ansible/group_vars/accesspoints/main.yml

   1 ---
   2 ssh_users_root:
   3   - equinox
   4   - nicoo
   5
   6 accesspoint_wifi_channels:
   7   2.4g:
   8     ap0: 3
   9     ap1: 8
  10     ap2: 13
  11   5g:
  12     ap0: 36
  13     ap1: 48
  14     ap2: 40
  15
  16 accesspoint_zones:
  17   iot:
  18     ssid: "realstuff"
  19     encryption: "psk2"
  20     key: "{{ vault_accesspoint_zones.iot.key }}"
  21   guests:
  22     ssid: "realraum"
  23     encryption: "psk2"
  24     key: "{{ vault_accesspoint_zones.guests.key }}"
  25   # members:
  26   #   ssid: "r3members"
  27   #   encryption: "psk2"
  28   #   key: "{{ vault_accesspoint_zones.members.key }}"
  29
  30
  31
  32 accesspoint_wired_interface: eth0
  33 accesspoint_wireless_device_paths:
  34   2.4g: "platform/qca956x_wmac"
  35   5g: "pci0000:00/0000:00:00.0"
  36
  37 accesspoint_network_base:
  38   - name: globals 'globals'
  39     options:
  40       ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
  41
  42   - name: interface 'loopback'
  43     options:
  44       ifname: lo
  45       proto: static
  46       ipaddr: 127.0.0.1
  47       netmask: 255.0.0.0
  48
  49   - name: interface 'raw'
  50     options:
  51       ifname: "{{ accesspoint_wired_interface }}"
  52       proto: none
  53       accept_ra: 0
  54
  55   - name: interface 'mgmt'
  56     options:
  57       type: bridge
  58       ifname: "{{ accesspoint_wired_interface }}.{{ net.mgmt.vlan }}"
  59       accept_ra: 0
  60       proto: static
  61       ipaddr: "{{ net.mgmt.prefix | ipaddr(net.mgmt.offsets.accesspoints + groups.accesspoints.index(inventory_hostname)) | ipaddr('address') }}"
  62       netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
  63       gateway: "{{ net.mgmt.gw }}"
  64       dns: "{{ net.mgmt.dns | join(' ') }}"
  65       dns_search: realraum.at
  66
  67 accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
  68 accesspoint_network_zones_yaml: |
  69   {% for item in accesspoint_zones.keys() %}
  70   - name: interface "{{ item }}"
  71     options:
  72       type: bridge
  73       ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
  74       accept_ra: 0
  75       proto: none
  76   {% endfor %}
  77
  78
  79 accesspoint_wireless_devices:
  80   - name: wifi-device 'radio5g'
  81     options:
  82       type: 'mac80211'
  83       channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
  84       hwmode: '11a'
  85       country: AT
  86       path: "{{ accesspoint_wireless_device_paths['5g'] }}"
  87       htmode: 'VHT80'
  88
  89   - name: wifi-device 'radio2g4'
  90     options:
  91       type: 'mac80211'
  92       channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
  93       hwmode: '11g'
  94       country: AT
  95       path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
  96       htmode: 'HT20'
  97
  98
  99 ## TODO: set up 802.11r see:
 100 ##        * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
 101 ##        * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
 102 accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
 103 accesspoint_wireless_types:
 104   - { name: only, ssid: 2.4, freq: 2g4 }
 105   - { name: only, ssid: 5, freq: 5g }
 106   - { name: '', ssid: '', freq: 2g4 }
 107   - { name: '', ssid: '', freq: 5g }
 108 accesspoint_wireless_ifaces_yaml: |
 109   {% for zone in accesspoint_zones.keys() %}
 110   {%   for item in accesspoint_wireless_types %}
 111   - name: wifi-iface '{{ zone }}{{ item.freq }}{{ item.name }}'
 112     options:
 113       device: 'radio{{ item.freq }}'
 114       network: '{{ zone }}'
 115       mode: 'ap'
 116       disassoc_low_ack: '1'
 117       rsn_preauth: '1'
 118       ssid: '{{ accesspoint_zones[zone].ssid }}{{ item.ssid }}'
 119       encryption: '{{ accesspoint_zones[zone].encryption }}'
 120       key: '{{ accesspoint_zones[zone].key }}'
 121   {%   endfor %}
 122   {% endfor %}
 123
 124
 125
 126 openwrt_variant: openwrt
 127 openwrt_release: 18.06.1
 128 openwrt_arch: ar71xx
 129 openwrt_target: generic
 130 openwrt_profile: ubnt-unifiac-lite
 131 openwrt_output_image_suffixes:
 132   - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
 133
 134 openwrt_mixin:
 135   /etc/sysctl.conf:
 136     content: |
 137       # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
 138       #
 139       # disable IP forwarding, we don't need it since we are
 140       # only an AP that bridges VLANs to Wifi SSIDs
 141       net.ipv4.conf.default.forwarding=0
 142       net.ipv4.conf.all.forwarding=0
 143       net.ipv4.ip_forward=0
 144       net.ipv6.conf.default.forwarding=0
 145       net.ipv6.conf.all.forwarding=0
 146
 147   /etc/dropbear/authorized_keys:
 148     content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
 149
 150   /etc/htoprc:
 151     file: "{{ global_files_dir }}/common/htoprc"
 152
 153
 154 openwrt_uci:
 155   system:
 156     - name: system
 157       options:
 158         hostname: '{{ inventory_hostname }}'
 159         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
 160         ttylogin: '0'
 161         log_size: '64'
 162         urandom_seed: '0'
 163
 164     - name: timeserver 'ntp'
 165       options:
 166         enabled: '1'
 167         enable_server: '0'
 168         server:
 169           - '0.lede.pool.ntp.org'
 170           - '1.lede.pool.ntp.org'
 171           - '2.lede.pool.ntp.org'
 172           - '3.lede.pool.ntp.org'
 173
 174   dropbear:
 175     - name: dropbear
 176       options:
 177         PasswordAuth: 'off'
 178         RootPasswordAuth: 'off'
 179         Port: '22000'
 180
 181   network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
 182   wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"