added elevate accesspoints (WIP)

5 files changed, 224 insertions, 0 deletions

diff --git a/dan/ele-ap.yml b/dan/ele-ap.yml
new file mode 100644
index 00000000..45e65385
--- /dev/null
+++ b/dan/ele-ap.yml
@@ -0,0 +1,6 @@
+---
+- hosts: ele-ap
+  connection: local
+  roles:
+    - role: openwrt/image
+      delegate_to: localhost
diff --git a/dan/group_vars/ele-ap.yml b/dan/group_vars/ele-ap.yml
new file mode 100644
index 00000000..e2fa2029
--- /dev/null
+++ b/dan/group_vars/ele-ap.yml
@@ -0,0 +1,14 @@
+$ANSIBLE_VAULT;1.2;AES256;dan
+36363930303936313565623666326261663431626135333437363838666533363761356466313961
+3663353830303861323030333933316261313364373466320a343161366231333333316631646636
+31623261336238656332373534663839326165633932393639346536373732326533363835336237
+6132343734346364340a333266366362306162666461353063316464316163373663666536653539
+37323832386530623530326663633535663164633231356139656333393236653562643437306233
+37656666653338363334346363343834656434633835353231386462316631313531636631373635
+66313061666636386565656465363462343631383236343964626463366633383133383866393031
+37633332323865663566643464626539373733383034353532333438346162616362633838373864
+35636364643363663034666237303138636134633666313839386365633562646661623531306662
+33396530393765313631343836393635356431323064386165363333323666373234656338316139
+39333032626336663431366430643562336565353361336263393836353065666561623237343938
+33333130373839653930643433333339373463643461663139346139393766356535396562633832
+3336
diff --git a/inventory/group_vars/ele-ap/main.yml b/inventory/group_vars/ele-ap/main.yml
new file mode 100644
index 00000000..df5806ea
--- /dev/null
+++ b/inventory/group_vars/ele-ap/main.yml
@@ -0,0 +1,188 @@
+---
+accesspoint_wifi_channels:
+  2.4g:
+    ele-ap-forum0: 3
+    ele-ap-forum1: 8
+    ele-ap-forum2: 13
+    ele-ap-dom0: 6
+    ele-ap-kunsthaus0: 6
+    ele-ap-orpheum0: 6
+  5g:
+    ele-ap-forum0: 36
+    ele-ap-forum1: 48
+    ele-ap-forum2: 40
+    ele-ap-dom0: 40
+    ele-ap-kunsthaus0: 40
+    ele-ap-orpheum0: 40
+
+accesspoint_zones:
+  lan:
+    ssid: "elevate staff"
+    encryption: "psk2"
+    key: "{{ vault_ele_ap.accesspoint_zones.lan.key }}"
+  guest:
+    ssid: "elevate public"
+    encryption: "psk2"
+    key: "{{ vault_ele_ap.accesspoint_zones.guest.key }}"
+  infoscreens:
+    ssid: "elevate infoscreens"
+    encryption: "psk2"
+    key: "{{ vault_ele_ap.accesspoint_zones.infoscreens.key }}"
+
+
+
+accesspoint_wired_interface: eth0
+accesspoint_wireless_device_paths:
+  2.4g: "platform/qca956x_wmac"
+  5g: "pci0000:00/0000:00:00.0"
+
+accesspoint_network_base:
+  - name: globals 'globals'
+    options:
+      ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
+
+  - name: interface 'loopback'
+    options:
+      ifname: lo
+      proto: static
+      ipaddr: 127.0.0.1
+      netmask: 255.0.0.0
+
+  - name: interface 'mgmt'
+    options:
+      ifname: "{{ accesspoint_wired_interface }}.{{ network_zones.mgmt.vlan }}"
+      accept_ra: 0
+      proto: static
+      ipaddr: "{{ network_zones.mgmt.prefix | ipaddr(network_zones.mgmt.offsets[inventory_hostname]) | ipaddr('address') }}"
+      netmask: "{{ network_zones.mgmt.prefix | ipaddr('netmask') }}"
+
+accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
+accesspoint_network_zones_yaml: |
+  {% for zone_name in accesspoint_zones.keys() %}
+  - name: "interface '{{ zone_name }}'"
+    options:
+      type: bridge
+      ifname: "{{ accesspoint_wired_interface }}.{{ network_zones[zone_name].vlan }}"
+      accept_ra: 0
+      proto: none
+  {% endfor %}
+
+
+accesspoint_wireless_devices:
+  - name: wifi-device 'radio5g'
+    options:
+      type: 'mac80211'
+      channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
+      hwmode: '11a'
+      country: AT
+      path: "{{ accesspoint_wireless_device_paths['5g'] }}"
+      htmode: 'VHT80'
+
+  - name: wifi-device 'radio2g4'
+    options:
+      type: 'mac80211'
+      channel: "{{ accesspoint_wifi_channels['2.4g'][inventory_hostname] }}"
+      hwmode: '11g'
+      country: AT
+      path: "{{ accesspoint_wireless_device_paths['2.4g'] }}"
+      htmode: 'HT20'
+
+
+## TODO: set up 802.11r see:
+##        * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
+##        * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
+accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
+accesspoint_wireless_frequencies:
+  - 2g4
+  - 5g
+accesspoint_wireless_ifaces_yaml: |
+  {% for zone in accesspoint_zones.keys() %}
+  {%   for freq in accesspoint_wireless_frequencies %}
+  - name: wifi-iface '{{ zone }}{{ freq }}'
+    options:
+      device: 'radio{{ freq }}'
+      network: '{{ zone }}'
+      mode: 'ap'
+      disassoc_low_ack: '1'
+      rsn_preauth: '1'
+      ssid: '{{ accesspoint_zones[zone].ssid }}'
+      encryption: '{{ accesspoint_zones[zone].encryption }}'
+      key: '{{ accesspoint_zones[zone].key }}'
+  {%   endfor %}
+  {% endfor %}
+
+
+
+openwrt_variant: openwrt
+openwrt_release: 18.06.1
+openwrt_arch: ar71xx
+openwrt_target: generic
+openwrt_profile: ubnt-unifiac-lite
+openwrt_output_image_suffixes:
+  - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
+
+openwrt_packages_remove:
+  - ppp
+  - ppp-mod-pppoe
+  - dnsmasq
+  - firewall
+  - odhcpd
+  - odhcpd-ipv6only
+openwrt_packages_add:
+  - haveged
+  - htop
+  - ip
+  - less
+  - nano
+  - tcpdump-mini
+
+
+openwrt_mixin:
+  /etc/sysctl.conf:
+    content: |
+      # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
+      #
+      # disable IP forwarding, we don't need it since we are
+      # only an AP that bridges VLANs to Wifi SSIDs
+      net.ipv4.conf.default.forwarding=0
+      net.ipv4.conf.all.forwarding=0
+      net.ipv4.ip_forward=0
+      net.ipv6.conf.default.forwarding=0
+      net.ipv6.conf.all.forwarding=0
+
+  /etc/dropbear/authorized_keys:
+    content: "{{ ssh_keys_root | join('\n') }}\n"
+
+  /etc/htoprc:
+    file: "{{ global_files_dir }}/common/htoprc"
+
+
+openwrt_uci:
+  system:
+    - name: system
+      options:
+        hostname: '{{ inventory_hostname }}'
+        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
+        ttylogin: '0'
+        log_size: '64'
+        urandom_seed: '0'
+
+    - name: timeserver 'ntp'
+      options:
+        enabled: '1'
+        enable_server: '0'
+        server:
+          - '0.lede.pool.ntp.org'
+          - '1.lede.pool.ntp.org'
+          - '2.lede.pool.ntp.org'
+          - '3.lede.pool.ntp.org'
+
+  dropbear:
+    - name: dropbear
+      options:
+        PasswordAuth: 'off'
+        RootPasswordAuth: 'off'
+        Port: '22000'
+
+  network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
+  wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"
diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml
index f0d0af36..2d2b3d70 100644
--- a/inventory/group_vars/elevate-festival/main.yml
+++ b/inventory/group_vars/elevate-festival/main.yml
@@ -25,6 +25,12 @@ network_zones:
     vlan: 42
     prefix: 192.168.42.0/24
     offsets:
+      ele-ap-forum0: 210
+      ele-ap-forum1: 211
+      ele-ap-forum2: 212
+      ele-ap-dom0: 220
+      ele-ap-kunsthaus0: 230
+      ele-ap-orpheum0: 240
       ele-router: 254
 
   mixer:
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 9a23a64a..d8616668 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -73,6 +73,12 @@ sk2013 host_name=2013
 sk2016 host_name=2016
 
 
+[ele-ap]
+ele-ap-forum[0:2]
+ele-ap-dom0
+ele-ap-kunsthaus0
+ele-ap-orpheum0
+
 [elevate:vars]
 host_domain=elevate.at
 env_group=dan
@@ -81,6 +87,10 @@ env_group=dan
 ele-media host_name=media
 ele-router
 
+[elevate:children]
+ele-ap
+
+
 ###############################
 # host categories