--- # Example: Basic NetBird Setup # This playbook demonstrates basic NetBird configuration - name: Configure NetBird Infrastructure hosts: localhost connection: local gather_facts: false vars: netbird_api_url: "https://netbird.example.com" # Use ansible-vault for the token in production netbird_api_token: "{{ lookup('env', 'NETBIRD_API_TOKEN') }}" tasks: - name: Gather current NetBird information community.ansible_netbird.netbird_info: api_url: "{{ netbird_api_url }}" api_token: "{{ netbird_api_token }}" resource: current_user register: current_user - name: Display current user ansible.builtin.debug: msg: "Connected as: {{ current_user.data.email }}" - name: Create a group for developers community.ansible_netbird.netbird_group: api_url: "{{ netbird_api_url }}" api_token: "{{ netbird_api_token }}" name: "developers" state: present register: developers_group - name: Create a group for servers community.ansible_netbird.netbird_group: api_url: "{{ netbird_api_url }}" api_token: "{{ netbird_api_token }}" name: "servers" state: present register: servers_group - name: Create a setup key for new servers community.ansible_netbird.netbird_setup_key: api_url: "{{ netbird_api_url }}" api_token: "{{ netbird_api_token }}" name: "server-enrollment" key_type: "reusable" expires_in: 604800 # 7 days auto_groups: - "{{ servers_group.group.id }}" state: present register: server_key - name: Display the setup key ansible.builtin.debug: msg: "Server setup key: {{ server_key.setup_key.key | default('Already exists') }}" when: server_key.changed - name: Create a policy allowing developers to access servers community.ansible_netbird.netbird_policy: api_url: "{{ netbird_api_url }}" api_token: "{{ netbird_api_token }}" name: "developers-to-servers" description: "Allow developers to access servers" enabled: true rules: - name: "developers-ssh-access" sources: - "{{ developers_group.group.id }}" destinations: - "{{ servers_group.group.id }}" bidirectional: false protocol: "tcp" ports: - "22" - "443" - "8080" action: "accept" state: present # Network Routing Examples - name: Create internal network with routing community.ansible_netbird.netbird_network: api_url: "{{ netbird_api_url }}" api_token: "{{ netbird_api_token }}" name: "internal-network" description: "Route to internal resources" routers: - peer: "gateway-peer-id" # Replace with actual peer ID metric: 100 masquerade: true resources: - address: "172.16.0.0/16" name: "internal-range" description: "All internal IP addresses" groups: - "{{ developers_group.group.id }}" state: present register: internal_network - name: Create network with domain-based routing community.ansible_netbird.netbird_network: api_url: "{{ netbird_api_url }}" api_token: "{{ netbird_api_token }}" name: "internal-services" description: "Route traffic to internal domains" routers: - peer: "dns-gateway-peer-id" # Replace with actual peer ID metric: 100 masquerade: true resources: # Route specific domain - address: "gitlab.internal.example.com" name: "gitlab" groups: - "{{ developers_group.group.id }}" # Route all subdomains with wildcard - address: "*.internal.example.com" name: "internal-subdomains" description: "All internal subdomains" groups: - "{{ developers_group.group.id }}" state: present register: services_network - name: Display network info ansible.builtin.debug: msg: "Created networks: {{ internal_network.network.name }}, {{ services_network.network.name }}"