---
+ssh_users_root:
+ - equinox
+ - nicoo
+
accesspoint_wifi_channels:
2.4g:
ap0: 3
iot:
ssid: "realstuff"
encryption: "psk2"
- key: "this-should-come-from-vault"
+ key: "{{ vault_accesspoint_zones.iot.key }}"
guests:
ssid: "realraum"
encryption: "psk2"
- key: "same-here"
- members:
- ssid: "r3members"
- encryption: "psk2"
- key: "this-will-probably-use-radius-and-not-even-have-a-key"
+ key: "{{ vault_accesspoint_zones.guests.key }}"
+ extra_options:
+ disassoc_low_ack: '1'
+ rsn_preauth: '1'
+ # members:
+ # ssid: "r3members"
+ # encryption: "psk2"
+ # key: "{{ vault_accesspoint_zones.members.key }}"
+ # extra_options:
+ # disassoc_low_ack: '1'
+ # rsn_preauth: '1'
dns: "{{ net.mgmt.dns | join(' ') }}"
dns_search: realraum.at
-accesspoint_network_zones: []
-# accesspoint_network_zone_template:
-# - name: interface '{{ item }}'
-# options:
-# type: bridge
-# ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
-# accept_ra: 0
-# proto: none
-
+accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
+accesspoint_network_zones_yaml: |
+ {% for item in accesspoint_zones.keys() %}
+ - name: interface "{{ item }}"
+ options:
+ type: bridge
+ ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
+ accept_ra: 0
+ proto: none
+ {% endfor %}
accesspoint_wireless_devices:
- - name: wifi-device 'radio5'
+ - name: wifi-device 'radio5g'
options:
type: 'mac80211'
channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
path: "{{ accesspoint_wireless_device_paths['5g'] }}"
htmode: 'VHT80'
- - name: wifi-device 'radio24'
+ - name: wifi-device 'radio2g4'
options:
type: 'mac80211'
channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
htmode: 'HT20'
-accesspoint_wireless_ifaces: []
-# accesspoint_wireless_iface_template:
-# - name: wifi-iface '{{ item }}24s'
-# options:
-# device: 'radio24'
-# network: '{{ item }}'
-# mode: 'ap'
-# ssid: '{{ accesspoint_zones[item].ssid }}24'
-# encryption: '{{ accesspoint_zones[item].encryption }}'
-# key: '{{ accesspoint_zones[item].key }}'
-
-# - name: wifi-iface '{{ item }}5s'
-# options:
-# device: 'radio5'
-# network: '{{ item }}'
-# mode: 'ap'
-# ssid: '{{ accesspoint_zones[item].ssid }}5'
-# encryption: '{{ accesspoint_zones[item].encryption }}'
-# key: '{{ accesspoint_zones[item].key }}'
-
-# - name: wifi-iface '{{ item }}24'
-# options:
-# device: 'radio24'
-# network: '{{ item }}'
-# mode: 'ap'
-# ssid: '{{ accesspoint_zones[item].ssid }}'
-# encryption: '{{ accesspoint_zones[item].encryption }}'
-# key: '{{ accesspoint_zones[item].key }}'
-
-# - name: wifi-iface '{{ item }}5'
-# options:
-# device: 'radio5'
-# network: '{{ item }}'
-# mode: 'ap'
-# ssid: '{{ accesspoint_zones[item].ssid }}'
-# encryption: '{{ accesspoint_zones[item].encryption }}'
-# key: '{{ accesspoint_zones[item].key }}'
-
+## TODO: set up 802.11r see:
+## * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
+## * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
+accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
+accesspoint_wireless_types:
+ - { name: only, ssid: 2.4, freq: 2g4 }
+ - { name: only, ssid: 5, freq: 5g }
+ - { name: '', ssid: '', freq: 2g4 }
+ - { name: '', ssid: '', freq: 5g }
+accesspoint_wireless_ifaces_yaml: |
+ {% for zone in accesspoint_zones.keys() %}
+ {% for item in accesspoint_wireless_types %}
+ - name: wifi-iface '{{ zone }}{{ item.freq }}{{ item.name }}'
+ options:
+ device: 'radio{{ item.freq }}'
+ network: '{{ zone }}'
+ mode: 'ap'
+ ssid: '{{ accesspoint_zones[zone].ssid }}{{ item.ssid }}'
+ encryption: '{{ accesspoint_zones[zone].encryption }}'
+ key: '{{ accesspoint_zones[zone].key }}'
+ {% for opt, val in (accesspoint_zones[zone].extra_options | default({}) ).items() %}
+ {{ opt }}: '{{ val }}'
+ {% endfor %}
+ {% endfor %}
+ {% endfor %}
net.ipv6.conf.all.forwarding=0
/etc/dropbear/authorized_keys:
- content: |-
- {% for key in noc_ssh_keys %}
- {{ key }}
- {% endfor %}
+ content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
- /root/.config/htop/htoprc:
- content: |
- # Beware! This file is rewritten by htop when settings are changed in the interface.
- # The parser is also very primitive, and not human-friendly.
- fields=0 48 17 18 38 39 40 2 46 47 49 1
- sort_key=46
- sort_direction=1
- hide_threads=0
- hide_kernel_threads=1
- hide_userland_threads=0
- shadow_other_users=0
- show_thread_names=0
- show_program_path=1
- highlight_base_name=1
- highlight_megabytes=1
- highlight_threads=1
- tree_view=1
- header_margin=1
- detailed_cpu_time=0
- cpu_count_from_zero=0
- update_process_names=0
- account_guest_in_cpu_meter=0
- color_scheme=0
- delay=15
- left_meters=AllCPUs Memory Swap
- left_meter_modes=1 1 1
- right_meters=Tasks LoadAverage Uptime
- right_meter_modes=2 2 2
+ /etc/htoprc:
+ file: "{{ global_files_dir }}/common/htoprc"
openwrt_uci: