diff options
| -rw-r--r-- | files/common/keyrings/info.txt | 9 | ||||
| -rw-r--r-- | files/common/keyrings/openwrt-17.01.gpg | bin | 0 -> 2694 bytes | |||
| -rw-r--r-- | files/common/keyrings/openwrt-18.06.gpg | bin | 0 -> 5598 bytes | |||
| -rw-r--r-- | files/common/keyrings/openwrt-19.07.gpg | bin | 0 -> 2553 bytes | |||
| -rw-r--r-- | files/common/keyrings/openwrt-21.02.gpg | bin | 0 -> 2537 bytes | |||
| -rw-r--r-- | files/common/keyrings/openwrt.gpg | bin | 10385 -> 0 bytes | |||
| -rw-r--r-- | inventory/group_vars/chaos-at-home-sensors/vars.yml | 37 | ||||
| -rw-r--r-- | inventory/host_vars/ch-equinox-t450s.yml | 2 | ||||
| -rw-r--r-- | inventory/host_vars/ch-equinox-ws.yml | 2 | ||||
| -rw-r--r-- | roles/openwrt/image/tasks/fetch.yml | 2 |
10 files changed, 42 insertions, 10 deletions
diff --git a/files/common/keyrings/info.txt b/files/common/keyrings/info.txt index 90391a23..2619d9b5 100644 --- a/files/common/keyrings/info.txt +++ b/files/common/keyrings/info.txt @@ -13,3 +13,12 @@ Ubuntu: get keys from installed system: apt-key list --fingerprint gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null --keyring ./ubuntu-archive.gpg --recv-keys <key-id-from-above> + + + +Openwrt +------- + +See: https://openwrt.org/docs/guide-user/security/signatures + +gpg --no-options --trust-model always --no-default-keyring --secret-keyring /dev/null --keyring ./openwrt-<yy.mm>.gpg --import < (follow download link) diff --git a/files/common/keyrings/openwrt-17.01.gpg b/files/common/keyrings/openwrt-17.01.gpg Binary files differnew file mode 100644 index 00000000..4876611c --- /dev/null +++ b/files/common/keyrings/openwrt-17.01.gpg diff --git a/files/common/keyrings/openwrt-18.06.gpg b/files/common/keyrings/openwrt-18.06.gpg Binary files differnew file mode 100644 index 00000000..f40c7331 --- /dev/null +++ b/files/common/keyrings/openwrt-18.06.gpg diff --git a/files/common/keyrings/openwrt-19.07.gpg b/files/common/keyrings/openwrt-19.07.gpg Binary files differnew file mode 100644 index 00000000..bbb4c38b --- /dev/null +++ b/files/common/keyrings/openwrt-19.07.gpg diff --git a/files/common/keyrings/openwrt-21.02.gpg b/files/common/keyrings/openwrt-21.02.gpg Binary files differnew file mode 100644 index 00000000..826981c0 --- /dev/null +++ b/files/common/keyrings/openwrt-21.02.gpg diff --git a/files/common/keyrings/openwrt.gpg b/files/common/keyrings/openwrt.gpg Binary files differdeleted file mode 100644 index 7dc3d397..00000000 --- a/files/common/keyrings/openwrt.gpg +++ /dev/null diff --git a/inventory/group_vars/chaos-at-home-sensors/vars.yml b/inventory/group_vars/chaos-at-home-sensors/vars.yml index c725c053..fc0972e8 100644 --- a/inventory/group_vars/chaos-at-home-sensors/vars.yml +++ b/inventory/group_vars/chaos-at-home-sensors/vars.yml @@ -4,10 +4,10 @@ sensornode_network_wired: no install_playbook: openwrt openwrt_variant: openwrt -openwrt_release: 19.07.8 +openwrt_release: 21.02.0 openwrt_arch: ramips openwrt_target: mt76x8 -openwrt_profile: omega2p +openwrt_profile: onion_omega2p openwrt_output_image_suffixes: - "{{ openwrt_profile }}-squashfs-sysupgrade.bin" @@ -19,7 +19,11 @@ openwrt_packages_remove: - odhcpd-ipv6only openwrt_packages_add: - kmod-i2c-mt7628 + - kmod-i2c-mux-pca954x - kmod-iio-bmp280-i2c + - kmod-iio-am2315 + - kmod-hwmon-ads1015 + - kmod-hwmon-mcp3021 - kmod-usb-storage - kmod-usb-storage-extras - kmod-fs-vfat @@ -37,6 +41,7 @@ openwrt_packages_add: - iptraf-ng - usbutils - i2c-tools + - iio-utils - prometheus-node-exporter-lua - prometheus-node-exporter-lua-netstat - prometheus-node-exporter-lua-openwrt @@ -50,6 +55,16 @@ openwrt_mixin: /etc/htoprc: file: "{{ global_files_dir }}/common/htoprc" +# TODO: add script to initialize i2c devices +## I2C Bus init examples: +## * add 8ch mux: echo "pca9548 0x70" > /sys/bus/i2c/devices/i2c-0/new_device +## * add ADS1115: echo "ads1115 0x48" > /sys/bus/i2c/devices/i2c-0/new_device +## * add BME280: echo "bme280 0x76" > /sys/bus/i2c/devices/i2c-1/new_device +## * add AM2315: echo "am2315 0x5c" > /sys/bus/i2c/devices/i2c-1/new_device +## * add MCP3221: echo "mcp3221 0x77" > /sys/bus/i2c/devices/i2c-2/new_device + +# TODO: add collector for prometheus to export i2c-sensor data + openwrt_uci: system: @@ -66,10 +81,7 @@ openwrt_uci: enabled: '1' enable_server: '0' server: - - '0.lede.pool.ntp.org' - - '1.lede.pool.ntp.org' - - '2.lede.pool.ntp.org' - - '3.lede.pool.ntp.org' + - '{{ network_zones.iot.prefix | ipaddr(network_zones.iot.offsets["ch-iot"]) | ipaddr("address") }}' dropbear: - name: dropbear @@ -78,6 +90,13 @@ openwrt_uci: RootPasswordAuth: 'off' Port: '{{ ansible_port }}' + prometheus-node-exporter-lua: + - name: prometheus-node-exporter-lua 'main' + options: + listen_interface: 'iot' + listen_ipv6: '0' + listen_port: '9100' + network: - name: globals 'globals' options: @@ -85,21 +104,21 @@ openwrt_uci: - name: interface 'loopback' options: - ifname: lo + device: lo proto: static ipaddr: 127.0.0.1 netmask: 255.0.0.0 - name: interface 'iot' options: - ifname: "{{ sensornode_network_wired | ternary('eth0', 'wlan0') }}" + device: "{{ sensornode_network_wired | ternary('eth0', 'wlan0') }}" proto: static ipaddr: "{{ network_zones.iot.prefix | ipaddr(network_zones.iot.offsets[inventory_hostname]) | ipaddr('address') }}" netmask: "{{ network_zones.iot.prefix | ipaddr('netmask') }}" - name: interface 'unused' options: - ifname: "{{ sensornode_network_wired | ternary('wlan0', 'eth0') }}" + device: "{{ sensornode_network_wired | ternary('wlan0', 'eth0') }}" proto: none wireless: diff --git a/inventory/host_vars/ch-equinox-t450s.yml b/inventory/host_vars/ch-equinox-t450s.yml index d94aa203..e057cebe 100644 --- a/inventory/host_vars/ch-equinox-t450s.yml +++ b/inventory/host_vars/ch-equinox-t450s.yml @@ -176,6 +176,7 @@ ws_base_extra_packages: - ppa-purge - pristine-tar - privoxy + - pulseview - pv - pwgen - python3-autopep8 @@ -200,6 +201,7 @@ ws_base_extra_packages: - sdcc - signify-openbsd - signing-party + - sigrok-cli - socat - sqlite3 - sshfs diff --git a/inventory/host_vars/ch-equinox-ws.yml b/inventory/host_vars/ch-equinox-ws.yml index aee2482e..ab4006b2 100644 --- a/inventory/host_vars/ch-equinox-ws.yml +++ b/inventory/host_vars/ch-equinox-ws.yml @@ -173,6 +173,7 @@ ws_base_extra_packages: - ppa-purge - pristine-tar - privoxy + - pulseview - pv - pwgen - python3-autopep8 @@ -198,6 +199,7 @@ ws_base_extra_packages: - sdcc - signify-openbsd - signing-party + - sigrok-cli - socat - sqlite3 - sshfs diff --git a/roles/openwrt/image/tasks/fetch.yml b/roles/openwrt/image/tasks/fetch.yml index e6aebeb2..1dc5728d 100644 --- a/roles/openwrt/image/tasks/fetch.yml +++ b/roles/openwrt/image/tasks/fetch.yml @@ -23,7 +23,7 @@ - name: Check OpenPGP signature command: >- - gpgv --keyring "{{ global_files_dir }}/common/keyrings/openwrt.gpg" + gpgv --keyring "{{ global_files_dir }}/common/keyrings/openwrt-{{ [0, 1] | map('extract', (openwrt_release | split('.'))) | join('.') }}.gpg" "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" changed_when: False register: openwrt_image_gpg_result |