don't use main.yml inside group_vars

1 files changed, 177 insertions, 0 deletions

diff --git a/inventory/group_vars/accesspoints/vars.yml b/inventory/group_vars/accesspoints/vars.yml
new file mode 100644
index 00000000..704dcbf3
--- /dev/null
+++ b/inventory/group_vars/accesspoints/vars.yml
@@ -0,0 +1,177 @@
+---
+accesspoint_wired_interface: eth0
+accesspoint_wireless_device_paths:
+  2g4: "platform/qca956x_wmac"
+  5g: "pci0000:00/0000:00:00.0"
+
+accesspoint_wireless_frequencies:
+  - 2g4
+  - 5g
+
+
+accesspoint_network_base:
+  - name: globals 'globals'
+    options:
+      ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
+
+  - name: interface 'loopback'
+    options:
+      ifname: lo
+      proto: static
+      ipaddr: 127.0.0.1
+      netmask: 255.0.0.0
+
+  - name: interface 'mgmt'
+    options:
+      ifname: "{{ accesspoint_wired_interface }}{% if 'vlan' in network_mgmt_zone %}.{{ network_mgmt_zone.vlan }}{% endif %}"
+      accept_ra: 0
+      proto: static
+      ipaddr: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
+      netmask: "{{ network_mgmt_zone.prefix | ipaddr('netmask') }}"
+
+accesspoint_network_zones: {}
+
+
+accesspoint_wireless_devices:
+  - name: wifi-device 'radio5g'
+    options:
+      type: 'mac80211'
+      channel: "{{ accesspoint_wifi_channels['5g'][inventory_hostname] }}"
+      hwmode: '11a'
+      country: AT
+      path: "{{ accesspoint_wireless_device_paths['5g'] }}"
+      htmode: 'VHT80'
+
+  - name: wifi-device 'radio2g4'
+    options:
+      type: 'mac80211'
+      channel: "{{ accesspoint_wifi_channels['2g4'][inventory_hostname] }}"
+      hwmode: '11g'
+      country: AT
+      path: "{{ accesspoint_wireless_device_paths['2g4'] }}"
+      htmode: 'HT20'
+
+accesspoint_wireless_ifaces: {}
+
+
+openwrt_variant: openwrt
+openwrt_release: 19.07.1
+openwrt_arch: ar71xx
+openwrt_target: generic
+openwrt_profile: ubnt-unifiac-lite
+openwrt_output_image_suffixes:
+  - "{{ openwrt_target }}-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
+
+openwrt_packages_remove:
+  - ppp
+  - ppp-mod-pppoe
+  - dnsmasq
+  - firewall
+  - odhcpd
+  - odhcpd-ipv6only
+openwrt_packages_add:
+  - haveged
+  - htop
+  - ip
+  - less
+  - nano
+  - tcpdump-mini
+  - horst
+
+openwrt_mixin:
+  /etc/sysctl.conf:
+    content: |
+      # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
+      #
+      # disable IP forwarding, we don't need it since we are
+      # only an AP that bridges VLANs to Wifi SSIDs
+      net.ipv4.conf.default.forwarding=0
+      net.ipv4.conf.all.forwarding=0
+      net.ipv4.ip_forward=0
+      net.ipv6.conf.default.forwarding=0
+      net.ipv6.conf.all.forwarding=0
+
+  /etc/dropbear/authorized_keys:
+    content: "{{ ssh_keys_root | join('\n') }}\n"
+
+  /etc/htoprc:
+    file: "{{ global_files_dir }}/common/htoprc"
+
+  /etc/rc.d/S22network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/rc.d/K91network-fw:
+    link: "../init.d/network-fw"
+
+  /etc/init.d/network-fw:
+    mode: "0755"
+    content: |
+      #!/bin/sh /etc/rc.common
+
+      START=22
+      STOP=91
+
+      MGMT_IF=$(uci get network.mgmt.ifname)
+      MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
+      MGMT_NETMASK=$(uci get network.mgmt.netmask)
+
+      start() {
+        iptables -A INPUT -i lo -j ACCEPT
+        iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
+        iptables -P INPUT DROP
+        iptables -P FORWARD DROP
+      }
+
+      stop() {
+        iptables -P INPUT ACCEPT
+        iptables -F INPUT
+        iptables -P FORWARD ACCEPT
+      }
+
+  /usr/bin/list-stations:
+    mode: "0755"
+    content: |
+      #!/bin/sh
+
+      interfaces=$(iw dev  | grep "Interface " | awk '{ print($2) }' | sort)
+
+      for interface in $interfaces; do
+        essid=$(iw $interface info | grep "ssid " | awk '{ print($2) }')
+        bssid=$(iw $interface info | grep "addr " | awk '{ print($2) }')
+        echo "$interface ($bssid, ssid: $essid)"
+        iw $interface station dump | grep "^Station" | awk '{ print(" - "$2) }';
+        echo "";
+      done
+
+      exit 0
+
+
+openwrt_uci:
+  system:
+    - name: system
+      options:
+        hostname: '{{ inventory_hostname }}'
+        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
+        ttylogin: '0'
+        log_size: '64'
+        urandom_seed: '0'
+
+    - name: timeserver 'ntp'
+      options:
+        enabled: '1'
+        enable_server: '0'
+        server:
+          - '0.lede.pool.ntp.org'
+          - '1.lede.pool.ntp.org'
+          - '2.lede.pool.ntp.org'
+          - '3.lede.pool.ntp.org'
+
+  dropbear:
+    - name: dropbear
+      options:
+        PasswordAuth: 'off'
+        RootPasswordAuth: 'off'
+        Port: '{{ ansible_port }}'
+
+  network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
+  wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"