don't force roaming on iot wifi

[noc.git] / ansible / group_vars / accesspoints / main.yml

diff --git a/ansible/group_vars/accesspoints/main.yml b/ansible/group_vars/accesspoints/main.yml
index 480ccaa..a06696e 100644 (file)
--- a/ansible/group_vars/accesspoints/main.yml
+++ b/ansible/group_vars/accesspoints/main.yml
@@ -1,4 +1,8 @@
 ---
+ssh_users_root:
+  - equinox
+  - nicoo
+
 accesspoint_wifi_channels:
   2.4g:
     ap0: 3
@@ -13,15 +17,21 @@ accesspoint_zones:
   iot:
     ssid: "realstuff"
     encryption: "psk2"
-    key: "this-should-come-from-vault"
+    key: "{{ vault_accesspoint_zones.iot.key }}"
   guests:
     ssid: "realraum"
     encryption: "psk2"
-    key: "same-here"
-  members:
-    ssid: "r3members"
-    encryption: "psk2"
-    key: "this-will-probably-use-radius-and-not-even-have-a-key"
+    key: "{{ vault_accesspoint_zones.guests.key }}"
+    extra_options:
+      disassoc_low_ack: '1'
+      rsn_preauth: '1'
+  # members:
+  #   ssid: "r3members"
+  #   encryption: "psk2"
+  #   key: "{{ vault_accesspoint_zones.members.key }}"
+  #   extra_options:
+  #     disassoc_low_ack: '1'
+  #     rsn_preauth: '1'
 
 
 
@@ -60,19 +70,20 @@ accesspoint_network_base:
       dns: "{{ net.mgmt.dns | join(' ') }}"
       dns_search: realraum.at
 
-accesspoint_network_zones: []
-# accesspoint_network_zone_template:
-#   - name: interface '{{ item }}'
-#     options:
-#       type: bridge
-#       ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
-#       accept_ra: 0
-#       proto: none
-
+accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
+accesspoint_network_zones_yaml: |
+  {% for item in accesspoint_zones.keys() %}
+  - name: interface "{{ item }}"
+    options:
+      type: bridge
+      ifname: "{{ accesspoint_wired_interface }}.{{ net[item].vlan }}"
+      accept_ra: 0
+      proto: none
+  {% endfor %}
 
 
 accesspoint_wireless_devices:
-  - name: wifi-device 'radio5'
+  - name: wifi-device 'radio5g'
     options:
       type: 'mac80211'
       channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
@@ -81,7 +92,7 @@ accesspoint_wireless_devices:
       path: "{{ accesspoint_wireless_device_paths['5g'] }}"
       htmode: 'VHT80'
 
-  - name: wifi-device 'radio24'
+  - name: wifi-device 'radio2g4'
     options:
       type: 'mac80211'
       channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
@@ -90,45 +101,32 @@ accesspoint_wireless_devices:
       path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
       htmode: 'HT20'
 
-accesspoint_wireless_ifaces: []
-# accesspoint_wireless_iface_template:
-#   - name: wifi-iface '{{ item }}24s'
-#     options:
-#       device: 'radio24'
-#       network: '{{ item }}'
-#       mode: 'ap'
-#       ssid: '{{ accesspoint_zones[item].ssid }}24'
-#       encryption: '{{ accesspoint_zones[item].encryption }}'
-#       key: '{{ accesspoint_zones[item].key }}'
-
-#   - name: wifi-iface '{{ item }}5s'
-#     options:
-#       device: 'radio5'
-#       network: '{{ item }}'
-#       mode: 'ap'
-#       ssid: '{{ accesspoint_zones[item].ssid }}5'
-#       encryption: '{{ accesspoint_zones[item].encryption }}'
-#       key: '{{ accesspoint_zones[item].key }}'
-
-#   - name: wifi-iface '{{ item }}24'
-#     options:
-#       device: 'radio24'
-#       network: '{{ item }}'
-#       mode: 'ap'
-#       ssid: '{{ accesspoint_zones[item].ssid }}'
-#       encryption: '{{ accesspoint_zones[item].encryption }}'
-#       key: '{{ accesspoint_zones[item].key }}'
-
-#   - name: wifi-iface '{{ item }}5'
-#     options:
-#       device: 'radio5'
-#       network: '{{ item }}'
-#       mode: 'ap'
-#       ssid: '{{ accesspoint_zones[item].ssid }}'
-#       encryption: '{{ accesspoint_zones[item].encryption }}'
-#       key: '{{ accesspoint_zones[item].key }}'
-
 
+## TODO: set up 802.11r see:
+##        * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
+##        * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
+accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
+accesspoint_wireless_types:
+  - { name: only, ssid: 2.4, freq: 2g4 }
+  - { name: only, ssid: 5, freq: 5g }
+  - { name: '', ssid: '', freq: 2g4 }
+  - { name: '', ssid: '', freq: 5g }
+accesspoint_wireless_ifaces_yaml: |
+  {% for zone in accesspoint_zones.keys() %}
+  {%   for item in accesspoint_wireless_types %}
+  - name: wifi-iface '{{ zone }}{{ item.freq }}{{ item.name }}'
+    options:
+      device: 'radio{{ item.freq }}'
+      network: '{{ zone }}'
+      mode: 'ap'
+      ssid: '{{ accesspoint_zones[zone].ssid }}{{ item.ssid }}'
+      encryption: '{{ accesspoint_zones[zone].encryption }}'
+      key: '{{ accesspoint_zones[zone].key }}'
+  {%     for opt, val in (accesspoint_zones[zone].extra_options | default({}) ).items() %}
+      {{ opt }}: '{{ val }}'
+  {%     endfor %}
+  {%   endfor %}
+  {% endfor %}
 
 
 
@@ -154,39 +152,10 @@ openwrt_mixin:
       net.ipv6.conf.all.forwarding=0
 
   /etc/dropbear/authorized_keys:
-    content: |-
-      {% for key in noc_ssh_keys %}
-      {{ key }}
-      {% endfor %}
+    content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
 
-  /root/.config/htop/htoprc:
-    content: |
-      # Beware! This file is rewritten by htop when settings are changed in the interface.
-      # The parser is also very primitive, and not human-friendly.
-      fields=0 48 17 18 38 39 40 2 46 47 49 1
-      sort_key=46
-      sort_direction=1
-      hide_threads=0
-      hide_kernel_threads=1
-      hide_userland_threads=0
-      shadow_other_users=0
-      show_thread_names=0
-      show_program_path=1
-      highlight_base_name=1
-      highlight_megabytes=1
-      highlight_threads=1
-      tree_view=1
-      header_margin=1
-      detailed_cpu_time=0
-      cpu_count_from_zero=0
-      update_process_names=0
-      account_guest_in_cpu_meter=0
-      color_scheme=0
-      delay=15
-      left_meters=AllCPUs Memory Swap
-      left_meter_modes=1 1 1
-      right_meters=Tasks LoadAverage Uptime
-      right_meter_modes=2 2 2
+  /etc/htoprc:
+    file: "{{ global_files_dir }}/common/htoprc"
 
 
 openwrt_uci: