elevate: prepare routers for e23

1 files changed, 0 insertions, 290 deletions

diff --git a/inventory/host_vars/ele-router-leslie.yml b/inventory/host_vars/ele-router-leslie.yml
deleted file mode 100644
index 1aa9a2b2..00000000
--- a/inventory/host_vars/ele-router-leslie.yml
+++ /dev/null
@@ -1,290 +0,0 @@
----
-network_mgmt_zone: "{{ network_zones.mgmt }}"
-
-network_internal_zone_names:
-  - lan
-  - guest
-  - infoscreens
-
-
-
-openwrt_network_external:
-  - name: interface 'citycom'
-    options:
-      device: 'eth1'
-      proto: static
-      ipaddr: "{{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr(network_zones.cc_leslie.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}"
-      netmask: "{{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr('netmask') }}"
-      gateway: "{{ network_zones.cc_leslie.gateway }}"
-      dns: "{{ network_zones.cc_leslie.dns }}"
-      accept_ra: 0
-
-openwrt_network_internal: "{{ openwrt_network_internal_yaml | from_yaml }}"
-openwrt_network_internal_yaml: |
-  {% for zone_name in network_internal_zone_names %}
-  - name: "interface '{{ zone_name }}'"
-    options:
-      device: "eth0.{{ network_zones[zone_name].vlan }}"
-      proto: static
-      ipaddr: "{{ network_zones[zone_name].gateway }}"
-      netmask: "{{ network_zones[zone_name].prefix | ansible.utils.ipaddr('netmask') }}"
-      accept_ra: 0
-  {% endfor %}
-
-
-openwrt_network_base:
-  - name: globals 'globals'
-    options:
-      ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
-
-  - name: interface 'loopback'
-    options:
-      device: lo
-      proto: static
-      ipaddr: 127.0.0.1
-      netmask: 255.0.0.0
-
-  - name: interface 'mgmt'
-    options:
-      device: "eth0.{{ network_mgmt_zone.vlan }}"
-      proto: static
-      ipaddr: "{{ network_mgmt_zone.prefix | ansible.utils.ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}"
-      netmask: "{{ network_mgmt_zone.prefix | ansible.utils.ipaddr('netmask') }}"
-      accept_ra: 0
-
-
-
-openwrt_dhcp_external:
-  - name: dhcp 'citycom'
-    options:
-      interface: 'citycom'
-      ignore: '1'
-
-
-openwrt_dhcp_internal: "{{ openwrt_dhcp_internal_yaml | from_yaml }}"
-openwrt_dhcp_internal_yaml: |
-  {% for zone_name in network_internal_zone_names %}
-  - name: "dhcp '{{ zone_name }}'"
-    options:
-      interface: "{{ zone_name }}"
-  {%  if 'dhcp' in network_zones[zone_name] %}
-      start: {{ network_zones[zone_name].dhcp.start }}
-      limit: {{ network_zones[zone_name].dhcp.limit }}
-      leasetime: {{ network_zones[zone_name].dhcp.leasetime | default('12h') }}
-      dhcpv6: 'disabled'
-      ra: 'disabled'
-  {%  else %}
-      ignore: '1'
-  {%  endif %}
-  {% endfor %}
-
-
-openwrt_dhcp_base:
-  - name: dnsmasq
-    options:
-      domainneeded: '1'
-      boguspriv: '0'
-      filterwin2k: '0'
-      localise_queries: '1'
-      rebind_protection: '0'
-      rebind_localhost: '1'
-      local: '/lan/'
-      domain: 'lan'
-      expandhosts: '1'
-      nonegcache: '0'
-      authoritative: '1'
-      readethers: '1'
-      leasefile: '/tmp/dhcp.leases'
-      resolvfile: '/tmp/resolv.conf.auto'
-      localservice: '1'
-      server: "{{ network_zones.cc_leslie.dns }}"
-
-  - name: odhcpd 'odhcpd'
-    options:
-      maindhcp: '0'
-      leasefile: '/tmp/hosts/odhcpd'
-      leasetrigger: '/usr/sbin/odhcpd-update'
-
-  - name: dhcp 'mgmt'
-    options:
-      interface: 'mgmt'
-      ignore: '1'
-
-
-openwrt_arch: x86
-openwrt_target: geode
-openwrt_profile: generic
-openwrt_output_image_suffixes:
-  - "{{ openwrt_profile }}-ext4-combined.img.gz"
-
-openwrt_packages_remove:
-  - ppp
-  - ppp-mod-pppoe
-  - kmod-ppp
-  - kmod-pppoe
-  - kmod-pppox
-  - firewall
-  - firewall4
-  - odhcpd-ipv6only
-openwrt_packages_add:
-  - nftables
-  - kmod-nft-nat
-  - haveged
-  - htop
-  - ip
-  - less
-  - nano
-  - tcpdump-mini
-  - iperf
-  - iperf3
-  - mtr
-  - iptraf-ng
-  - sqm-scripts
-  - prometheus-node-exporter-lua
-  - prometheus-node-exporter-lua-nat_traffic
-  - prometheus-node-exporter-lua-netstat
-  - prometheus-node-exporter-lua-openwrt
-
-
-openwrt_mixin:
-  /etc/dropbear/authorized_keys:
-    content: "{{ ssh_keys_root | join('\n') }}\n"
-
-  /etc/htoprc:
-    file: "{{ global_files_dir }}/common/htoprc"
-
-  /etc/rc.d/S21nftables:
-    link: "../init.d/nftables"
-
-  /etc/rc.d/K89nftables:
-    link: "../init.d/nftables"
-
-  /etc/init.d/nftables:
-    mode: "0755"
-    content: |
-      #!/bin/sh /etc/rc.common
-
-      START=21
-      STOP=89
-
-      start() {
-        nft -f /etc/nftables.conf
-      }
-
-      stop() {
-        nft flush ruleset
-      }
-
-  /etc/nftables.conf:
-    content: |
-      flush ruleset
-
-      define nic_citycom = eth1
-      define ip_citycom = {{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr(network_zones.cc_leslie.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}
-
-      define nic_mgmt = "eth0.{{ network_mgmt_zone.vlan }}"
-      define prefix_mgmt = {{ network_mgmt_zone.prefix }}
-      {% for zone_name in network_internal_zone_names %}
-
-      define nic_{{ zone_name }} = eth0.{{ network_zones[zone_name].vlan }}
-      define prefix_{{ zone_name }} = {{ network_zones[zone_name].prefix }}
-      {% endfor %}
-
-      table inet global {
-        ## INPUT
-        chain input_external {
-          ip protocol icmp accept
-          ip6 nexthdr ipv6-icmp accept
-          tcp dport { {{ ansible_port }} } accept
-        }
-
-        chain input_internal {
-          ip protocol icmp accept
-          ip6 nexthdr ipv6-icmp accept
-          tcp dport { {{ ansible_port }}, domain } accept
-          udp dport { bootps, domain, ntp } accept
-        }
-
-        chain input {
-          type filter hook input priority filter; policy drop;
-          ct state vmap { established: accept, related: accept, invalid: drop }
-          iifname vmap { lo: accept, $nic_mgmt: accept{% for zone_name in network_internal_zone_names %}, $nic_{{ zone_name }}: jump input_internal {% endfor %}, $nic_citycom: jump input_external }
-        }
-
-
-        ## FORWARD
-        chain forward {
-          type filter hook forward priority filter; policy drop;
-          ct state vmap { established: accept, related: accept, invalid: drop }
-          iifname { {{ ['$nic_'] | product(network_internal_zone_names) | map('join') | join(', ') }} } oifname $nic_citycom accept
-        }
-
-        chain postrouting {
-          type nat hook postrouting priority srcnat; policy accept;
-          ip saddr { {{ ['$prefix_'] | product(network_internal_zone_names) | map('join') | join(', ') }} } oifname $nic_citycom snat to $ip_citycom
-        }
-      }
-
-
-openwrt_uci:
-  system:
-    - name: system
-      options:
-        hostname: '{{ host_name }}'
-        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
-        ttylogin: '0'
-        log_size: '64'
-        urandom_seed: '0'
-
-    - name: timeserver 'ntp'
-      options:
-        enabled: '1'
-        enable_server: '1'
-        server:
-          - '0.at.pool.ntp.org'
-          - '1.at.pool.ntp.org'
-          - '2.at.pool.ntp.org'
-          - '3.at.pool.ntp.org'
-
-  dropbear:
-    - name: dropbear
-      options:
-        PasswordAuth: 'off'
-        RootPasswordAuth: 'off'
-        Port: '{{ ansible_port }}'
-
-  uhttpd:
-    - name: uhttpd main
-      options:
-        enabled: '0'
-
-  prometheus-node-exporter-lua:
-    - name: prometheus-node-exporter-lua 'main'
-      options:
-        listen_interface: 'mgmt'
-        listen_port: '9100'
-
-  dhcp: "{{ openwrt_dhcp_base + openwrt_dhcp_internal + openwrt_dhcp_external }}"
-  network: "{{ openwrt_network_base + openwrt_network_internal + openwrt_network_external }}"
-
-  sqm:
-    - name: queue 'citycom'
-      options:
-        enabled: '1'
-        interface: 'eth1'
-        download: '70000'
-        upload: '70000'
-        qdisc: 'cake'
-        script: 'piece_of_cake.qos'
-        qdisc_advanced: '0'
-        ingress_ecn: 'ECN'
-        egress_ecn: 'ECN'
-        qdisc_really_really_advanced: '0'
-        itarget: 'auto'
-        etarget: 'auto'
-        linklayer: 'ethernet'
-        overhead: '44 mpu 84'
-
-prometheus_scrape_endpoint: "{{ network_mgmt_zone.prefix | ansible.utils.ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:9100"
-prometheus_exporters_default:
-  - openwrt