X-Git-Url: https://git.realraum.at/?a=blobdiff_plain;f=ansible%2Fgroup_vars%2Faccesspoints%2Fmain.yml;h=7147bbd0e0b1cbb078b23ab0ecbd312b289a0c6d;hb=d91a54287c0b157979add905a6202554aa34e093;hp=480ccaa3c570953d343749bc391b7f3ef3921f41;hpb=6aed40ba9d57601070bbce18483d612680cfc885;p=noc.git diff --git a/ansible/group_vars/accesspoints/main.yml b/ansible/group_vars/accesspoints/main.yml index 480ccaa..7147bbd 100644 --- a/ansible/group_vars/accesspoints/main.yml +++ b/ansible/group_vars/accesspoints/main.yml @@ -1,4 +1,8 @@ --- +ssh_users_root: + - equinox + - nicoo + accesspoint_wifi_channels: 2.4g: ap0: 3 @@ -11,17 +15,17 @@ accesspoint_wifi_channels: accesspoint_zones: iot: - ssid: "realstuff" + ssid: "TEST realstuff" encryption: "psk2" - key: "this-should-come-from-vault" + key: "{{ vault_accesspoint_zones.iot.key }}" guests: - ssid: "realraum" - encryption: "psk2" - key: "same-here" - members: - ssid: "r3members" + ssid: "TEST realraum" encryption: "psk2" - key: "this-will-probably-use-radius-and-not-even-have-a-key" + key: "{{ vault_accesspoint_zones.guests.key }}" + # members: + # ssid: "TEST r3members" + # encryption: "psk2" + # key: "{{ vault_accesspoint_zones.members.key }}" @@ -60,19 +64,20 @@ accesspoint_network_base: dns: "{{ net.mgmt.dns | join(' ') }}" dns_search: realraum.at -accesspoint_network_zones: [] -# accesspoint_network_zone_template: -# - name: interface '{{ item }}' -# options: -# type: bridge -# ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}" -# accept_ra: 0 -# proto: none - +accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}" +accesspoint_network_zones_yaml: | + {% for item in accesspoint_zones.keys() %} + - name: interface "{{ item }}" + options: + type: bridge + ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}" + accept_ra: 0 + proto: none + {% endfor %} accesspoint_wireless_devices: - - name: wifi-device 'radio5' + - name: wifi-device 'radio5g' options: type: 'mac80211' channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}" @@ -81,7 +86,7 @@ accesspoint_wireless_devices: path: "{{ accesspoint_wireless_device_paths['5g'] }}" htmode: 'VHT80' - - name: wifi-device 'radio24' + - name: wifi-device 'radio2g4' options: type: 'mac80211' channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}" @@ -90,45 +95,31 @@ accesspoint_wireless_devices: path: "{{ accesspoint_wireless_device_paths['2.4g'] }}" htmode: 'HT20' -accesspoint_wireless_ifaces: [] -# accesspoint_wireless_iface_template: -# - name: wifi-iface '{{ item }}24s' -# options: -# device: 'radio24' -# network: '{{ item }}' -# mode: 'ap' -# ssid: '{{ accesspoint_zones[item].ssid }}24' -# encryption: '{{ accesspoint_zones[item].encryption }}' -# key: '{{ accesspoint_zones[item].key }}' - -# - name: wifi-iface '{{ item }}5s' -# options: -# device: 'radio5' -# network: '{{ item }}' -# mode: 'ap' -# ssid: '{{ accesspoint_zones[item].ssid }}5' -# encryption: '{{ accesspoint_zones[item].encryption }}' -# key: '{{ accesspoint_zones[item].key }}' - -# - name: wifi-iface '{{ item }}24' -# options: -# device: 'radio24' -# network: '{{ item }}' -# mode: 'ap' -# ssid: '{{ accesspoint_zones[item].ssid }}' -# encryption: '{{ accesspoint_zones[item].encryption }}' -# key: '{{ accesspoint_zones[item].key }}' - -# - name: wifi-iface '{{ item }}5' -# options: -# device: 'radio5' -# network: '{{ item }}' -# mode: 'ap' -# ssid: '{{ accesspoint_zones[item].ssid }}' -# encryption: '{{ accesspoint_zones[item].encryption }}' -# key: '{{ accesspoint_zones[item].key }}' - +## TODO: set up 802.11r see: +## * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/ +## * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b +accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}" +accesspoint_wireless_types: + - { name: only, ssid: 2.4, freq: 2g4 } + - { name: only, ssid: 5, freq: 5g } + - { name: '', ssid: '', freq: 2g4 } + - { name: '', ssid: '', freq: 5g } +accesspoint_wireless_ifaces_yaml: | + {% for zone in accesspoint_zones.keys() %} + {% for item in accesspoint_wireless_types %} + - name: wifi-iface '{{ zone }}{{ item.freq }}{{ item.name }}' + options: + device: 'radio{{ item.freq }}' + network: '{{ zone }}' + mode: 'ap' + disassoc_low_ack: '1' + rsn_preauth: '1' + ssid: '{{ accesspoint_zones[zone].ssid }}{{ item.ssid }}' + encryption: '{{ accesspoint_zones[zone].encryption }}' + key: '{{ accesspoint_zones[zone].key }}' + {% endfor %} + {% endfor %} @@ -154,39 +145,10 @@ openwrt_mixin: net.ipv6.conf.all.forwarding=0 /etc/dropbear/authorized_keys: - content: |- - {% for key in noc_ssh_keys %} - {{ key }} - {% endfor %} + content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n" - /root/.config/htop/htoprc: - content: | - # Beware! This file is rewritten by htop when settings are changed in the interface. - # The parser is also very primitive, and not human-friendly. - fields=0 48 17 18 38 39 40 2 46 47 49 1 - sort_key=46 - sort_direction=1 - hide_threads=0 - hide_kernel_threads=1 - hide_userland_threads=0 - shadow_other_users=0 - show_thread_names=0 - show_program_path=1 - highlight_base_name=1 - highlight_megabytes=1 - highlight_threads=1 - tree_view=1 - header_margin=1 - detailed_cpu_time=0 - cpu_count_from_zero=0 - update_process_names=0 - account_guest_in_cpu_meter=0 - color_scheme=0 - delay=15 - left_meters=AllCPUs Memory Swap - left_meter_modes=1 1 1 - right_meters=Tasks LoadAverage Uptime - right_meter_modes=2 2 2 + /etc/htoprc: + file: "{{ global_files_dir }}/common/htoprc" openwrt_uci: