ansible/group_vars/accesspoints/main.yml

   1 ---
   2 accesspoint_wifi_channels:
   3   2.4g:
   4     ap0: 3
   5     ap1: 8
   6     ap2: 13
   7   5g:
   8     ap0: 36
   9     ap1: 48
  10     ap2: 40
  11
  12 accesspoint_zones:
  13   iot:
  14     ssid: "realstuff"
  15     encryption: "psk2"
  16     key: "this-should-come-from-vault"
  17   guests:
  18     ssid: "realraum"
  19     encryption: "psk2"
  20     key: "same-here"
  21   members:
  22     ssid: "r3members"
  23     encryption: "psk2"
  24     key: "this-will-probably-use-radius-and-not-even-have-a-key"
  25
  26
  27
  28 accesspoint_wired_interface: eth0
  29 accesspoint_wireless_device_paths:
  30   2.4g: "platform/qca956x_wmac"
  31   5g: "pci0000:00/0000:00:00.0"
  32
  33 accesspoint_network_base:
  34   - name: globals 'globals'
  35     options:
  36       ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
  37
  38   - name: interface 'loopback'
  39     options:
  40       ifname: lo
  41       proto: static
  42       ipaddr: 127.0.0.1
  43       netmask: 255.0.0.0
  44
  45   - name: interface 'raw'
  46     options:
  47       ifname: "{{ accesspoint_wired_interface }}"
  48       proto: none
  49       accept_ra: 0
  50
  51   - name: interface 'mgmt'
  52     options:
  53       type: bridge
  54       ifname: "{{ accesspoint_wired_interface }}.{{ net.mgmt.vlan }}"
  55       accept_ra: 0
  56       proto: static
  57       ipaddr: "{{ net.mgmt.prefix | ipaddr(net.mgmt.offsets.accesspoints + groups.accesspoints.index(inventory_hostname)) | ipaddr('address') }}"
  58       netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
  59       gateway: "{{ net.mgmt.gw }}"
  60       dns: "{{ net.mgmt.dns | join(' ') }}"
  61       dns_search: realraum.at
  62
  63 accesspoint_network_zones: []
  64 # accesspoint_network_zone_template:
  65 #   - name: interface '{{ item }}'
  66 #     options:
  67 #       type: bridge
  68 #       ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
  69 #       accept_ra: 0
  70 #       proto: none
  71
  72
  73
  74 accesspoint_wireless_devices:
  75   - name: wifi-device 'radio5'
  76     options:
  77       type: 'mac80211'
  78       channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
  79       hwmode: '11a'
  80       country: AT
  81       path: "{{ accesspoint_wireless_device_paths['5g'] }}"
  82       htmode: 'VHT80'
  83
  84   - name: wifi-device 'radio24'
  85     options:
  86       type: 'mac80211'
  87       channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
  88       hwmode: '11g'
  89       country: AT
  90       path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
  91       htmode: 'HT20'
  92
  93 accesspoint_wireless_ifaces: []
  94 # accesspoint_wireless_iface_template:
  95 #   - name: wifi-iface '{{ item }}24s'
  96 #     options:
  97 #       device: 'radio24'
  98 #       network: '{{ item }}'
  99 #       mode: 'ap'
 100 #       ssid: '{{ accesspoint_zones[item].ssid }}24'
 101 #       encryption: '{{ accesspoint_zones[item].encryption }}'
 102 #       key: '{{ accesspoint_zones[item].key }}'
 103
 104 #   - name: wifi-iface '{{ item }}5s'
 105 #     options:
 106 #       device: 'radio5'
 107 #       network: '{{ item }}'
 108 #       mode: 'ap'
 109 #       ssid: '{{ accesspoint_zones[item].ssid }}5'
 110 #       encryption: '{{ accesspoint_zones[item].encryption }}'
 111 #       key: '{{ accesspoint_zones[item].key }}'
 112
 113 #   - name: wifi-iface '{{ item }}24'
 114 #     options:
 115 #       device: 'radio24'
 116 #       network: '{{ item }}'
 117 #       mode: 'ap'
 118 #       ssid: '{{ accesspoint_zones[item].ssid }}'
 119 #       encryption: '{{ accesspoint_zones[item].encryption }}'
 120 #       key: '{{ accesspoint_zones[item].key }}'
 121
 122 #   - name: wifi-iface '{{ item }}5'
 123 #     options:
 124 #       device: 'radio5'
 125 #       network: '{{ item }}'
 126 #       mode: 'ap'
 127 #       ssid: '{{ accesspoint_zones[item].ssid }}'
 128 #       encryption: '{{ accesspoint_zones[item].encryption }}'
 129 #       key: '{{ accesspoint_zones[item].key }}'
 130
 131
 132
 133
 134
 135 openwrt_variant: openwrt
 136 openwrt_release: 18.06.1
 137 openwrt_arch: ar71xx
 138 openwrt_target: generic
 139 openwrt_profile: ubnt-unifiac-lite
 140 openwrt_output_image_suffixes:
 141   - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
 142
 143 openwrt_mixin:
 144   /etc/sysctl.conf:
 145     content: |
 146       # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
 147       #
 148       # disable IP forwarding, we don't need it since we are
 149       # only an AP that bridges VLANs to Wifi SSIDs
 150       net.ipv4.conf.default.forwarding=0
 151       net.ipv4.conf.all.forwarding=0
 152       net.ipv4.ip_forward=0
 153       net.ipv6.conf.default.forwarding=0
 154       net.ipv6.conf.all.forwarding=0
 155
 156   /etc/dropbear/authorized_keys:
 157     content: |-
 158       {% for key in noc_ssh_keys %}
 159       {{ key }}
 160       {% endfor %}
 161
 162   /root/.config/htop/htoprc:
 163     content: |
 164       # Beware! This file is rewritten by htop when settings are changed in the interface.
 165       # The parser is also very primitive, and not human-friendly.
 166       fields=0 48 17 18 38 39 40 2 46 47 49 1
 167       sort_key=46
 168       sort_direction=1
 169       hide_threads=0
 170       hide_kernel_threads=1
 171       hide_userland_threads=0
 172       shadow_other_users=0
 173       show_thread_names=0
 174       show_program_path=1
 175       highlight_base_name=1
 176       highlight_megabytes=1
 177       highlight_threads=1
 178       tree_view=1
 179       header_margin=1
 180       detailed_cpu_time=0
 181       cpu_count_from_zero=0
 182       update_process_names=0
 183       account_guest_in_cpu_meter=0
 184       color_scheme=0
 185       delay=15
 186       left_meters=AllCPUs Memory Swap
 187       left_meter_modes=1 1 1
 188       right_meters=Tasks LoadAverage Uptime
 189       right_meter_modes=2 2 2
 190
 191
 192 openwrt_uci:
 193   system:
 194     - name: system
 195       options:
 196         hostname: '{{ inventory_hostname }}'
 197         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
 198         ttylogin: '0'
 199         log_size: '64'
 200         urandom_seed: '0'
 201
 202     - name: timeserver 'ntp'
 203       options:
 204         enabled: '1'
 205         enable_server: '0'
 206         server:
 207           - '0.lede.pool.ntp.org'
 208           - '1.lede.pool.ntp.org'
 209           - '2.lede.pool.ntp.org'
 210           - '3.lede.pool.ntp.org'
 211
 212   dropbear:
 213     - name: dropbear
 214       options:
 215         PasswordAuth: 'off'
 216         RootPasswordAuth: 'off'
 217         Port: '22000'
 218
 219   network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
 220   wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"