Migrate nested dictionary meshes into a list of dictionaries

- migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list
2017-10-06 22:58:00 +02:00 · 2017-10-06 22:58:00 +02:00 · 63ca114c95
commit 63ca114c95
parent 2bbd39009c
44 changed files with 263 additions and 272 deletions
--- a/Readme.md
+++ b/Readme.md
@ -20,20 +20,19 @@ Die Server werden mit ihren FQDNs im Ansible Inventory hinterlegt, bedenkt das f
 ## Variablen für jedes Mesh
 Viele Rollen brauchen spezifische Informationen, wie IP-Adresse, Masken, Interface-Namen, etc.
-Wir verwalten diese Mesh-Informationen in einem Dictionary unter `inventory/group_vars/all`:
+Wir verwalten diese Mesh-Informationen in einer Liste von Dictionaries unter `inventory/group_vars/all`:
 ```
 meshes:
-  mz:
+  - id: mz
    site_number: 37
    site_code: ffmz
    site_name: Mainz
    ipv4_network: 10.37.0.0/18
-    ipv6:
+    ipv6_ula:
-      ula:
+      - fd37:b4dc:4b1e::/48
-        - fd37:b4dc:4b1e::/48
+    ipv6_public:
-      public:
+      - 2a03:2260:11a::/48
        - 2a03:2260:11a::/48
    dnssl:
      - ffmz.org
      - user.ffmz.org
@ -53,23 +52,22 @@ meshes:
    dns:
      master: fd37:b4dc:4b1e::a25:103
      forward_zones:
-        ffmz.org:
+        - name: ffmz.org
-        user.ffmz.org:
+        - name: user.ffmz.org
-        bb.ffmz.org:
+        - name: bb.ffmz.org
-        nodes.ffmz.org:
+        - name: nodes.ffmz.org
-        ffbin:
+        - name: ffbin
          master: fd37:b4dc:4b1e::a25:10c
-  wi:
+  - id: wi
    site_number: 56
    site_code: ffwi
    site_name: Wiesbaden
    ipv4_network: 10.56.0.0/18
-    ipv6:
+    ipv6_ula:
-      ula:
+      - fd56:b4dc:4b1e::/48
-        - fd56:b4dc:4b1e::/48
+    ipv6_public:
-      public:
+      - 2a03:2260:11b::/48
        - 2a03:2260:11b::/48
    dnssl:
      - ffwi.org
      - user.ffwi.org
@ -88,10 +86,10 @@ meshes:
    dns:
      master: fd56:b4dc:4b1e::a38:103
      forward_zones:
-        ffwi.org:
+        - name: ffwi.org
-        user.ffwi.org:
+        - name: user.ffwi.org
-        bb.ffwi.org:
+        - name: bb.ffwi.org
-        nodes.ffwi.org:
+        - name: nodes.ffwi.org
 ```
 ## Sensible Informationen
--- a/inventory/group_vars/all
+++ b/inventory/group_vars/all
@ -17,16 +17,15 @@ bgp_ipv4_transfer_net: 10.37.0.0/18
 bgp_ipv6_transfer_net: fd37:b4dc:4b1e::/64
 meshes:
-  mz:
+  - id: mz
    site_number: 37
    site_code: ffmz
    site_name: Mainz
    ipv4_network: 10.37.0.0/18
-    ipv6:
+    ipv6_ula:
-      ula:
+      - fd37:b4dc:4b1e::/48
-        - fd37:b4dc:4b1e::/48
+    ipv6_public:
-      public:
+      - 2a03:2260:11a::/48
        - 2a03:2260:11a::/48
    dnssl:
      - ffmz.org
      - user.ffmz.org
@ -46,23 +45,22 @@ meshes:
    dns:
      master: fd37:b4dc:4b1e::a25:103
      forward_zones:
-        ffmz.org:
+        - name: ffmz.org
-        user.ffmz.org:
+        - name: user.ffmz.org
-        bb.ffmz.org:
+        - name: bb.ffmz.org
-        nodes.ffmz.org:
+        - name: nodes.ffmz.org
-        ffbin:
+        - name: ffbin
          master: fd37:b4dc:4b1e::a25:10c
-  wi:
+  - id: wi
    site_number: 56
    site_code: ffwi
    site_name: Wiesbaden
    ipv4_network: 10.56.0.0/18
-    ipv6:
+    ipv6_ula:
-      ula:
+      - fd56:b4dc:4b1e::/48
-        - fd56:b4dc:4b1e::/48
+    ipv6_public:
-      public:
+      - 2a03:2260:11b::/48
        - 2a03:2260:11b::/48
    dnssl:
      - ffwi.org
      - user.ffwi.org
@ -82,10 +80,10 @@ meshes:
    dns:
      master: fd56:b4dc:4b1e::a38:103
      forward_zones:
-        ffwi.org:
+        - name: ffwi.org
-        user.ffwi.org:
+        - name: user.ffwi.org
-        bb.ffwi.org:
+        - name: bb.ffwi.org
-        nodes.ffwi.org:
+        - name: nodes.ffwi.org
 icvpn:
  prefix: mwu
--- a/roles/network-batman/README.md
+++ b/roles/network-batman/README.md
@ -12,7 +12,7 @@ Diese Ansible role konfiguriert batman-adv Netzwerk Interfaces.
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    ipv4_network:
 ...
--- a/roles/network-batman/tasks/main.yml
+++ b/roles/network-batman/tasks/main.yml
@ -2,13 +2,13 @@
 - name: create dummy interfaces
  template:
    src: dummy.j2
-    dest: "/etc/network/interfaces.d/{{ item.key }}0"
+    dest: "/etc/network/interfaces.d/{{ item.id }}0"
  notify: reload network interfaces
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: create batman interfaces
  template:
    src: batman.j2
-    dest: "/etc/network/interfaces.d/{{ item.key }}BAT"
+    dest: "/etc/network/interfaces.d/{{ item.id }}BAT"
  notify: reload network interfaces
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
--- a/roles/network-batman/templates/batman.j2
+++ b/roles/network-batman/templates/batman.j2
@ -1,14 +1,14 @@
-{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
 {% set mac = '0201' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
-auto {{ item.key }}BAT
+auto {{ item.id }}BAT
-iface {{ item.key }}BAT
+iface {{ item.id }}BAT
    hwaddress {{ mac | hwaddr('linux') }}
-    batman-ifaces {{ item.key }}0 {{ item.key }}VPN {{ item.key }}igVPN
+    batman-ifaces {{ item.id }}0 {{ item.id }}VPN {{ item.id }}igVPN
-    batman-hop-penalty {{ item.value.batman.hop_penalty }}
+    batman-hop-penalty {{ item.batman.hop_penalty }}
-    post-up /usr/sbin/batctl -m $IFACE it {{ item.value.batman.it }}
+    post-up /usr/sbin/batctl -m $IFACE it {{ item.batman.it }}
-    post-up /usr/sbin/batctl -m $IFACE gw {{ item.value.batman.gw }}
+    post-up /usr/sbin/batctl -m $IFACE gw {{ item.batman.gw }}
-    post-up /usr/sbin/batctl -m $IFACE mm {{ item.value.batman.mm }}
+    post-up /usr/sbin/batctl -m $IFACE mm {{ item.batman.mm }}
-    post-up /usr/sbin/batctl -m $IFACE dat {{ item.value.batman.dat }}
+    post-up /usr/sbin/batctl -m $IFACE dat {{ item.batman.dat }}
--- a/roles/network-batman/templates/dummy.j2
+++ b/roles/network-batman/templates/dummy.j2
@ -1,9 +1,9 @@
-{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
 {% set mac = '0200' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
-auto {{ item.key }}0
+auto {{ item.id }}0
-iface {{ item.key }}0
+iface {{ item.id }}0
    link-type dummy
    hwaddress {{ mac | hwaddr('linux') }}
--- a/roles/network-fastd/README.md
+++ b/roles/network-fastd/README.md
@ -10,7 +10,7 @@ Diese Ansible role konfiguriert Netzwerk Interfaces für fastd.
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    ipv4_network:
 ...
--- a/roles/network-fastd/tasks/main.yml
+++ b/roles/network-fastd/tasks/main.yml
@ -2,13 +2,13 @@
 - name: create fastd mesh interfaces
  template:
    src: fastd-mesh.j2
-    dest: "/etc/network/interfaces.d/{{ item.key }}VPN"
+    dest: "/etc/network/interfaces.d/{{ item.id }}VPN"
  notify: reload network interfaces
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: create fastd intragate interfaces
  template:
    src: fastd-intragate.j2
-    dest: "/etc/network/interfaces.d/{{ item.key }}igVPN"
+    dest: "/etc/network/interfaces.d/{{ item.id }}igVPN"
  notify: reload network interfaces
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
--- a/roles/network-fastd/templates/fastd-intragate.j2
+++ b/roles/network-fastd/templates/fastd-intragate.j2
@ -1,8 +1,8 @@
-{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
 {% set mac = '0212' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
-auto {{ item.key }}igVPN
+auto {{ item.id }}igVPN
-iface {{ item.key }}igVPN
+iface {{ item.id }}igVPN
    hwaddress {{ mac | hwaddr('linux') }}
--- a/roles/network-fastd/templates/fastd-mesh.j2
+++ b/roles/network-fastd/templates/fastd-mesh.j2
@ -1,8 +1,8 @@
-{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
 {% set mac = '0211' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
-auto {{ item.key }}VPN
+auto {{ item.id }}VPN
-iface {{ item.key }}VPN
+iface {{ item.id }}VPN
    hwaddress {{ mac | hwaddr('linux') }}
--- a/roles/network-iptables-gateway/README.md
+++ b/roles/network-iptables-gateway/README.md
@ -18,7 +18,7 @@ sysctl_settings_netfilter:
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    ipv4_network:
 ...
--- a/roles/network-iptables-gateway/templates/rules.v4.j2
+++ b/roles/network-iptables-gateway/templates/rules.v4.j2
@ -8,8 +8,8 @@
 -A INPUT -d {{ ansible_default_ipv4.address | ipaddr('public') }}/32 -p gre -j ACCEPT
 -A INPUT -m conntrack --ctstate INVALID -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-A FORWARD -i {{ mesh_id }}BR -o {{ mesh_id }}BR -j ACCEPT
+-A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT
 {% endfor %}
 -A FORWARD -m conntrack --ctstate INVALID -j DROP
 -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
@ -31,8 +31,8 @@ COMMIT
 :OUTPUT ACCEPT [0:0]
 :POSTROUTING ACCEPT [0:0]
 :ffrl-nat - [0:0]
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-A POSTROUTING -s {{ mesh_value.ipv4_network | ipaddr('private') | ipaddr('net') }} -o ffrl+ -j ffrl-nat
+-A POSTROUTING -s {{ mesh.ipv4_network | ipaddr('private') | ipaddr('net') }} -o ffrl+ -j ffrl-nat
 {% endfor %}
 -A ffrl-nat -o ffrl+ -j SNAT --to-source {{ ffrl_public_ipv4_nat | ipaddr('address') }}
 COMMIT
--- a/roles/network-iptables-gateway/templates/rules.v6.j2
+++ b/roles/network-iptables-gateway/templates/rules.v6.j2
@ -7,8 +7,8 @@
 :OUTPUT ACCEPT [0:0]
 -A INPUT -m conntrack --ctstate INVALID -j DROP
 -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-A FORWARD -i {{ mesh_id }}BR -o {{ mesh_id }}BR -j ACCEPT
+-A FORWARD -i {{ mesh.id }}BR -o {{ mesh.id }}BR -j ACCEPT
 {% endfor %}
 -A FORWARD -m conntrack --ctstate INVALID -j DROP
 -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--- a/roles/network-meshbridge/README.md
+++ b/roles/network-meshbridge/README.md
@ -11,15 +11,14 @@ Diese Ansible role konfiguriert die Linux Bridges für die Freifunk Meshes.
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  -id: xx
 ...
    ipv4_network:
 ...
-    ipv6:
+    ipv6_ula:
-      ula:
+      - fdxx.../48 # ipv6 ula prefix
-        - fdxx.../48 # ipv6 ula prefix
+    ipv6_public:
-      public:
+      - 2xxx.../48 # ipv6 public prefix
        - 2xxx.../48 # ipv6 public prefix
 ´´´
 - Host Variable `magic`
--- a/roles/network-meshbridge/tasks/main.yml
+++ b/roles/network-meshbridge/tasks/main.yml
@ -2,13 +2,13 @@
 - name: create mesh bridges
  template:
    src: bridge.j2
-    dest: "/etc/network/interfaces.d/{{ item.key }}BR"
+    dest: "/etc/network/interfaces.d/{{ item.id }}BR"
  notify: reload network interfaces
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: set sysfs variables
  template:
    src: sysfs.j2
-    dest: "/etc/sysfs.d/99-{{ item.key }}BR.conf"
+    dest: "/etc/sysfs.d/99-{{ item.id }}BR.conf"
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
  notify: activate sysfs variables
--- a/roles/network-meshbridge/templates/bridge.j2
+++ b/roles/network-meshbridge/templates/bridge.j2
@ -1,15 +1,16 @@
-{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
 {% set mac = '0210' + ip4hex -%}
 #
 # {{ ansible_managed }}
 #
-auto {{ item.key }}BR
+auto {{ item.id }}BR
-iface {{ item.key }}BR
+iface {{ item.id }}BR
    hwaddress {{ mac | hwaddr('linux') }}
-    address {{ item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
+    address {{ item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('ip/prefix') }}
-{% for ip_type, ip_list in item.value.ipv6.iteritems() %}
+{% for prefix in item.ipv6_ula %}
-{% for ip in ip_list %}
+    address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
    address {{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
 {% endfor %}
 {% for prefix in item.ipv6_public %}
    address {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('ip/prefix') }}
 {% endfor %}
-    bridge-ports {{ item.key }}BAT
+    bridge-ports {{ item.id }}BAT
--- a/roles/network-meshbridge/templates/sysfs.j2
+++ b/roles/network-meshbridge/templates/sysfs.j2
@ -1,4 +1,4 @@
 #
 # {{ ansible_managed }}
 #
-class/net/{{ item.key }}BR/bridge/hash_max = 16384
+class/net/{{ item.id }}BR/bridge/hash_max = 16384
--- a/roles/service-bind-slave/README.md
+++ b/roles/service-bind-slave/README.md
@ -15,18 +15,17 @@ Die Gateways agieren lediglich als Slave-DNS Server.
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    site_code: # string
    ipv4_network:
-    ipv6:
+    ipv6_ula:
-      ula:
+      - # ULA-Prefix
-        - # ULA-Prefix
+      - ...
        - ...
    dns:
      master: # IP-Adresse des DNS Masters
      forward_zones:
-        $zone: # DNS-Domain
+        - name: $zone # DNS-Domain
          master: # optional: IP-Adresse des DNS Masters, wenn die vom übergeordneten abweicht.
 ´´´
--- a/roles/service-bind-slave/tasks/main.yml
+++ b/roles/service-bind-slave/tasks/main.yml
@ -44,12 +44,12 @@
 - name: write named.conf for meshes
  template:
    src: named.conf.mesh.j2
-    dest: /etc/bind/named.conf.{{ item.value.site_code }}
+    dest: /etc/bind/named.conf.{{ item.site_code }}
    owner: root
    group: bind
    mode: 0644
  notify: restart bind9
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: write initial icvpn bind config
  shell: /usr/bin/python3 /home/admin/clones/icvpn-scripts/mkdns -f bind -x mwu -x bingen -s /home/admin/clones/icvpn-meta > /etc/bind/named.conf.icvpn
--- a/roles/service-bind-slave/templates/named.conf.j2
+++ b/roles/service-bind-slave/templates/named.conf.j2
@ -5,7 +5,7 @@
 include "/etc/bind/named.conf.options";
 include "/etc/bind/named.conf.default-zones";
 include "/etc/bind/named.conf.logging";
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-include "/etc/bind/named.conf.{{ mesh_value.site_code }}";
+include "/etc/bind/named.conf.{{ mesh.site_code }}";
 {% endfor %}
 include "/etc/bind/named.conf.icvpn";
--- a/roles/service-bind-slave/templates/named.conf.mesh.j2
+++ b/roles/service-bind-slave/templates/named.conf.mesh.j2
@ -3,35 +3,35 @@
 //
 // ACLs
-masters "ns-master-{{ item.value.site_code }}" {
+masters "ns-master-{{ item.site_code }}" {
-	{{ item.value.dns.master }};
+	{{ item.dns.master }};
 };
-{% for zone_id, zone_value in item.value.dns.forward_zones.iteritems() %}
+{% for zone in item.dns.forward_zones %}
-{% if zone_value.master is defined %}
+{% if zone.master is defined %}
-masters "ns-master-{{ zone_id }}" {
+masters "ns-master-{{ zone.name }}" {
-	{{ zone_value.master }};
+	{{ zone.master }};
 };
 {% endif %}
 {% endfor %}
-acl "intern-{{ item.value.site_code }}" {
+acl "intern-{{ item.site_code }}" {
-	{{ item.value.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }};
+	{{ item.ipv4_network | ipaddr('net') | ipaddr('network/prefix') }};
-{% for prefix in item.value.ipv6.ula %}
+{% for prefix in item.ipv6_ula %}
 	{{ prefix | ipaddr('net') | ipaddr('network/prefix') }};
 {% endfor %}
 };
-// DNS forward zones for {{ item.value.site_code }}
+// DNS forward zones for {{ item.site_code }}
-{% for zone_id, zone_value in item.value.dns.forward_zones.iteritems() %}
+{% for zone in item.dns.forward_zones %}
-zone "{{ zone_id }}." {
+zone "{{ zone.name }}." {
 	type slave;
-	file "{{ zone_id }}.db";
+	file "{{ zone.name }}.db";
-{% if zone_value.master is defined %}
+{% if zone.master is defined %}
-	masters { ns-master-{{ zone_id }}; };
+	masters { ns-master-{{ zone.name }}; };
 {% else %}
-	masters { ns-master-{{ item.value.site_code }}; };
+	masters { ns-master-{{ item.site_code }}; };
 {% endif %}
 };
 {% if not loop.last %}
@ -39,18 +39,18 @@ zone "{{ zone_id }}." {
 {% endif %}
 {% endfor %}
-// DNS reverse zones for {{ item.value.site_code }}
+// DNS reverse zones for {{ item.site_code }}
-zone "{{ item.value.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" {
+zone "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}" {
 	type slave;
-	file "{{ item.value.ipv4_network | ipaddr('net') | ipaddr('revdns') }}";
+	file "{{ item.ipv4_network | ipaddr('net') | ipaddr('revdns') }}";
-	masters { ns-master-{{ item.value.site_code }}; };
+	masters { ns-master-{{ item.site_code }}; };
 };
-{% for prefix in item.value.ipv6.ula %}
+{% for prefix in item.ipv6_ula %}
 zone "{{ prefix | ipaddr('net') | ipaddr('revdns') }}" {
 	type slave;
 	file "{{ prefix | ipaddr('net') | ipaddr('revdns') }}";
-	masters { ns-master-{{ item.value.site_code }}; };
+	masters { ns-master-{{ item.site_code }}; };
 };
 {% if not loop.last %}
--- a/roles/service-bind-slave/templates/named.conf.options.j2
+++ b/roles/service-bind-slave/templates/named.conf.options.j2
@ -11,25 +11,25 @@ options {
 	allow-recursion {
 		127.0.0.1;
 		::1;
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-		intern-{{ mesh_value.site_code }};
+		intern-{{ mesh.site_code }};
 {% endfor %}
 	};
 	allow-transfer { any; };
 	listen-on {
 		127.0.0.1;
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-		{{ mesh_value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
+		{{ mesh.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') }};
 {% endfor %}
 		{{ icvpn_ipv4_transfer_net | ipaddr('net') | ipsubnet(24, 37) | ipaddr(magic) | ipaddr('address') }};
 	};
 	listen-on-v6 {
 		::1;
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-{% for ip in mesh_value.ipv6.ula %}
+{% for ip in mesh.ipv6_ula %}
-		{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) }};
+		{{ ip | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }};
 {% endfor %}
 {% endfor %}
 		{{ icvpn_ipv6_transfer_net | ipaddr('net') | ipsubnet(112, 37) | ipaddr(magic) | ipaddr('address') }};
--- a/roles/service-bird-ffrl/README.md
+++ b/roles/service-bird-ffrl/README.md
@ -11,11 +11,10 @@ Diese Ansible role ergänzt die benötigte bird + bird6 Konfiguration für den I
 - Dictionary `meshes`
 ```
 meshes:
-  xx:
+  - id: xx
 ...
-    ipv6:
+    ipv6_public:
-      public:
+      - # Public IPv6-Netzwerk
        - # Public IPv6-Netzwerk
 ```
 - Host Dictionary `ffrl_exit_server`
 ´´´
--- a/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2
+++ b/roles/service-bird-ffrl/templates/ffrl_ipv6.conf.j2
@ -11,8 +11,8 @@ table ffrl;
 # Functions
 function is_ffrl_public_nets() {
    return net ~ [
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-{% for prefix in mesh_value.ipv6.public %}
+{% for prefix in mesh.ipv6_public %}
        {{ prefix }}{48,56}{{ "," if not loop.last else "" }}{% endfor %}{{ "," if not loop.last else "" }}
 {% endfor %}
    ];
@ -40,8 +40,8 @@ filter ebgp_ffrl_export_filter {
 # Protocols
 protocol static ffrl_public_routes {
    table ffrl;
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-{% for prefix in mesh_value.ipv6.public %}
+{% for prefix in mesh.ipv6_public %}
    route {{ prefix }} reject;
    route {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipaddr('network/prefix') }} reject;
 {% endfor %}
--- a/roles/service-bird/README.md
+++ b/roles/service-bird/README.md
@ -26,11 +26,10 @@ Im iBGP peeren wir mangels separatem Transfernetz (im Moment) im Mainzer Mesh Ne
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    ipv4_network:
-    ipv6:
+    ipv6_ula:
-      ula:
+      - # IPv6-ULA Network
        - # IPv6-ULA Network
 ´´´
 - Host Variable `magic`
--- a/roles/service-bird/templates/bird.conf.j2
+++ b/roles/service-bird/templates/bird.conf.j2
@ -38,8 +38,8 @@ function is_chaosvpn() {
 function is_mwu_self_nets() {
    return net ~ [
-{% for item, value in meshes.iteritems() %}
+{% for mesh in meshes %}
-        {{ value.ipv4_network | ipaddr('net') }}+{{ "," if not loop.last else "" }}
+        {{ mesh.ipv4_network | ipaddr('net') }}+{{ "," if not loop.last else "" }}
 {% endfor %}
    ];
 }
@ -50,8 +50,8 @@ protocol device {
 };
 protocol direct mwu_subnets {
-{% for item, value in meshes.iteritems() %}
+{% for mesh in meshes %}
-    interface "{{ item }}BR";
+    interface "{{ mesh.id }}BR";
 {% endfor %}
    import where is_mwu_self_nets();
 };
--- a/roles/service-bird/templates/bird6.conf.j2
+++ b/roles/service-bird/templates/bird6.conf.j2
@ -26,8 +26,8 @@ function is_ula() {
 function is_mwu_self_nets() {
    return net ~ [
-{% for item, value in meshes.iteritems() %}
+{% for mesh in meshes %}
-{% for ula in value.ipv6.ula %}
+{% for ula in mesh.ipv6_ula %}
        {{ ula | ipaddr('net') }}+{{ "," if not loop.last else "" }}{% endfor %}{{ "," if not loop.last else "" }}
 {% endfor %}
    ];
@ -39,8 +39,8 @@ protocol device {
 };
 protocol direct mwu_subnets {
-{% for item, value in meshes.iteritems() %}
+{% for mesh in meshes %}
-    interface "{{ item }}BR";
+    interface "{{ mesh.id }}BR";
 {% endfor %}
    import where is_mwu_self_nets();
 };
--- a/roles/service-dhcpd/README.md
+++ b/roles/service-dhcpd/README.md
@ -12,7 +12,7 @@ Wir nutzen diesen nur zur Verteilung von IPv4-Adressen.
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    site_name: # string
    site_code: # string
--- a/roles/service-dhcpd/tasks/main.yml
+++ b/roles/service-dhcpd/tasks/main.yml
@ -12,7 +12,7 @@
 - name: concatenate meshbridge interfaces
  set_fact:
-    dhcp_interfaces: "{% for mesh_id, mesh_value in meshes.iteritems() %}{{ mesh_id }}BR{% if not loop.last %} {% endif %}{% endfor %}"
+    dhcp_interfaces: "{% for mesh in meshes %}{{ mesh.id }}BR{% if not loop.last %} {% endif %}{% endfor %}"
 - name: set ipv4 interfaces isc dhcp should listen on
  lineinfile:
--- a/roles/service-dhcpd/templates/dhcpd.conf.j2
+++ b/roles/service-dhcpd/templates/dhcpd.conf.j2
@ -12,7 +12,7 @@ default-lease-time 300;
 min-lease-time 300;
 max-lease-time 300;
-{% for mesh in meshes.values() %}
+{% for mesh in meshes %}
 # DHCP subnet for site {{ mesh.site_name }} ({{ mesh.site_code }})
 subnet {{ mesh.ipv4_network | ipaddr('network') }} netmask {{ mesh.ipv4_network | ipaddr('netmask') }} {
 	range {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('network') }} {{ mesh.ipv4_network | ipsubnet(22, ipv4_dhcp_range) | ipaddr('net') | ipaddr('broadcast') }};
--- a/roles/service-fastd-intragate/README.md
+++ b/roles/service-fastd-intragate/README.md
@ -15,7 +15,7 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Intra-Server Kommunik
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    site_number: # integer
    peers_mesh_repo: # String - https Link zum Github Repository
--- a/roles/service-fastd-intragate/handlers/main.yml
+++ b/roles/service-fastd-intragate/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: restart fastd intragate instances
  systemd:
-    name: "fastd@{{ item.key }}igVPN"
+    name: "fastd@{{ item.id }}igVPN"
    state: restarted
  with_dict: "{{ meshes }}"
--- a/roles/service-fastd-intragate/tasks/main.yml
+++ b/roles/service-fastd-intragate/tasks/main.yml
@ -1,45 +1,45 @@
 ---
 - name: configure systemd unit fastd@
  systemd:
-    name: "fastd@{{ item.key }}igVPN"
+    name: "fastd@{{ item.id }}igVPN"
    enabled: yes
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: create fastd intragate directories
  file:
-    path: "/etc/fastd/{{ item.key }}igVPN"
+    path: "/etc/fastd/{{ item.id }}igVPN"
    state: directory
    mode: 0755
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: create fastd peer intragate directories
  file:
-    path: "/etc/fastd/{{ item.key }}igVPN/peers"
+    path: "/etc/fastd/{{ item.id }}igVPN/peers"
    state: directory
    mode: 0755
    owner: admin
    group: admin
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: clone fastd peer intragate repos
  git:
-    repo: "{{ item.value.peers_intragate_repo }}"
+    repo: "{{ item.peers_intragate_repo }}"
-    dest: "/etc/fastd/{{ item.key }}igVPN/peers"
+    dest: "/etc/fastd/{{ item.id }}igVPN/peers"
    version: master
    update: no
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
  become: false
 - name: template fastd mesh config
  template:
    src: fastd-intragate.conf.j2
-    dest: "/etc/fastd/{{ item.key }}igVPN/fastd.conf"
+    dest: "/etc/fastd/{{ item.id }}igVPN/fastd.conf"
  notify: restart fastd intragate instances
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: write fastd intragate secret
  template:
    src: fastd-secret.conf.j2
-    dest: "/etc/fastd/{{ item.key }}igVPN/secret.conf"
+    dest: "/etc/fastd/{{ item.id }}igVPN/secret.conf"
  notify: restart fastd intragate instances
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
--- a/roles/service-fastd-intragate/templates/fastd-intragate.conf.j2
+++ b/roles/service-fastd-intragate/templates/fastd-intragate.conf.j2
@ -1,4 +1,4 @@
-{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
 {% set mac = '0212' + ip4hex -%}
 #
 # {{ ansible_managed }}
@ -9,10 +9,10 @@ hide mac addresses yes;
 method "aes128-ctr+umac";
-interface "{{ item.key }}igVPN";
+interface "{{ item.id }}igVPN";
-bind {{ ansible_default_ipv4.address | ipaddr('public') }}:101{{ item.value.site_number }};
+bind {{ ansible_default_ipv4.address | ipaddr('public') }}:101{{ item.site_number }};
-bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:101{{ item.value.site_number }};
+bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:101{{ item.site_number }};
 include "secret.conf";
 mtu 1406;
@ -27,11 +27,11 @@ on up "
    ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
    ip link set $INTERFACE up
-    batctl -m {{ item.key }}BAT if add $INTERFACE
+    batctl -m {{ item.id }}BAT if add $INTERFACE
 ";
 on down "
-    batctl -m {{ item.key }}BAT if del $INTERFACE
+    batctl -m {{ item.id }}BAT if del $INTERFACE
 ";
-status socket "/var/run/fastd-{{ item.key }}igVPN.status";
+status socket "/var/run/fastd-{{ item.id }}igVPN.status";
--- a/roles/service-fastd-intragate/templates/fastd-secret.conf.j2
+++ b/roles/service-fastd-intragate/templates/fastd-secret.conf.j2
@ -1,4 +1,4 @@
-{% set local_interface = item.key + 'igVPN' -%}
+{% set local_interface = item.id + 'igVPN' -%}
 #
 # {{ ansible_managed }}
 #
--- a/roles/service-fastd-mesh/README.md
+++ b/roles/service-fastd-mesh/README.md
@ -16,7 +16,7 @@ Diese Ansible role konfiguriert die fastd-Instanz für die Knoten Kommunikation.
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    site_number: # integer
    peers_mesh_repo: # String - https Link zum Github Repository
--- a/roles/service-fastd-mesh/handlers/main.yml
+++ b/roles/service-fastd-mesh/handlers/main.yml
@ -1,6 +1,6 @@
 ---
 - name: restart fastd mesh instances
  systemd:
-    name: "fastd@{{ item.key }}VPN"
+    name: "fastd@{{ item.id }}VPN"
    state: restarted
  with_dict: "{{ meshes }}"
--- a/roles/service-fastd-mesh/tasks/main.yml
+++ b/roles/service-fastd-mesh/tasks/main.yml
@ -1,25 +1,25 @@
 ---
 - name: configure systemd unit fastd@
  systemd:
-    name: "fastd@{{ item.key }}VPN"
+    name: "fastd@{{ item.id }}VPN"
    enabled: yes
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: create fastd directories
  file:
-    path: "/etc/fastd/{{ item.key }}VPN"
+    path: "/etc/fastd/{{ item.id }}VPN"
    state: directory
    mode: 0755
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: create fastd peer mesh directories
  file:
-    path: "/etc/fastd/{{ item.key }}VPN/peers"
+    path: "/etc/fastd/{{ item.id }}VPN/peers"
    state: directory
    mode: 0755
    owner: admin
    group: admin
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: create fastd peer mesh directories for ffbin
  file:
@ -31,11 +31,11 @@
 - name: clone fastd peer mesh repos
  git:
-    repo: "{{ item.value.peers_mesh_repo }}"
+    repo: "{{ item.peers_mesh_repo }}"
-    dest: "/etc/fastd/{{ item.key }}VPN/peers"
+    dest: "/etc/fastd/{{ item.id }}VPN/peers"
    version: master
    update: no
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
  become: false
 - name: clone fastd peer mesh repo for ffbin
@ -49,36 +49,36 @@
 - name: template fastd mesh config
  template:
    src: fastd-mesh.conf.j2
-    dest: "/etc/fastd/{{ item.key }}VPN/fastd.conf"
+    dest: "/etc/fastd/{{ item.id }}VPN/fastd.conf"
  notify: restart fastd mesh instances
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: write fastd mesh secret
  template:
    src: fastd-secret.conf.j2
-    dest: "/etc/fastd/{{ item.key }}VPN/secret.conf"
+    dest: "/etc/fastd/{{ item.id }}VPN/secret.conf"
  notify: restart fastd mesh instances
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: copy peer_limit.conf if not exist
  copy:
    src: peer_limit.conf
-    dest: "/etc/fastd/{{ item.key }}VPN/peer_limit.conf"
+    dest: "/etc/fastd/{{ item.id }}VPN/peer_limit.conf"
    owner: admin
    group: admin
    mode: 0640
    force: no
  notify: restart fastd mesh instances
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: set file attributes for peer_limit.conf
  file:
-    path: "/etc/fastd/{{ item.key }}VPN/peer_limit.conf"
+    path: "/etc/fastd/{{ item.id }}VPN/peer_limit.conf"
    mode: 0640
    owner: admin
    group: admin
  notify: restart fastd mesh instances
-  with_dict: "{{ meshes }}"
+  with_items: "{{ meshes }}"
 - name: write systemd unit fastd-sync-meshkeys.service
  template:
--- a/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
+++ b/roles/service-fastd-mesh/templates/fastd-mesh.conf.j2
@ -1,4 +1,4 @@
-{% set ip4hex = item.value.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
+{% set ip4hex = item.ipv4_network | ipaddr('net') | ipaddr(magic) | ipaddr('address') | ip4_hex() -%}
 {% set mac = '0211' + ip4hex -%}
 #
 # {{ ansible_managed }}
@ -9,10 +9,10 @@ hide mac addresses yes;
 method "salsa2012+umac";
-interface "{{ item.key }}VPN";
+interface "{{ item.id }}VPN";
-bind {{ ansible_default_ipv4.address | ipaddr('public') }}:100{{ item.value.site_number }};
+bind {{ ansible_default_ipv4.address | ipaddr('public') }}:100{{ item.site_number }};
-bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:100{{ item.value.site_number }};
+bind {{ ansible_default_ipv6.address | ipaddr('public') | ipwrap }}:100{{ item.site_number }};
 include "secret.conf";
 mtu 1406;
@ -20,7 +20,7 @@ mtu 1406;
 peer group "vpn_nodes" {
    include "peer_limit.conf";
    include peers from "peers";
-{% if item.key == "mz" %}
+{% if item.id == "mz" %}
    include peers from "peers_bingen";
 {% endif %}
 }
@ -34,11 +34,11 @@ on up "
    ip link set address {{ mac | hwaddr('linux') }} dev $INTERFACE
    ip link set $INTERFACE up
-    batctl -m {{ item.key }}BAT if add $INTERFACE
+    batctl -m {{ item.id }}BAT if add $INTERFACE
 ";
 on down "
-    batctl -m {{ item.key }}BAT if del $INTERFACE
+    batctl -m {{ item.id }}BAT if del $INTERFACE
 ";
-status socket "/var/run/fastd-{{ item.key }}VPN.status";
+status socket "/var/run/fastd-{{ item.id }}VPN.status";
--- a/roles/service-fastd-mesh/templates/fastd-secret.conf.j2
+++ b/roles/service-fastd-mesh/templates/fastd-secret.conf.j2
@ -1,4 +1,4 @@
-{% set local_interface = item.key + 'VPN' -%}
+{% set local_interface = item.id + 'VPN' -%}
 #
 # {{ ansible_managed }}
 #
--- a/roles/service-radvd/README.md
+++ b/roles/service-radvd/README.md
@ -11,13 +11,12 @@ Diese Ansible role installiert und konfiguriert den radvd daemon.
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
-    ipv6:
+    ipv6_ula:
-      ula:
+      - # ULA-Prefix - String
-        - # ULA-Prefix - String
+    ipv6_public:
-      public:
+      - # Public-Prefix - String
        - # Public-Prefix - String
    iface_mtu: # Integer
 ´´´
 - Host Variable `magic`
--- a/roles/service-radvd/templates/radvd.conf.j2
+++ b/roles/service-radvd/templates/radvd.conf.j2
@ -2,37 +2,37 @@
 #
 # {{ ansible_managed }}
 #
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-interface {{ mesh_id }}BR
+interface {{ mesh.id }}BR
 {
 	AdvSendAdvert on;
 	IgnoreIfMissing on;
-	MaxRtrAdvInterval {{ mesh_value.radvd.maxrtradvinterval }};
+	MaxRtrAdvInterval {{ mesh.radvd.maxrtradvinterval }};
-	AdvLinkMTU {{ mesh_value.iface_mtu }};
+	AdvLinkMTU {{ mesh.iface_mtu }};
-{% for ip_type, ip_list in mesh_value.ipv6.iteritems() %}
+	RDNSS {% for prefix in mesh.ipv6_ula %}{{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}
-{% for prefix in ip_list %}
+{% endfor %}
 {% if ip_type == "ula" %}
 	RDNSS {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr(magic) | ipaddr('address') }}
 	{
 		FlushRDNSS off;
 	};
 {% for prefix in mesh.ipv6_ula %}
 	prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }}
 	{
 		AdvValidLifetime {{ mesh.radvd.advvalidlifetime }};
 		AdvPreferredLifetime {{ mesh.radvd.advpreferredlifetime }};
 	};
 {% if not loop.last %}
 {% endif %}
 {% endfor %}
 {% endfor %}
-{% for ip_type, ip_list in mesh_value.ipv6.iteritems() %}
+{% for prefix in mesh.ipv6_public %}
 {% for prefix in ip_list %}
 {% if ip_type == "public" %}
 	prefix {{ prefix | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }}
 {% else %}
 	prefix {{ prefix | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }}
 {% endif %}
 	{
-		AdvValidLifetime {{ mesh_value.radvd.advvalidlifetime }};
+		AdvValidLifetime {{ mesh.radvd.advvalidlifetime }};
-		AdvPreferredLifetime {{ mesh_value.radvd.advpreferredlifetime }};
+		AdvPreferredLifetime {{ mesh.radvd.advpreferredlifetime }};
 	};
 {% endfor %}
 {% if not loop.last %}
 {% endif %}
--- a/roles/service-rclocal/README.md
+++ b/roles/service-rclocal/README.md
@ -10,15 +10,14 @@ All dieses sollte in Zukunft durch systemd units abgelöst werden.
 - Dictionary `meshes`
 ´´´
 meshes:
-  xx:
+  - id: xx
 ...
    site_name: # string
    ipv4_network:
-    ipv6:
+    ipv6_ula:
-      ula:
+      - # string
-        - # string
+    ipv6_public:
-      public:
+      - # string
        - # string
    iface_mtu: # integer
 ´´´
 - Host Variable `magic`
--- a/roles/service-rclocal/templates/rc.local.j2
+++ b/roles/service-rclocal/templates/rc.local.j2
@ -18,59 +18,59 @@
 #
 # Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-ip -4 rule add from {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
+ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
-ip -4 rule add to {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
+ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
-ip -4 rule add from all oif {{ mesh_id }}BR lookup mwu priority 7
+ip -4 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7
-{% for ula in mesh_value.ipv6.ula %}
+{% for ula in mesh.ipv6_ula %}
 ip -6 rule add from {{ ula }} lookup mwu priority 7
 ip -6 rule add to {{ ula }} lookup mwu priority 7
 {% endfor %}
-{% for public in mesh_value.ipv6.public %}
+{% for public in mesh.ipv6_public %}
 ip -6 rule add from {{ public }} lookup mwu priority 7
 ip -6 rule add to {{ public }} lookup mwu priority 7
 {% endfor %}
-ip -6 rule add from all oif {{ mesh_id }}BR lookup mwu priority 7
+ip -6 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7
 {% endfor %}
 # Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-ip -4 rule add from {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
+ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
-ip -4 rule add to {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
+ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
-ip -4 rule add from all oif {{ mesh_id }}BR lookup icvpn priority 23
+ip -4 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23
-{% for ula in mesh_value.ipv6.ula %}
+{% for ula in mesh.ipv6_ula %}
 ip -6 rule add from {{ ula }} lookup icvpn priority 23
 ip -6 rule add to {{ ula }} lookup icvpn priority 23
 {% endfor %}
-{% for public in mesh_value.ipv6.public %}
+{% for public in mesh.ipv6_public %}
 ip -6 rule add from {{ public }} lookup icvpn priority 23
 ip -6 rule add to {{ public }} lookup icvpn priority 23
 {% endfor %}
-ip -6 rule add from all oif {{ mesh_id }}BR lookup icvpn priority 23
+ip -6 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23
 {% endfor %}
 ip -4 rule add from all oif icVPN lookup icvpn priority 23
 ip -6 rule add from all oif icVPN lookup icvpn priority 23
 # Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-ip -4 rule add from {{ mesh_value.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
+ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
-{% for ula in mesh_value.ipv6.ula %}
+{% for ula in mesh.ipv6_ula %}
 ip -6 rule add from {{ ula }} lookup internet priority 41
 ip -6 rule add to {{ ula }} lookup internet priority 41
 {% endfor %}
-{% for public in mesh_value.ipv6.public %}
+{% for public in mesh.ipv6_public %}
 ip -6 rule add from {{ public }} lookup internet priority 41
 ip -6 rule add to {{ public }} lookup internet priority 41
 {% endfor %}
-ip -6 rule add from all oif {{ mesh_id }}BR lookup internet priority 41
+ip -6 rule add from all oif {{ mesh.id }}BR lookup internet priority 41
 {% endfor %}
 ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
 ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
 # Priority 61 - at this point this is the end of policy routing for freifunk related routes
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-ip -4 rule add from all iif {{ mesh_id }}BR type unreachable priority 61
+ip -4 rule add from all iif {{ mesh.id }}BR type unreachable priority 61
-ip -6 rule add from all iif {{ mesh_id }}BR type unreachable priority 61
+ip -6 rule add from all iif {{ mesh.id }}BR type unreachable priority 61
 {% endfor %}
 ip -4 rule add from all iif icVPN type unreachable priority 61
 ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
@ -80,8 +80,8 @@ ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
 {% endfor %}
 ip -6 rule add from all iif icVPN type unreachable priority 61
 ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-{% for public in mesh_value.ipv6.public %}
+{% for public in mesh.ipv6_public %}
 ip -6 rule add from {{ public }} type unreachable priority 61
 ip -6 rule add to {{ public }} type unreachable priority 61
 {% endfor %}
@ -98,15 +98,15 @@ ip -6 rule add from all lookup icvpn priority 107
 # IP routes
 #
-{% for mesh_id, mesh_value in meshes.iteritems() %}
+{% for mesh in meshes %}
-# static {{ mesh_value.site_name }} routes for rt_table mwu
+# static {{ mesh.site_name }} routes for rt_table mwu
-/sbin/ip -4 route add {{ mesh_value.ipv4_network }} proto static dev {{ mesh_id }}BR table mwu
+/sbin/ip -4 route add {{ mesh.ipv4_network }} proto static dev {{ mesh.id }}BR table mwu
-{% for ula in mesh_value.ipv6.ula %}
+{% for ula in mesh.ipv6_ula %}
-/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh_id }}BR table mwu
+/sbin/ip -6 route add {{ ula | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
 {% endfor %}
-{% for public in mesh_value.ipv6.public %}
+{% for public in mesh.ipv6_public %}
-/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh_id }}BR table mwu
+/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
-/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh_id }}BR table mwu
+/sbin/ip -6 route add {{ public | ipaddr('net') | ipsubnet(56, magic) | ipsubnet(64, 0) | ipaddr('subnet') }} proto static dev {{ mesh.id }}BR table mwu
 {% endfor %}
 {% if not loop.last %}