---
+accesspoint_wifi_channels:
+ 2.4g:
+ ap0: 3
+ ap1: 8
+ ap2: 13
+ 5g:
+ ap0: 36
+ ap1: 48
+ ap2: 40
+
+accesspoint_zones:
+ iot:
+ ssid: "realstuff"
+ encryption: "psk2"
+ key: "this-should-come-from-vault"
+ guests:
+ ssid: "realraum"
+ encryption: "psk2"
+ key: "same-here"
+ members:
+ ssid: "r3members"
+ encryption: "psk2"
+ key: "this-will-probably-use-radius-and-not-even-have-a-key"
+
+
+
+accesspoint_wired_interface: eth0
+accesspoint_wireless_device_paths:
+ 2.4g: "platform/qca956x_wmac"
+ 5g: "pci0000:00/0000:00:00.0"
+
+accesspoint_network_base:
+ - name: globals 'globals'
+ options:
+ ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
+
+ - name: interface 'loopback'
+ options:
+ ifname: lo
+ proto: static
+ ipaddr: 127.0.0.1
+ netmask: 255.0.0.0
+
+ - name: interface 'raw'
+ options:
+ ifname: "{{ accesspoint_wired_interface }}"
+ proto: none
+ accept_ra: 0
+
+ - name: interface 'mgmt'
+ options:
+ type: bridge
+ ifname: "{{ accesspoint_wired_interface }}.{{ net.mgmt.vlan }}"
+ accept_ra: 0
+ proto: static
+ ipaddr: "{{ net.mgmt.prefix | ipaddr(net.mgmt.offsets.accesspoints + groups.accesspoints.index(inventory_hostname)) | ipaddr('address') }}"
+ netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
+ gateway: "{{ net.mgmt.gw }}"
+ dns: "{{ net.mgmt.dns | join(' ') }}"
+ dns_search: realraum.at
+
+accesspoint_network_zones: []
+# accesspoint_network_zone_template:
+# - name: interface '{{ item }}'
+# options:
+# type: bridge
+# ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
+# accept_ra: 0
+# proto: none
+
+
+
+accesspoint_wireless_devices:
+ - name: wifi-device 'radio5'
+ options:
+ type: 'mac80211'
+ channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
+ hwmode: '11a'
+ country: AT
+ path: "{{ accesspoint_wireless_device_paths['5g'] }}"
+ htmode: 'VHT80'
+
+ - name: wifi-device 'radio24'
+ options:
+ type: 'mac80211'
+ channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
+ hwmode: '11g'
+ country: AT
+ path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
+ htmode: 'HT20'
+
+accesspoint_wireless_ifaces: []
+# accesspoint_wireless_iface_template:
+# - name: wifi-iface '{{ item }}24s'
+# options:
+# device: 'radio24'
+# network: '{{ item }}'
+# mode: 'ap'
+# ssid: '{{ accesspoint_zones[item].ssid }}24'
+# encryption: '{{ accesspoint_zones[item].encryption }}'
+# key: '{{ accesspoint_zones[item].key }}'
+
+# - name: wifi-iface '{{ item }}5s'
+# options:
+# device: 'radio5'
+# network: '{{ item }}'
+# mode: 'ap'
+# ssid: '{{ accesspoint_zones[item].ssid }}5'
+# encryption: '{{ accesspoint_zones[item].encryption }}'
+# key: '{{ accesspoint_zones[item].key }}'
+
+# - name: wifi-iface '{{ item }}24'
+# options:
+# device: 'radio24'
+# network: '{{ item }}'
+# mode: 'ap'
+# ssid: '{{ accesspoint_zones[item].ssid }}'
+# encryption: '{{ accesspoint_zones[item].encryption }}'
+# key: '{{ accesspoint_zones[item].key }}'
+
+# - name: wifi-iface '{{ item }}5'
+# options:
+# device: 'radio5'
+# network: '{{ item }}'
+# mode: 'ap'
+# ssid: '{{ accesspoint_zones[item].ssid }}'
+# encryption: '{{ accesspoint_zones[item].encryption }}'
+# key: '{{ accesspoint_zones[item].key }}'
+
+
+
+
+
+openwrt_variant: openwrt
+openwrt_release: 18.06.1
openwrt_arch: ar71xx
openwrt_target: generic
openwrt_profile: ubnt-unifiac-lite
- "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
openwrt_mixin:
+ /etc/sysctl.conf:
+ content: |
+ # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
+ #
+ # disable IP forwarding, we don't need it since we are
+ # only an AP that bridges VLANs to Wifi SSIDs
+ net.ipv4.conf.default.forwarding=0
+ net.ipv4.conf.all.forwarding=0
+ net.ipv4.ip_forward=0
+ net.ipv6.conf.default.forwarding=0
+ net.ipv6.conf.all.forwarding=0
+
/etc/dropbear/authorized_keys:
content: |-
{% for key in noc_ssh_keys %}
{{ key }}
{% endfor %}
+ /root/.config/htop/htoprc:
+ content: |
+ # Beware! This file is rewritten by htop when settings are changed in the interface.
+ # The parser is also very primitive, and not human-friendly.
+ fields=0 48 17 18 38 39 40 2 46 47 49 1
+ sort_key=46
+ sort_direction=1
+ hide_threads=0
+ hide_kernel_threads=1
+ hide_userland_threads=0
+ shadow_other_users=0
+ show_thread_names=0
+ show_program_path=1
+ highlight_base_name=1
+ highlight_megabytes=1
+ highlight_threads=1
+ tree_view=1
+ header_margin=1
+ detailed_cpu_time=0
+ cpu_count_from_zero=0
+ update_process_names=0
+ account_guest_in_cpu_meter=0
+ color_scheme=0
+ delay=15
+ left_meters=AllCPUs Memory Swap
+ left_meter_modes=1 1 1
+ right_meters=Tasks LoadAverage Uptime
+ right_meter_modes=2 2 2
+
+
openwrt_uci:
system:
- name: system
- '2.lede.pool.ntp.org'
- '3.lede.pool.ntp.org'
- network:
- - name: globals 'globals'
- options:
- ula_prefix: fdc9:e01f:83db::/48
-
- - name: interface 'loopback'
+ dropbear:
+ - name: dropbear
options:
- ifname: lo
- proto: static
- ipaddr: 127.0.0.1
- netmask: 255.0.0.0
+ PasswordAuth: 'off'
+ RootPasswordAuth: 'off'
+ Port: '22000'
- - name: interface 'mgmt'
- options:
- type: bridge
- ifname: "eth0.{{ net.mgmt.vlan }}"
- accept_ra: 0
- proto: static
- ipaddr: "{{ net.mgmt.prefix | ipaddr(net.mgmt.offsets.accesspoints + groups.accesspoints.index(inventory_hostname)) | ipaddr('address') }}"
- netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
- gateway: "{{ net.mgmt.gw }}"
- dns: "{{ net.mgmt.dns | join(' ') }}"
- dns_search: realraum.at
-
- - name: interface 'iot'
- options:
- type: bridge
- ifname: "eth0.{{ net.iot.vlan }}"
- accept_ra: 0
- proto: none
-
- - name: interface 'lan'
- options:
- type: bridge
- ifname: "eth0.{{ net.lan.vlan }}"
- accept_ra: 0
- proto: none
+ network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
+ wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"