Configures MikroTik routers.
mikrotik_certs
- list of certificates to copy and import, example:
mikrotik_certs:
- src: myserver.crt
dest: myserver.crt
- src: myserver.key
dest: myserver.key
passphrase: verysecure
mikrotik_ip_addresses
- list of IP addresses, example:
mikrotik_ip_addresses:
- key_name: interface
key_value: bridge
other_values: address=192.168.1.1/24
mikrotik_ip_dhcp_server_networks
- list of DHCP Server network options, example:
mikrotik_ip_dhcp_server_networks:
- key_name: comment
key_value: defconf
other_values: address=192.168.1.0/24 gateway=192.168.1.1 dns-server=192.168.1.1
mikrotik_ip_dhcp_clients
- list of DHCP clients, example:
mikrotik_ip_dhcp_clients:
- key_name: interface
key_value: ether1
other_values: add-default-route=yes use-peer-dns=no
mikrotik_ip_services
- list of IP services to set, example:
mikrotik_ip_services:
- name: www-ssl
values: certificate=myserver tls-version=only-1.2 disabled=no
- name: www
values: disabled=yes
mikrotik_ip_pools
- list of IP pools, example:
mikrotik_ip_pools:
- key_name: name
key_value: dhcp
other_values: ranges=192.168.1.100-192.168.1.254
mikrotik_ip_dhcp_server_leases
- list of DHCP server leases, example:
mikrotik_ip_dhcp_server_leases:
- key_name: mac-address
key_value: 70:85:C2:A9:B2:FF
other_values: address=192.168.1.2 comment=myserver
mikrotik_ip_dns_statics
- list of static IP DNS records, example:
mikrotik_ip_dns_statics:
- key_name: name
key_value: www.myserver.com
other_values: address=192.168.1.2
mikrotik_ip_dns
- configure IP DNS, example:
mikrotik_ip_dns: use-doh-server=https://freedns.controld.com/p2 verify-doh-cert=yes allow-remote-requests=yes
mikrotik_interface_ovpn_clients
- configure OpenVPN client interface, example:
mikrotik_interface_ovpn_clients:
- key_name: name
key_value: ovpn-client
other_values: connect-to=vpn.acme.com port=1194 protocol=udp mode=ip profile=default certificate=mikrotik.crt_0 cipher=aes256 tls-version=only-1.2 use-peer-dns=no add-default-route=no user=mikrotik auth=sha256
mikrotik_ip_firewall_rules
- configures IP Firewall rules. Relies on comments, example:
mikrotik_ip_firewall_rules:
- type: filter
comment: allow established,related
rule: chain=input action=accept connection-state=established,related
- type: filter
comment: allow all internal network
rule: chain=input action=accept src-address=192.168.88.0/24
- type: filter
comment: drop everything else
rule: chain=input action=drop
- type: nat
comment: NAT all internal network
rule: chain=srcnat action=masquerade out-interface-list=WAN
Collections:
ansible.netcommon
community.routeros
- hosts: mikrotik
gather_facts: false
vars:
ansible_connection: ansible.netcommon.network_cli
ansible_network_os: community.routeros.routeros
ansible_user: admin
ansible_password: verysecure
roles:
- ansible-role-mikrotik
GPLv3
Vladimir Vasilev (@vladi-k)