diff options
-rw-r--r-- | dan/ele-ups.yml | 17 | ||||
-rw-r--r-- | inventory/group_vars/dolmetsch-ctl/main.yml | 4 | ||||
-rw-r--r-- | inventory/group_vars/ele-ups/main.yml | 89 | ||||
-rw-r--r-- | inventory/group_vars/elevate-festival/main.yml | 5 | ||||
-rw-r--r-- | inventory/host_vars/ele-router.yml | 4 | ||||
-rw-r--r-- | inventory/hosts.ini | 7 | ||||
-rw-r--r-- | roles/openwrt/image/openwrt-keyring.gpg | bin | 7456 -> 10385 bytes |
7 files changed, 122 insertions, 4 deletions
diff --git a/dan/ele-ups.yml b/dan/ele-ups.yml new file mode 100644 index 00000000..7843c1ff --- /dev/null +++ b/dan/ele-ups.yml @@ -0,0 +1,17 @@ +--- +- hosts: ele-ups + connection: local + roles: + - role: openwrt/image + # post_tasks: + # - name: copy image to target + # command: "scp '{{ openwrt_output_images[0] }}' '{{ inventory_hostname }}:/tmp/ansible-upgrade.img'" + + # - name: run sysupgrade + # command: "ssh '{{ inventory_hostname }}' sysupgrade -n '/tmp/ansible-upgrade.img'" + # ignore_errors: true + # failed_when: false + # register: sysupgrade_result + + # - debug: + # var: sysupgrade_result.stdout diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml index 97b58bb1..a86517c0 100644 --- a/inventory/group_vars/dolmetsch-ctl/main.yml +++ b/inventory/group_vars/dolmetsch-ctl/main.yml @@ -74,7 +74,7 @@ openwrt_mixin: iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT - iptables -A INPUT -i "$MIXER_IF" -p tcp --dport 22000 -d "$MIXER_IPADDR" -j REJECT --reject-with tcp-reset + iptables -A INPUT -i "$MIXER_IF" -p tcp --dport {{ ansible_port }} -d "$MIXER_IPADDR" -j REJECT --reject-with tcp-reset iptables -A INPUT -i "$MIXER_IF" -p icmp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT iptables -A INPUT -i "$MIXER_IF" -p udp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT iptables -A INPUT -i "$MIXER_IF" -p tcp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT @@ -116,7 +116,7 @@ openwrt_uci: options: PasswordAuth: 'off' RootPasswordAuth: 'off' - Port: '22000' + Port: '{{ ansible_port }}' network: - name: globals 'globals' diff --git a/inventory/group_vars/ele-ups/main.yml b/inventory/group_vars/ele-ups/main.yml new file mode 100644 index 00000000..94470b6b --- /dev/null +++ b/inventory/group_vars/ele-ups/main.yml @@ -0,0 +1,89 @@ +--- +network_lan_zone: "{{ network_zones.lan }}" + +openwrt_variant: openwrt +openwrt_release: 19.07.0 +openwrt_arch: ramips +openwrt_target: mt7620 +openwrt_profile: ravpower_wd03 +openwrt_output_image_suffixes: + - "{{ openwrt_profile }}-squashfs-sysupgrade.bin" + +openwrt_packages_remove: + - ppp + - ppp-mod-pppoe + - dnsmasq + - firewall + - odhcpd + - odhcpd-ipv6only +openwrt_packages_add: + - haveged + - htop + - ip + - less + - nano + - tcpdump-mini + - usbutils + - kmod-usb-storage + - nut-server + - nut-upsc + - nut-driver-usbhid-ups + + +openwrt_mixin: + /etc/dropbear/authorized_keys: + content: "{{ ssh_keys_root | join('\n') }}\n" + + /etc/htoprc: + file: "{{ global_files_dir }}/common/htoprc" + + + +openwrt_uci: + system: + - name: system + options: + hostname: '{{ host_name }}' + timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' + ttylogin: '0' + log_size: '64' + urandom_seed: '0' + + - name: timeserver 'ntp' + options: + enabled: '1' + enable_server: '0' + server: + - '0.lede.pool.ntp.org' + - '1.lede.pool.ntp.org' + - '2.lede.pool.ntp.org' + - '3.lede.pool.ntp.org' + + dropbear: + - name: dropbear + options: + PasswordAuth: 'off' + RootPasswordAuth: 'off' + Port: '{{ ansible_port }}' + + network: + - name: globals 'globals' + options: + ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" + + - name: interface 'loopback' + options: + ifname: lo + proto: static + ipaddr: 127.0.0.1 + netmask: 255.0.0.0 + + - name: interface 'lan' + options: + ifname: "eth0" + proto: static + ipaddr: "{{ network_lan_zone.prefix | ipaddr(network_lan_zone.offsets[inventory_hostname]) | ipaddr('address') }}" + netmask: "{{ network_lan_zone.prefix | ipaddr('netmask') }}" + gateway: "{{ network_lan_zone.gateway }}" + dns: "{{ network_lan_zone.dns }}" + accept_ra: 0 diff --git a/inventory/group_vars/elevate-festival/main.yml b/inventory/group_vars/elevate-festival/main.yml index d326cfe1..cef1993a 100644 --- a/inventory/group_vars/elevate-festival/main.yml +++ b/inventory/group_vars/elevate-festival/main.yml @@ -13,6 +13,11 @@ network_zones: ele-media: 200 ele-telesto: 201 ele-thetys: 202 + # TODO: move this to mgmt zone + ele-ups-forum0: 230 + ele-ups-forum1: 231 + ele-ups-uhrturm0: 232 + ## datacop: 249 equinox-t450s: 250 ele-laptop: 251 diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml index a2b66d85..8e025469 100644 --- a/inventory/host_vars/ele-router.yml +++ b/inventory/host_vars/ele-router.yml @@ -196,7 +196,7 @@ openwrt_mixin: ### todo: limit the destination address? iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT - iptables -A INPUT -i "$WAN_IF" -p tcp --dport 22000 -j ACCEPT + iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT for zone in "{{ network_internal_zone_names | join('" "') }}"; do @@ -264,7 +264,7 @@ openwrt_uci: options: PasswordAuth: 'off' RootPasswordAuth: 'off' - Port: '22000' + Port: '{{ ansible_port }}' dhcp: "{{ openwrt_dhcp_base + openwrt_dhcp_internal + openwrt_dhcp_external }}" network: "{{ openwrt_network_base + openwrt_network_internal + openwrt_network_external }}" diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 3892abbe..f6b39010 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -136,6 +136,11 @@ ele-ap-forum[0:3] ele-ap-kunsthaus0 ele-ap-orpheum0 +[ele-ups] +ele-ups-forum[0:1] +ele-ups-uhrturm0 + + [ele-dolmetsch-ctl] ele-dol-mixer ele-dol-translator @@ -152,6 +157,7 @@ ele-infobeamer-default [elevate:vars] host_domain=elevate.at env_group=dan +ansible_port=222 [elevate] ele-media host_name=media @@ -165,6 +171,7 @@ ele-lt host_name=liquidtruth ansible_port=222 [elevate:children] ele-ap +ele-ups ele-dolmetsch-ctl ele-dolmetsch-raspi ele-infobeamer diff --git a/roles/openwrt/image/openwrt-keyring.gpg b/roles/openwrt/image/openwrt-keyring.gpg Binary files differindex 040ab57f..7dc3d397 100644 --- a/roles/openwrt/image/openwrt-keyring.gpg +++ b/roles/openwrt/image/openwrt-keyring.gpg |