Merge branch 'topic/openwrt-vm'

3 files changed, 111 insertions, 0 deletions

diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml
index 2832ec59..86ab6c7a 100644
--- a/inventory/group_vars/chaos-at-home/network.yml
+++ b/inventory/group_vars/chaos-at-home/network.yml
@@ -70,6 +70,7 @@ network_zones:
       ch-iot: 30
       ch-testvm-prometheus: 42
       ch-testvm-phoebe: 43
+      ch-testvm-openwrt: 44
       ch-nic: 53
       __svc_http__: 80
       __svc_imap__: 143
diff --git a/inventory/host_vars/ch-testvm-openwrt.yml b/inventory/host_vars/ch-testvm-openwrt.yml
new file mode 100644
index 00000000..5a208b55
--- /dev/null
+++ b/inventory/host_vars/ch-testvm-openwrt.yml
@@ -0,0 +1,108 @@
+---
+install:
+  vm:
+    memory: 128M
+    numcpus: 2
+    autostart: false
+  disks:
+    primary: /dev/sda
+    scsi:
+      sda:
+        type: image
+        path: /srv/nvme/ch-testvm-openwrt.img
+  interfaces:
+  - bridge: br-svc
+    name: svc0
+
+
+openwrt_arch: x86
+openwrt_target: 64
+openwrt_profile: generic
+openwrt_output_image_suffixes:
+  - "{{ openwrt_profile }}-ext4-combined.img.gz"
+
+openwrt_packages_remove:
+  - ppp
+  - ppp-mod-pppoe
+  - dnsmasq
+  - firewall
+  - odhcpd
+  - odhcpd-ipv6only
+openwrt_packages_add:
+  - rng-tools
+  - htop
+  - ip
+  - less
+  - nano
+  - tcpdump-mini
+  - iperf
+  - iperf3
+  - mtr
+
+openwrt_mixin:
+  /etc/dropbear/authorized_keys:
+    content: "{{ ssh_keys_root | join('\n') }}\n"
+
+  /etc/htoprc:
+    file: "{{ global_files_dir }}/common/htoprc"
+
+
+openwrt_uci:
+  system:
+    - name: system
+      options:
+        hostname: '{{ host_name }}'
+        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
+        ttylogin: '0'
+        log_size: '64'
+        urandom_seed: '0'
+
+    - name: timeserver 'ntp'
+      options:
+        enabled: '1'
+        enable_server: '0'
+        server:
+          - '0.at.pool.ntp.org'
+          - '1.at.pool.ntp.org'
+          - '2.at.pool.ntp.org'
+          - '3.at.pool.ntp.org'
+
+    - name: rngd
+      options:
+        enabled: '1'
+        device: '/dev/hwrng'
+
+  dropbear:
+    - name: dropbear
+      options:
+        PasswordAuth: 'off'
+        RootPasswordAuth: 'off'
+        Port: '{{ ansible_port | default(22) }}'
+
+  network:
+    - name: globals 'globals'
+      options:
+        ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
+
+    - name: interface 'loopback'
+      options:
+        device: lo
+        proto: static
+        ipaddr: 127.0.0.1
+        netmask: 255.0.0.0
+
+    - name: interface 'svc'
+      options:
+        device: eth0
+        proto: static
+        ipaddr: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets[inventory_hostname]) | ipaddr('address') }}"
+        netmask: "{{ network_zones.svc.prefix | ipaddr('netmask') }}"
+        gateway: "{{ network_zones.svc.gateway }}"
+        dns: "{{ network_zones.svc.dns }}"
+
+    - name: route 'lan'
+      options:
+        interface: svc
+        target: "{{ network_zones.lan.prefix | ipaddr('network') }}"
+        netmask: "{{ network_zones.lan.prefix | ipaddr('netmask') }}"
+        gateway: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-gw-lan']) | ipaddr('address') }}"
diff --git a/inventory/hosts.ini b/inventory/hosts.ini
index 346ddd49..bed5319e 100644
--- a/inventory/hosts.ini
+++ b/inventory/hosts.ini
@@ -16,6 +16,7 @@ env_group=chaos-at-home
 ch-gnocchi host_name=gnocchi
 ch-phoebe host_name=phoebe
 ch-testvm-phoebe host_name=testvm-phoebe
+ch-testvm-openwrt host_name=testvm-openwrt
 ch-router host_name=router
 ch-router-obsd host_name=router
 ch-gw-lan host_name=gw-lan
@@ -336,6 +337,7 @@ vmhost-ch-gnocchi-guests
 
 [vmhost-ch-phoebe-guests]
 ch-testvm-phoebe
+ch-testvm-openwrt
 #ch-router
 ch-router-obsd
 #ch-jump