6 accesspoint_wifi_channels:
18 ssid: "TEST realstuff"
20 key: "{{ vault_accesspoint_zones.iot.key }}"
24 key: "{{ vault_accesspoint_zones.guests.key }}"
26 # ssid: "TEST r3members"
28 # key: "{{ vault_accesspoint_zones.members.key }}"
32 accesspoint_wired_interface: eth0
33 accesspoint_wireless_device_paths:
34 2.4g: "platform/qca956x_wmac"
35 5g: "pci0000:00/0000:00:00.0"
37 accesspoint_network_base:
38 - name: globals 'globals'
40 ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
42 - name: interface 'loopback'
49 - name: interface 'raw'
51 ifname: "{{ accesspoint_wired_interface }}"
55 - name: interface 'mgmt'
58 ifname: "{{ accesspoint_wired_interface }}.{{ net.mgmt.vlan }}"
61 ipaddr: "{{ net.mgmt.prefix | ipaddr(net.mgmt.offsets.accesspoints + groups.accesspoints.index(inventory_hostname)) | ipaddr('address') }}"
62 netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
63 gateway: "{{ net.mgmt.gw }}"
64 dns: "{{ net.mgmt.dns | join(' ') }}"
65 dns_search: realraum.at
67 accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
68 accesspoint_network_zones_yaml: |
69 {% for item in accesspoint_zones.keys() %}
70 - name: interface "{{ item }}"
73 ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
79 accesspoint_wireless_devices:
80 - name: wifi-device 'radio5g'
83 channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
86 path: "{{ accesspoint_wireless_device_paths['5g'] }}"
89 - name: wifi-device 'radio2g4'
92 channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
95 path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
99 ## TODO: set up 802.11r see:
100 ## * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
101 ## * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
102 accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
103 accesspoint_wireless_types:
104 - { name: only, ssid: 2.4, freq: 2g4 }
105 - { name: only, ssid: 5, freq: 5g }
106 - { name: '', ssid: '', freq: 2g4 }
107 - { name: '', ssid: '', freq: 5g }
108 accesspoint_wireless_ifaces_yaml: |
109 {% for zone in accesspoint_zones.keys() %}
110 {% for item in accesspoint_wireless_types %}
111 - name: wifi-iface '{{ zone }}{{ item.freq }}{{ item.name }}'
113 device: 'radio{{ item.freq }}'
114 network: '{{ zone }}'
116 disassoc_low_ack: '1'
118 ssid: '{{ accesspoint_zones[zone].ssid }}{{ item.ssid }}'
119 encryption: '{{ accesspoint_zones[zone].encryption }}'
120 key: '{{ accesspoint_zones[zone].key }}'
126 openwrt_variant: openwrt
127 openwrt_release: 18.06.1
129 openwrt_target: generic
130 openwrt_profile: ubnt-unifiac-lite
131 openwrt_output_image_suffixes:
132 - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
137 # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
139 # disable IP forwarding, we don't need it since we are
140 # only an AP that bridges VLANs to Wifi SSIDs
141 net.ipv4.conf.default.forwarding=0
142 net.ipv4.conf.all.forwarding=0
143 net.ipv4.ip_forward=0
144 net.ipv6.conf.default.forwarding=0
145 net.ipv6.conf.all.forwarding=0
147 /etc/dropbear/authorized_keys:
149 {% for key in ssh_keys_root %}
154 file: "{{ global_files_dir }}/common/htoprc"
161 hostname: '{{ inventory_hostname }}'
162 timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
167 - name: timeserver 'ntp'
172 - '0.lede.pool.ntp.org'
173 - '1.lede.pool.ntp.org'
174 - '2.lede.pool.ntp.org'
175 - '3.lede.pool.ntp.org'
181 RootPasswordAuth: 'off'
184 network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
185 wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"