2 accesspoint_wifi_channels:
16 key: "this-should-come-from-vault"
24 key: "this-will-probably-use-radius-and-not-even-have-a-key"
28 accesspoint_wired_interface: eth0
29 accesspoint_wireless_device_paths:
30 2.4g: "platform/qca956x_wmac"
31 5g: "pci0000:00/0000:00:00.0"
33 accesspoint_network_base:
34 - name: globals 'globals'
36 ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
38 - name: interface 'loopback'
45 - name: interface 'raw'
47 ifname: "{{ accesspoint_wired_interface }}"
51 - name: interface 'mgmt'
54 ifname: "{{ accesspoint_wired_interface }}.{{ net.mgmt.vlan }}"
57 ipaddr: "{{ net.mgmt.prefix | ipaddr(net.mgmt.offsets.accesspoints + groups.accesspoints.index(inventory_hostname)) | ipaddr('address') }}"
58 netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
59 gateway: "{{ net.mgmt.gw }}"
60 dns: "{{ net.mgmt.dns | join(' ') }}"
61 dns_search: realraum.at
63 accesspoint_network_zones: []
64 # accesspoint_network_zone_template:
65 # - name: interface '{{ item }}'
68 # ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
74 accesspoint_wireless_devices:
75 - name: wifi-device 'radio5'
78 channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
81 path: "{{ accesspoint_wireless_device_paths['5g'] }}"
84 - name: wifi-device 'radio24'
87 channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
90 path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
93 accesspoint_wireless_ifaces: []
94 # accesspoint_wireless_iface_template:
95 # - name: wifi-iface '{{ item }}24s'
98 # network: '{{ item }}'
100 # ssid: '{{ accesspoint_zones[item].ssid }}24'
101 # encryption: '{{ accesspoint_zones[item].encryption }}'
102 # key: '{{ accesspoint_zones[item].key }}'
104 # - name: wifi-iface '{{ item }}5s'
107 # network: '{{ item }}'
109 # ssid: '{{ accesspoint_zones[item].ssid }}5'
110 # encryption: '{{ accesspoint_zones[item].encryption }}'
111 # key: '{{ accesspoint_zones[item].key }}'
113 # - name: wifi-iface '{{ item }}24'
116 # network: '{{ item }}'
118 # ssid: '{{ accesspoint_zones[item].ssid }}'
119 # encryption: '{{ accesspoint_zones[item].encryption }}'
120 # key: '{{ accesspoint_zones[item].key }}'
122 # - name: wifi-iface '{{ item }}5'
125 # network: '{{ item }}'
127 # ssid: '{{ accesspoint_zones[item].ssid }}'
128 # encryption: '{{ accesspoint_zones[item].encryption }}'
129 # key: '{{ accesspoint_zones[item].key }}'
135 openwrt_variant: openwrt
136 openwrt_release: 18.06.1
138 openwrt_target: generic
139 openwrt_profile: ubnt-unifiac-lite
140 openwrt_output_image_suffixes:
141 - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
146 # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
148 # disable IP forwarding, we don't need it since we are
149 # only an AP that bridges VLANs to Wifi SSIDs
150 net.ipv4.conf.default.forwarding=0
151 net.ipv4.conf.all.forwarding=0
152 net.ipv4.ip_forward=0
153 net.ipv6.conf.default.forwarding=0
154 net.ipv6.conf.all.forwarding=0
156 /etc/dropbear/authorized_keys:
158 {% for key in noc_ssh_keys %}
162 /root/.config/htop/htoprc:
164 # Beware! This file is rewritten by htop when settings are changed in the interface.
165 # The parser is also very primitive, and not human-friendly.
166 fields=0 48 17 18 38 39 40 2 46 47 49 1
170 hide_kernel_threads=1
171 hide_userland_threads=0
175 highlight_base_name=1
176 highlight_megabytes=1
181 cpu_count_from_zero=0
182 update_process_names=0
183 account_guest_in_cpu_meter=0
186 left_meters=AllCPUs Memory Swap
187 left_meter_modes=1 1 1
188 right_meters=Tasks LoadAverage Uptime
189 right_meter_modes=2 2 2
196 hostname: '{{ inventory_hostname }}'
197 timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
202 - name: timeserver 'ntp'
207 - '0.lede.pool.ntp.org'
208 - '1.lede.pool.ntp.org'
209 - '2.lede.pool.ntp.org'
210 - '3.lede.pool.ntp.org'
216 RootPasswordAuth: 'off'
219 network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
220 wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"