move some legacy stuff to graveyard

4 files changed, 176 insertions, 0 deletions

diff --git a/_graveyard_/dan/ele-dolmetsch-ctl.yml b/_graveyard_/dan/ele-dolmetsch-ctl.yml
new file mode 100644
index 00000000..c9d47ea8
--- /dev/null
+++ b/_graveyard_/dan/ele-dolmetsch-ctl.yml
@@ -0,0 +1,8 @@
+---
+- name: Basic Setup
+  hosts: ele-dolmetsch-ctl
+  connection: local
+  gather_facts: no
+
+  roles:
+  - role: openwrt/image
diff --git a/_graveyard_/inventory/group_vars/dolmetsch-ctl/vars.yml b/_graveyard_/inventory/group_vars/dolmetsch-ctl/vars.yml
new file mode 100644
index 00000000..a86517c0
--- /dev/null
+++ b/_graveyard_/inventory/group_vars/dolmetsch-ctl/vars.yml
@@ -0,0 +1,150 @@
+---
+openwrt_variant: lede
+openwrt_release: 17.01.6
+openwrt_arch: ar71xx
+openwrt_target: generic
+openwrt_profile: tl-wr710n-v2
+openwrt_output_image_suffixes:
+  - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
+
+openwrt_packages_remove:
+  - kmod-gpio-button-hotplug
+  - kmod-ath9k
+  - wpad-mini
+  - ppp
+  - ppp-mod-pppoe
+  - dnsmasq
+  - firewall
+  - odhcpd
+  - odhcpd-ipv6only
+openwrt_packages_add:
+  - haveged
+  - htop
+  - ip
+  - less
+  - nano
+  - tcpdump-mini
+  - kmod-usb-audio
+  - alsa-lib
+  - alsa-utils
+  - alsa-utils-seq
+
+
+openwrt_mixin:
+  /etc/sysctl.conf:
+    content: |
+      # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
+      #
+      # disable IP forwarding, we don't need it since we are no router
+      net.ipv4.conf.default.forwarding=0
+      net.ipv4.conf.all.forwarding=0
+      net.ipv4.ip_forward=0
+      net.ipv6.conf.default.forwarding=0
+      net.ipv6.conf.all.forwarding=0
+
+  /etc/dropbear/authorized_keys:
+    content: "{{ ssh_keys_root | join('\n') }}\n"
+
+  /etc/htoprc:
+    file: "{{ global_files_dir }}/common/htoprc"
+
+  /etc/rc.d/S22network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/rc.d/K91network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/init.d/network-fw:
+    mode: "0755"
+    content: |
+      #!/bin/sh /etc/rc.common
+
+      START=22
+      STOP=91
+
+      start() {
+        MGMT_IF=$(uci get network.mgmt.ifname)
+        MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
+        MGMT_NETMASK=$(uci get network.mgmt.netmask)
+        MIXER_IF=br-mixer
+        MIXER_IPADDR=$(uci get network.mixer.ipaddr)
+        MIXER_NETMASK=$(uci get network.mixer.netmask)
+
+
+        iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
+        iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
+
+        iptables -A INPUT -i "$MIXER_IF" -p tcp --dport {{ ansible_port }} -d "$MIXER_IPADDR" -j REJECT --reject-with tcp-reset
+        iptables -A INPUT -i "$MIXER_IF" -p icmp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
+        iptables -A INPUT -i "$MIXER_IF" -p udp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
+        iptables -A INPUT -i "$MIXER_IF" -p tcp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
+        iptables -A INPUT -i "$MIXER_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+        iptables -P INPUT DROP
+        iptables -P FORWARD DROP
+      }
+
+      stop() {
+        iptables -P INPUT ACCEPT
+        iptables -F INPUT
+        iptables -P FORWARD ACCEPT
+      }
+
+
+openwrt_uci:
+  system:
+    - name: system
+      options:
+        hostname: '{{ inventory_hostname }}'
+        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
+        ttylogin: '0'
+        log_size: '64'
+        urandom_seed: '0'
+
+    - name: timeserver 'ntp'
+      options:
+        enabled: '1'
+        enable_server: '0'
+        server:
+          - '0.lede.pool.ntp.org'
+          - '1.lede.pool.ntp.org'
+          - '2.lede.pool.ntp.org'
+          - '3.lede.pool.ntp.org'
+
+  dropbear:
+    - name: dropbear
+      options:
+        PasswordAuth: 'off'
+        RootPasswordAuth: 'off'
+        Port: '{{ ansible_port }}'
+
+  network:
+    - name: globals 'globals'
+      options:
+        ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
+
+    - name: interface 'loopback'
+      options:
+        ifname: lo
+        proto: static
+        ipaddr: 127.0.0.1
+        netmask: 255.0.0.0
+
+    - name: interface 'mgmt'
+      options:
+        ifname: "eth0.{{ network_mgmt_zone.vlan }}"
+        accept_ra: 0
+        proto: static
+        ipaddr: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
+        netmask: "{{ network_mgmt_zone.prefix | ipaddr('netmask') }}"
+
+    - name: interface 'mixer'
+      options:
+        type: bridge
+        ifname: "eth0.{{ network_mixer_zone.vlan }} eth1"
+        accept_ra: 0
+        proto: static
+        ipaddr: "{{ network_mixer_zone.prefix | ipaddr(network_mixer_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
+        netmask: "{{ network_mixer_zone.prefix | ipaddr('netmask') }}"
+        gateway: "{{ network_mixer_zone.gateway }}"
+        dns: "{{ network_mixer_zone.dns }}"
diff --git a/_graveyard_/inventory/group_vars/ele-dolmetsch-ctl/vars.yml b/_graveyard_/inventory/group_vars/ele-dolmetsch-ctl/vars.yml
new file mode 100644
index 00000000..a69d45ee
--- /dev/null
+++ b/_graveyard_/inventory/group_vars/ele-dolmetsch-ctl/vars.yml
@@ -0,0 +1,3 @@
+---
+network_mgmt_zone: "{{ network_zones.mgmt }}"
+network_mixer_zone: "{{ network_zones.mixer }}"
diff --git a/_graveyard_/inventory/hosts.ini b/_graveyard_/inventory/hosts.ini
index f53d6a86..dc326c3d 100644
--- a/_graveyard_/inventory/hosts.ini
+++ b/_graveyard_/inventory/hosts.ini
@@ -19,6 +19,17 @@ r3-cccamp19-av host_name=av
 
 
 ###############################
+# environment: dan
+
+[ele-dolmetsch-ctl]
+ele-dol-mixer
+ele-dol-translator
+
+[elevate:children]
+ele-dolmetsch-ctl
+
+
+###############################
 # host categories
 
 [dellos6]
@@ -34,3 +45,7 @@ r3-cccamp19-flora
 r3-cccamp19-verr
 r3-cccamp19-feedcode
 r3-cccamp19-av
+
+
+[dolmetsch-ctl:children]
+ele-dolmetsch-ctl