537316361633836363666
+61646436373437313564396266303763656536623765663635656138653361616436316337663865
-3064366264653335663331383332656638323335633731353531
+3162396165643365626339363638656262373335393334373836
--- a/inventory/hosts.yml
+++ b/inventory/hosts.yml
@ -1,36 +1,75 @@
 $ANSIBLE_VAULT;1.1;AES256
-64363164666338376439386465623133383736636361353661303464666164616232366431626333
+38306461396530653165313836363332613036356566383265636266616662306364633762306637
-3437666365663839343866613537323366333564646234350a363434303639333535643039313039
+3562656663366234303066313734396163663633356230360a383961313938333664653331626538
-61306663306134666139303061316163323033353366386233643039613365386536333336663864
+31353065373963653938653966373835363439633533383065386264303566646237356637303438
-6463316237376364660a313639623233326634366635313962373830393165343130363337353135
+6662306636323630360a323731303661393630363638613865373235323766613765346530353734
-39616535373561353064373139356362663739363138326237393630326535353961623733323766
+37363863653266623136346663313937383539613433313930643063396435386362343436386561
-61366665346365626637626531666434336366643061663363323237613065613638353731663834
+64373665393763613135663163613834356536346165666263343136313638346266613638326430
-63386361646161303339653433316232323135323561363161643833373865366162316465383930
+64376336366634326639633536323032366531653038366663363734666231383635393765383736
-66346466346433643264633162326665613731383036616437643537383833616262646331356638
+63346338326463633865376635323434346265656230306262396364623236613039383530663964
-61336331636334343465316366323861326365386136303565363564343438613866326162613930
+34396135323863366235323632666138316134393639386166313732643435366564666561666634
-35643230316237383865616164653038306339306130316534303230383966353934356366633961
+39656461653933366336346532326565373430616363393436633364316565383339336361623438
-64623761646138633931356230633961353361376239656364326338646436663831323631346531
+34623364326434666563393035636234383362356537326562383434646634643265613838303164
-37633261646635633665663037663733313332396666636435383166343262663834383633646335
+33666634353334303738306164316462353365376432656438626435666533363635343332356338
-39383137383436643865383065613533636132326331303731306465636465613136646462643336
+64396634396233633030383064326233323962613937363935306235626338316664663466383939
-63386635346534343961626339393330633638633263326131313065353164353833333833326164
+66663939623838313266346339663966363132396364363832633637336161373766613166666266
-36613462393334333166613765343938393132363165316532396237636137323262616631393930
+34663834373339346166643664656266343162613731303530366536623831646462663937656538
-32323437316430306532653937613937663963613738323231366565313838656434656532623062
+62623237616337343465626532363639303531343535633738383266366338623166383434326631
-36633561376536373036323330623539383763306561383136633434623062376266333361306266
+64373335383966333561666531646431313939356661383431353531616630306262633435396535
-35333431626230316630626663376462653838656330376266396664323238323234306362343633
+39353333323437386563663463306664653664393431623836333834613334326531316661386462
-66333463646665306561313033313464633231316366633031303863636264333363366666376163
+37366132393132323336653536653037656333333038363033626232323363366661616361636333
-31663464643331666461353331663936656539616235353530366238326333663966386639353334
+34623733373633373338343438633464323161353838633039303762346136656666643234626332
-65626330613330303930643835393365383739313831333235633261356331346161333765323335
+38616238643730326434363832333634353932636235396332306463353164643835313130303964
-39393534393166383161376530623739336635303363393633653666633363656334653961643964
+33316463666135366433326564663934656337656563623439643162303762393339306535633735
-65373237333338313162626636366264356663616261633734613330626562666538313165663562
+36636532343435323362386463386163303737343933623839306233306138636362643838346564
-33393336613963353330336238656433613363306535323930623037663463613136643735613337
+37383935386638343262336139373135343137636339643333343730313563666634313262623836
-63396334626334373737663461386663653865626136353761666531623563643465356366666266
+34616634336235316532333934663732376634643238303465643763633333636466663733333635
-32393536643638303862353234366233323566623862316636323866323336366434376463306661
+61306537373162306137636335646663646134656366636635633437356366636134636439633936
-31313133313639313635333335643836373437306535383734373031306539643738326238373366
+64363136313732633566613264306432633234623561306562313863633237633265366637346265
-31393734383738636333643437393238336365376332643861636435303036653065613164363031
+35393161376332363038306430313037383832373138333431653266346566333766616139316661
-63373632343634303236653036636134306237663462633861366630633034333832646362303236
+37346436356433623535376664313937363263363531616363333738366431326361303062383335
-32636166366430343063316333636134616236373866373865316261626239376639366537306461
+63633263613964633137613363313630323066353265633636623763643530333764376664613066
-33636265313262366264306331313039363734633766323932363465353032633764373332326466
+61666565333035373562323433343362306166386330356430373039633864656136643133633466
-31363034326161643062343230333435343435623336653163323365363233643231306538373939
+36386638313238353737333565306132313135326234316134656365303930366164373564363730
-35643338396661356332343431383232376238626434613462306437653537343530643030333735
+63656261613231336332663631343863623235376634663332643563343263623038633863323764
-38393532303533323430373066343938396533656564663731393738363863663864356462663565
+66353466343434346136333562653665306164633133386431383638346461363838393363633432
-656438663662326136393134643136663737
+39656639393531303562323630663464326262623464653631313134643664653361653565666462
 35313162396463343464336466613362303566646665373033656362343464663262656239333365
 36633035633462316166393934333238303931616631363933363766636634663437336563313863
 32353062646263643966633839643931353562383330353461643765646266336634363333343064
 37653138326163323865626536643762393234343166666362643431663132393236313637396164
 66326538643838323765623931393266396431393139393766323164383031633062663761633438
 39373936393964626630383230636165313937393139326236633632386164386361346161393731
 38323765393562356635626434343437663165373163643765663834636362353532633262303838
 64396664333739313832323836396161646536626138313362376663626238366161626561666132
 39343764633762653234633764636239303139313731616639613532323163643534363130376433
 61343234386532346633623537643461666562653938396262653734323231623064303439316464
 63376561316562343066313730376631393032343539313832366365376131313862653966376532
 63653835646538383466656165626136363061633366376164666462383837643931363764323832
 34313762663836363433666138343033353432326232383037346130633833346563353463333736
 33623463386365336666353963633963323034633637623363333163346664663437646338356362
 31363833373463633033386231653035383161613435346463393433336436373332306634323232
 37663336623735626532363066303162383563643939323335656565633630646239356339333036
 61303339346431306335323364663764303232643637303666613330373735303365613738653662
 39663866323237333739623466316131656437643561623837346336373836353966393663343065
 32343831323132323430653563366261313036616430663339343336376564383766376165626362
 35656665643161376234303835373566363131343036363033643935313531343439323464623764
 39636562303938646466346462383537646566363034313261616635386339623233363431626631
 36656263623963356332353532613738623935363961623763393536356162653639633763656164
 35316138366164396637316335656332623266316232343439336332653862373535646166393563
 66306132653333353562626663313466623335623238616234633563326565653432343337393832
 30616434643264643937623337343333626265336437613364373064333934663338303331653266
 66323439306333356433323030393361316533306665633639363032366638356663323064303539
 65356365323966366366613836613131386663616163616464623238613038646530373032653666
 32643334323936353536636263333866396665386331363332653435323730313763333732346265
 37623433323939393263666165666231643731343235623063333037626432356362323265366461
 34323237306537633630363237323363386464366331333832663132313832353534393736363237
 33666439643136653966386630326566356462373537626161306464633363383831396233356465
 38623937303137316339326164363431303931633266316331306263313934376363626662346638
 61383731373064336431643339356465316662376166303732633765303438323333373133643535
 30626133343863383961663330653230656565626663303936633037643763303234336562396435
 65666331323739646531306538366232363034626431633765313739376363313664626566346562
 38653262623131646233346361646632663436366230623066613963653035353835343439643833
 30356237333034336331363830346566313433613836393663363937353366626166663233633563
 30666134343239633035616366353061313937336433353466643631346632643263323535356235
 3434393032383433326532376663653064363639303430643937
--- a/playbooks/deploy-postgres.yml
+++ b/playbooks/deploy-postgres.yml
@ -1,6 +1,6 @@
 ---
 - name: Deploy PostgreSQL container
-  hosts: prod1
+  hosts: db1
  become: true
  roles:
    - role: services/postgres
@ -8,9 +8,9 @@
      vars:
        directory: "pg-dev"
        container_name: "postgres-dev"
-        port: 7000
+        port: 4000
    - role: services/postgres
      vars:
        directory: "pg-beta"
        container_name: "postgres-beta"
-        port: 7001
+        port: 4001
--- a/playbooks/export-kitty-terminfo.yml
+++ b/playbooks/export-kitty-terminfo.yml
@ -0,0 +1,8 @@
 ---
 - name: Export kitty terminfo
  hosts: prod-vms
  become: yes
  vars:
    ansible_become_allow_unsafe_writes: true
  roles:
    - role: server/kitty
--- a/playbooks/prep-pve-for-cluster.yml
+++ b/playbooks/prep-pve-for-cluster.yml
@ -2,4 +2,4 @@
  hosts: pve-nodes
  become: yes
  roles:
-    - role: utility/cluster_prep
+    - role: pve/cluster_prep
--- a/playbooks/provision-alma.yml
+++ b/playbooks/provision-alma.yml
@ -1,13 +1,21 @@
 ---
 - name: Provision AlmaLinux 9 VM
-  hosts: staging-vm
+  hosts: prod-vm
  become: yes
  roles:
-    - role: server/users
+    - role: server/hostname
-    - role: server/sshkey
+    # - role: server/users
-    # - role: server/network
+    # - role: server/sshkey
    # - role: server/dnf
    - role: server/network
    # - role: server/firewall
    # - role: provision/alma/common
    # - role: provision/alma/nfs
-    # - role: docker/install
+    - role: docker/install
-    # - role: server/reboot
+    # - role: server/fstrim
    # - role: server/kitty
    # - role: server/reboot
  # tasks:
  #   - name: whatever
  #     ansible.builtin.debug:
  #       var: "{{ inventory_hostname }}"
--- a/roles/docker/apps/dbgate/defaults/main.yml
+++ b/roles/docker/apps/dbgate/defaults/main.yml
--- a/roles/docker/apps/dbgate/tasks/main.yml
+++ b/roles/docker/apps/dbgate/tasks/main.yml
--- a/roles/docker/apps/portainer-agent/defaults/main.yml
+++ b/roles/docker/apps/portainer-agent/defaults/main.yml
--- a/roles/docker/apps/portainer-agent/tasks/main.yml
+++ b/roles/docker/apps/portainer-agent/tasks/main.yml
@ -0,0 +1,22 @@
 - name: Pull Portainer Agent image
  become: true
  community.docker.docker_image:
    name: portainer/agent
    tag: latest
    source: pull
 - name: Deploy Portainer Agent container
  become: true
  community.docker.docker_container:
    name: portainer_agent
    image: portainer/agent
    pull: false           # we already pulled above
    state: started
    restart_policy: always
    ports:
      - "9001:9001"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
      - /:/host
    timeout: 120      # wait up to 2m for it to come up
--- a/roles/postgres/priviledges/defaults/main.yml
+++ b/roles/postgres/priviledges/defaults/main.yml
@ -1 +0,0 @@
 priviledges: ALL
--- a/roles/postgres/privileges/defaults/main.yml
+++ b/roles/postgres/privileges/defaults/main.yml
@ -0,0 +1 @@
 privileges: ALL
--- a/roles/postgres/priviledges/tasks/main.yml
+++ b/roles/postgres/priviledges/tasks/main.yml
@ -7,22 +7,22 @@
    objs: "{{ database }}"
    privs: "CREATE"
    role: "{{ user }}"
    state: present
    login_host: "{{ pg_host }}"
    login_port: "{{ pg_port }}"
    login_user: "{{ pg_user }}"
    login_password: "{{ pg_password }}"
    state: present
- name: Give user full priviledges on database
+- name: Give user full privileges on database
  delegate_to: localhost
  community.postgresql.postgresql_privs:
    db: "{{ database }}"
    type: schema
    objs: public
-    privs: "{{ priviledges }}"
+    privs: "{{ privileges }}"
    role: "{{ user }}"
    state: present
    login_host: "{{ pg_host }}"
    login_port: "{{ pg_port }}"
    login_user: "{{ pg_user }}"
-    login_password: "{{ pg_password }}"
+    login_password: "{{ pg_password }}"
    state: present
--- a/roles/provision/alma/common/tasks/main.yml
+++ b/roles/provision/alma/common/tasks/main.yml
@ -4,11 +4,6 @@
  register: output
  changed_when: output.rc != 0
 - name: Set hostname
  ansible.builtin.hostname:
    name: "{{ provision_hostname }}"
    use: systemd
 - name: Upgrade all packages
  ansible.builtin.dnf:
    name: "*"
@ -40,17 +35,4 @@
  ansible.builtin.dnf:
    name:
      - '@Development tools'
-    update_cache: true
+    update_cache: true
 - name: Install baseline packages
  ansible.builtin.dnf:
    name:
      - vim
      - curl
      - git
      - bash-completion
      - firewalld
      - fastfetch
      - btop
    state: latest
    update_cache: true
--- a/roles/server/dnf/defaults/main.yml
+++ b/roles/server/dnf/defaults/main.yml
--- a/roles/server/dnf/tasks/main.yml
+++ b/roles/server/dnf/tasks/main.yml
@ -0,0 +1,19 @@
 ---
 - name: Install dnf packages
  ansible.builtin.dnf:
    name:
      - systemd-networkd
      - systemd-resolved
      - vim
      - curl
      - git
      - bash-completion
      - firewalld
      - fastfetch
      - btop
      - kitty-terminfo
      - bind-utils
      - nmap
      - tcpdump
    state: latest
    update_cache: true
--- a/roles/server/firewall/tasks/main.yml
+++ b/roles/server/firewall/tasks/main.yml
@ -32,12 +32,5 @@
 # - name: Remove ens18 from public
 #   ansible.builtin.command: firewall-cmd --zone=public --remove-interface=ens18 
 # - name: Assign interface ens18 to "internal" zone
 #   ansible.posix.firewalld:
 #     interface: ens18
 #     zone: internal
 #     state: enabled
 #     permanent: true
 - name: Reload firewalld to apply changes
  ansible.builtin.command: firewall-cmd --reload
--- a/roles/server/fstrim/defaults/main.yml
+++ b/roles/server/fstrim/defaults/main.yml
--- a/roles/server/fstrim/tasks/main.yml
+++ b/roles/server/fstrim/tasks/main.yml
@ -0,0 +1,6 @@
 ---
 - name: Trim filesystem once a week
  ansible.builtin.systemd_service:
    name: fstrim.timer
    enabled: true
    state: started
--- a/roles/server/hostname/defaults/main.yml
+++ b/roles/server/hostname/defaults/main.yml
--- a/roles/server/hostname/tasks/main.yml
+++ b/roles/server/hostname/tasks/main.yml
@ -0,0 +1,5 @@
 ---
 - name: Set hostname
  ansible.builtin.hostname:
    name: "{{ hostvars[inventory_hostname]['hostname'] }}"
    use: systemd
--- a/roles/server/kitty/defaults/main.yml
+++ b/roles/server/kitty/defaults/main.yml
@ -0,0 +1,3 @@
 users:
  - xbazzi
  - ansible
--- a/roles/server/kitty/tasks/main.yml
+++ b/roles/server/kitty/tasks/main.yml
@ -0,0 +1,31 @@
 ---
 - name: Copy pre-generated kitty terminfo to remote users
  copy:
    src: /home/xbazzi/.xterm-kitty.terminfo
    dest: /home/{{ item }}/xterm-kitty.terminfo
    owner: "{{ item }}"
    group: "{{ item }}"
    mode: '0644'
  loop: "{{ users }}"
 - name: Upload xterm-kitty.terminfo to each user’s home
  ansible.builtin.copy:
    src: "/home/xbazzi/.xterm-kitty.terminfo"
    dest: "/home/{{ item }}/xterm-kitty.terminfo"
    owner: "{{ item }}"
    group: "{{ item }}"
    mode: '0644'
  loop: "{{ users }}"
 - name: Compile terminfo for each user
  ansible.builtin.command: >
    tic -x -o /home/{{ item }}/.terminfo /home/{{ item }}/xterm-kitty.terminfo
  become: true
  become_user: root #"{{ item }}"
  loop: "{{ users }}"
 - name: Clean up xterm-kitty.terminfo from home directory
  ansible.builtin.file:
    path: "/home/{{ item }}/xterm-kitty.terminfo"
    state: absent
  loop: "{{ users }}"
--- a/roles/server/network/files/networkd.conf.d/10-routes.conf
+++ b/roles/server/network/files/networkd.conf.d/10-routes.conf
@ -0,0 +1,2 @@
 [Network]
 RouteTable=mgmt:202 dmz:203
--- a/roles/server/network/handlers/main.yml
+++ b/roles/server/network/handlers/main.yml
@ -0,0 +1,4 @@
 - name: Restart systemd-networkd
  ansible.builtin.systemd_service:
    name: systemd-networkd
    state: restarted
--- a/roles/server/network/tasks/main.yml
+++ b/roles/server/network/tasks/main.yml
@ -1,32 +1,29 @@
 ---
 ##### Firewall pre-requisites #####
 - name: Enable and start systemd-networkd
  ansible.builtin.systemd:
    name: systemd-networkd
    enabled: true
    state: started
 - name: Enable and start firewalld
  ansible.builtin.systemd:
    name: firewalld
    enabled: yes
    state: started
- name: Enable and start NetworkManager
+- name: firewall-cmd --get-zones
  ansible.builtin.systemd:
    name: NetworkManager
    enabled: yes
    state: started
 - name: Check existing zones
  ansible.builtin.command: firewall-cmd --get-zones
  register: firewalld_zones
- name: Debug output
+- name: firewall-cmd --get-active-zones
  ansible.builtin.command: firewall-cmd --get-active-zones
  register: firewalld_zones
 - name: Check existing zones
  ansible.builtin.debug:
    var: firewalld_zones.stdout
 # - name: Create zone "core"
 #   ansible.builtin.command: firewall-cmd --permanent --new-zone="{{ item }}"
 #   loop: ["core", "mgmt"]
 #   # loop: "{{  firewalld_zones.stdout | split }}"
 #   when: item in firewalld_zones.stdout.split()
  # (item  != "core" and
  #       item != "dmz")
 - name: Create firewalld core zone
  ansible.posix.firewalld:
    zone: core
@ -48,89 +45,88 @@
 - name: Reload firewalld to apply changes
  ansible.builtin.command: firewall-cmd --reload
- name: Enable ssh rule in core for initial ansible config
+- name: Enable ssh rule in core 
  ansible.posix.firewalld:
    zone: core
    service: ssh
    state: enabled
    permanent: true
-# - name: Ensure all other zones are disabled
+- name: Enable ssh rule in mgmt 
-#   ansible.posix.firewalld:
+  ansible.posix.firewalld:
 #     zone: "{{ item }}"
 #     state: disabled
 #     permanent: true
 #   when: item not in zones
 #   loop: "{{ firewalld_zones.stdout | split }}"
 - name: Set up CORE interface manually
  nmcli:
    conn_name: CORE
    zone: core
    type: ethernet
    ip4: "{{ provision_core_ip4 }}"
    gw4: "{{ core_gw4 }}"
    dns4: "{{ core_gw4 }}"
    method4: "manual"
    ifname: ens18
    dns4_search: lan.xbazzi.com
    state: present
  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
 - name: Set up mgmt interface manually
  nmcli:
    conn_name: MGMT
    zone: mgmt
-    type: ethernet
+    service: ssh
-    ip4: "{{ provision_mgmt_ip4 }}"
+    state: enabled
-    routes4: "0.0.0.0/0 {{ mgmt_gw4 }}"
+    permanent: true
    routing_rules4:
      - "priority 2 from {{ mgmt_net }} table 200"
    route_metric4: 102
    dns4: "{{ mgmt_gw4 }}"
    method4: "manual"
    ifname: "ens19"
    dns4_search: "lan.xbazzi.com"
    state: present
  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
- name: Set up dmz interface manually
+- name: Reload firewalld to apply changes
-  nmcli:
+  ansible.builtin.command: firewall-cmd --reload
    conn_name: DMZ
    zone: dmz
    type: ethernet
    ip4: "{{ provision_dmz_ip4 }}"
    routes4: "0.0.0.0/0 {{ dmz_gw4 }}"
    routing_rules4:
      - "priority 3 from {{ dmz_net }} table 300"
    route_metric4: 103
    dns4: "{{ dmz_gw4 }}"
    method4: "manual"
    ifname: "ens20"
    dns4_search: "lan.xbazzi.com"
    state: present
  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
- name: Remove ens18 default connection
+#### Network config ####
-  nmcli:
+- name: Ensure systemd-networkd directories exist
-    conn_name: ens18
+  ansible.builtin.file:
-    state: absent
+    path: "{{ item }}"
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+    state: directory
    owner: root
    group: root
    mode: '0755'
  loop:
    - /etc/systemd/network
    - /etc/systemd/networkd.conf.d
- name: Remove ens19 default connection
+- name: Generate default interface .network file
-  nmcli:
+  ansible.builtin.template:
-    conn_name: ens19
+    src: default-interface.network.j2
-    state: absent
+    dest: "/etc/systemd/network/{{ default_interface.prefix }}-{{ default_interface.ifname }}-{{ default_interface.name }}.network"
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+    owner: root
    group: root
    mode: '0644'
  notify: Restart systemd-networkd
- name: Remove ens20 default connection
+- name: Generate auxiliary interfaces .network files
-  nmcli:
+  ansible.builtin.template:
-    conn_name: ens20
+    src: auxiliary-interface.network.j2
-    state: absent
+    dest: "/etc/systemd/network/{{ item.prefix }}-{{ item.ifname }}-{{ item.name }}.network"
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+    owner: root
    group: root
    mode: '0644'
  loop: "{{ network_interfaces }}"
  notify: Restart systemd-networkd
- name: Remove "Wired connection 1"
+# - name: Deploy .network files
-  nmcli:
+#   ansible.builtin.copy:
-    conn_name: Wired connection 1
+#     src: "files/network/{{ item }}"
-    state: absent
+#     dest: "/etc/systemd/network/{{ item }}"
-  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
+#     owner: root
 #     group: root
 #     mode: '0644'
 #   loop:
 #     - 10-ens18-core.network
 #     - 20-ens19-mgmt.network
 #     - 30-ens20-dmz.network
 #   notify: Restart systemd-networkd
 - name: Deploy systemd-networkd global .conf files
  ansible.builtin.copy:
    src: "files/networkd.conf.d/{{ item }}"
    dest: "/etc/systemd/networkd.conf.d/{{ item }}"
    owner: root
    group: root
    mode: '0644'
  loop:
    - 10-routes.conf
  notify: Restart systemd-networkd
 - name: Ensure NetworkManager is disabled
  ansible.builtin.systemd_service:
    name: NetworkManager
    masked: true
    enabled: false
    state: stopped 
 - name: Ensure NetworkManager-wait-online is disabled
  ansible.builtin.systemd_service:
    name: NetworkManager-wait-online
    masked: true
    enabled: false
    state: stopped 
--- a/roles/server/network/tasks/main_nmcli.yml
+++ b/roles/server/network/tasks/main_nmcli.yml
@ -0,0 +1,250 @@
 ---
 - name: Enable and start firewalld
  ansible.builtin.systemd:
    name: firewalld
    enabled: yes
    state: started
 - name: Enable and start NetworkManager
  ansible.builtin.systemd:
    name: NetworkManager
    enabled: yes
    state: started
 - name: Check existing zones
  ansible.builtin.command: firewall-cmd --get-zones
  register: firewalld_zones
 - name: Debug output
  ansible.builtin.debug:
    var: firewalld_zones.stdout
 # - name: Create zone "core"
 #   ansible.builtin.command: firewall-cmd --permanent --new-zone="{{ item }}"
 #   loop: ["core", "mgmt"]
 #   # loop: "{{  firewalld_zones.stdout | split }}"
 #   when: item in firewalld_zones.stdout.split()
  # (item  != "core" and
  #       item != "dmz")
 - name: Create firewalld core zone
  ansible.posix.firewalld:
    zone: core
    state: present
    permanent: true
 - name: Create firewalld mgmt zone
  ansible.posix.firewalld:
    zone: mgmt
    state: present
    permanent: true
 - name: Create firewalld dmz zone
  ansible.posix.firewalld:
    zone: dmz
    state: present
    permanent: true
 - name: Reload firewalld to apply changes
  ansible.builtin.command: firewall-cmd --reload
 - name: Enable ssh rule in core 
  ansible.posix.firewalld:
    zone: core
    service: ssh
    state: enabled
    permanent: true
 - name: Enable ssh rule in mgmt 
  ansible.posix.firewalld:
    zone: mgmt
    service: ssh
    state: enabled
    permanent: true
 - name: Reload firewalld to apply changes
  ansible.builtin.command: firewall-cmd --reload
 # - name: Ensure all other zones are disabled
 #   ansible.posix.firewalld:
 #     zone: "{{ item }}"
 #     state: disabled
 #     permanent: true
 #   when: item not in zones
 #   loop: "{{ firewalld_zones.stdout | split }}"
 # - name: Ensure custom routing table names are present
 #   ansible.builtin.lineinfile:
 #     path: /etc/iproute2/rt_tables
 #     line: "{{ item.table_id }} {{ item.table_name }}"
 #     create: yes
 #     state: present
 #   loop: "{{ network_interfaces }}"
 #   loop_control:
 #     label: "{{ item.table_name }}"
 - name: Ensure /etc/iproute2 directory exists
  ansible.builtin.file:
    path: /etc/iproute2
    state: directory
    owner: root
    group: root
    mode: '0755'
 - name: Overwrite /etc/iproute2/rt_tables with templated content
  ansible.builtin.template:
    src: rt_tables.j2
    dest: /etc/iproute2/rt_tables
    owner: root
    group: root
    mode: '0644'
    force: yes
 - name: Default connection
  debug:
    var: default_conn
 - name: Configure default (CORE) connection
  community.general.nmcli:
    conn_name: "{{ default_conn.name | upper }}"
    type: ethernet
    zone: "{{ default_conn.name }}"
    method4: "manual"
    ip4: "{{ default_conn.ip }}/22"
    ifname: "{{ default_conn.ifname }}"
    dns4: "{{ default_conn.gateway }}"
    dns4_search: lan.xbazzi.com
    mtu: "{{ default_conn.mtu | default(1500) }}"
    state: present
 - name: Configure ancillary connections
  community.general.nmcli:
    conn_name: "{{ item.name | upper }}"
    type: ethernet
    zone: "{{ item.name }}"
    method4: "manual"
    ip4: "{{ item.ip }}/22"
    ifname: "{{ item.ifname }}"
    dns4: "{{ item.gateway }}"
    dns4_search: lan.xbazzi.com
    # table: "{{ item.table_id }}"
    # table: "{{ item.table_id }}"
    mtu: "{{ item.mtu | default(1500) }}"
    # routes4_extended:
      # - ip: "0.0.0.0/0"
        # table: "{{ item.table_id }}"
        # next_hop: "{{ item.gateway }}"
        # mtu: "{{ item.mtu | default(1500) }}"
        # metric: 
      # - ip: "{{ item.subnet }}"
        # table: "{{ item.table_id }}"
        # table: "{{ item.table_id }}"
        # next_hop: "0.0.0.0"
        # mtu: "{{ item.mtu | default(1500) }}"
    # - "{{ item.subnet }} 0.0.0.0 {{ item.table_id }}"
    # routing_rules4:
      # - "priority {{ item.priority }} from {{ item.ip }} table {{ item.table_id }}"
    state: present
  loop: "{{ network_interfaces }}"
  loop_control:
    label: "{{ item.name }}"
 - name: Add route-table for each interface
  ansible.builtin.command: >
    nmcli connection modify {{ item.name | upper }} ipv4.route-table {{ item.table_id }}
  loop: "{{ network_interfaces }}"
 - name: Add routes 
  ansible.builtin.command: >
    nmcli con modify MGMT +ipv4.routes "0.0.0.0/0 {{ item.gateway }}"
  loop: "{{ network_interfaces }}"
 - name: Add routing rules
  ansible.builtin.command: >
    nmcli con modify MGMT +ipv4.routing-rules "priority {{ item.priority }} table {{ item.table_id }}"
  loop: "{{ network_interfaces }}"
 # -name: Add ancillary routes to main table
  # sudo ip route add 10.69.0.0/22 dev ens19 proto kernel scope link table main
 # - name: Set up CORE interface manually
 #   nmcli:
 #     conn_name: CORE
 #     zone: core
 #     type: ethernet
 #     ip4: "{{ provision_core_ip4 }}"
 #     gw4: "{{ core_gw4 }}"
 #     dns4: "{{ core_gw4 }}"
 #     method4: "manual"
 #     ifname: ens18
 #     dns4_search: lan.xbazzi.com
 #     state: present
  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
 # - name: Set up mgmt interface manually
 #   nmcli:
 #     conn_name: MGMT
 #     zone: mgmt
 #     type: ethernet
 #     ip4: "{{ provision_mgmt_ip4 }}"
 #     # routes4: "0.0.0.0/0 {{ mgmt_gw4 }}"
 #     routing_rules4:
 #       - "priority 2 from {{ mgmt_net }} table 200"
 #     route_metric4: 102
 #     dns4: "{{ mgmt_gw4 }}"
 #     method4: "manual"
 #     ifname: "ens19"
 #     dns4_search: "lan.xbazzi.com"
 #     state: present
 #   # delegate_to: "{{ provision_core_ip4_no_subnet }}"
 # - name: Set up dmz interface manually
 #   nmcli:
 #     conn_name: DMZ
 #     zone: dmz
 #     type: ethernet
 #     ip4: "{{ provision_dmz_ip4 }}"
 #     routes4: "0.0.0.0/0 {{ dmz_gw4 }}"
 #     routes4_extended:
 #       ip: {{ provision_dmz_ip4 }}
 #     routing_rules4:
 #       - "priority 3 from {{ dmz_net }} table 300"
 #     route_metric4: 103
 #     dns4: "{{ dmz_gw4 }}"
 #     method4: "manual"
 #     ifname: "ens20"
 #     dns4_search: "lan.xbazzi.com"
 #     state: present
  # delegate_to: "{{ provision_core_ip4_no_subnet }}"
 # - name: Remove ens18 default connection
 #   nmcli:
 #     conn_name: "{{ item }}"
 #     state: absent
 #     loop: ["ens18", "ens19", "ens20", "core", "Wired connection 1"]
 - name: List current NetworkManager connections
  ansible.builtin.shell: nmcli -t -f NAME connection show
  register: nmcli_connections
 - name: Show active connection names
  ansible.builtin.debug:
    var: nmcli_connections.stdout_lines
 - name: Remove unwanted default NetworkManager connections
  community.general.nmcli:
    conn_name: "{{ item }}"
    state: absent
  loop:
    - ens18
    - ens19
    - ens20
    - core
    - "Wired connection 1"
  ignore_errors: true  # Optional: avoids failure if connection doesn't exist
 - name: Restart NetworkManager
  ansible.builtin.systemd_service:
    name: NetworkManager
    enabled: true
    state: restarted
--- a/roles/server/network/templates/auxiliary-interface.network.j2
+++ b/roles/server/network/templates/auxiliary-interface.network.j2
@ -0,0 +1,26 @@
 [Match]
 Name={{ item.ifname }}
 [Network]
 Address={{ hostvars[inventory_hostname]['addresses'][item.name] }}/22
 DNS={{ item.gateway }}
 Domains={{ item.search_domain }}
 IPv6AcceptRA=false
 IPv6SendRA=false
 [link]
 MTUBytes= {{ item.mtu }}
 [Route]
 Destination=0.0.0.0/0
 Gateway= {{ item.gateway }}
 Table= {{ item.table_id }}
 [Route]
 Destination={{ item.subnet }}
 Table= {{ item.table_id }}
 [RoutingPolicyRule]
 From={{ hostvars[inventory_hostname]['addresses'][item.name] }}
 Table={{ item.table_name }}
 Priority={{ item.priority }}
--- a/roles/server/network/templates/default-interface.network.j2
+++ b/roles/server/network/templates/default-interface.network.j2
@ -0,0 +1,8 @@
 [Match]
 Name={{ default_interface.ifname }}
 [Network]
 Address={{ hostvars[inventory_hostname]['addresses'][default_interface.name] }}/22
 Gateway={{ default_interface.gateway }}
 DNS={{ default_interface.gateway }}
 Domains={{ default_interface.search_domain }}
--- a/roles/server/network/templates/rt_tables.j2
+++ b/roles/server/network/templates/rt_tables.j2
@ -0,0 +1,8 @@
 255     local
 254     main
 253     default
 0       unspec
 {% for iface in network_interfaces %}
 {{ iface.table_id }}     {{ iface.name }}
 {% endfor %}
--- a/roles/server/users/tasks/main.yml
+++ b/roles/server/users/tasks/main.yml
@ -2,8 +2,8 @@
 - name: Add xbazzi group
  ansible.builtin.group:
    name: xbazzi
    state: present
    gid: 1337
    state: present
 - name: Add xbazzi user
  ansible.builtin.user: