diff options
-rw-r--r-- | inventory/group_vars/accesspoints/vars.yml | 35 | ||||
-rw-r--r-- | inventory/group_vars/chaos-at-home-ap/vars.yml | 1 | ||||
-rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 4 | ||||
-rw-r--r-- | roles/openwrt/image/tasks/fetch.yml | 97 | ||||
-rw-r--r-- | roles/openwrt/image/tasks/main.yml | 101 | ||||
-rw-r--r-- | roles/openwrt/image/tasks/prepare.yml | 15 |
6 files changed, 134 insertions, 119 deletions
diff --git a/inventory/group_vars/accesspoints/vars.yml b/inventory/group_vars/accesspoints/vars.yml index 704dcbf3..ee07c292 100644 --- a/inventory/group_vars/accesspoints/vars.yml +++ b/inventory/group_vars/accesspoints/vars.yml @@ -55,10 +55,10 @@ accesspoint_wireless_ifaces: {} openwrt_variant: openwrt -openwrt_release: 19.07.1 -openwrt_arch: ar71xx +openwrt_release: 19.07.4 +openwrt_arch: ath79 openwrt_target: generic -openwrt_profile: ubnt-unifiac-lite +openwrt_profile: ubnt_unifiac-lite openwrt_output_image_suffixes: - "{{ openwrt_target }}-{{ openwrt_profile }}-squashfs-sysupgrade.bin" @@ -69,7 +69,9 @@ openwrt_packages_remove: - firewall - odhcpd - odhcpd-ipv6only + - wpad-basic openwrt_packages_add: + - hostapd-openssl - haveged - htop - ip @@ -133,14 +135,15 @@ openwrt_mixin: content: | #!/bin/sh - interfaces=$(iw dev | grep "Interface " | awk '{ print($2) }' | sort) + interfaces=$(iw dev | grep "Interface " | cut -d ' ' -f2 | sort) for interface in $interfaces; do - essid=$(iw $interface info | grep "ssid " | awk '{ print($2) }') - bssid=$(iw $interface info | grep "addr " | awk '{ print($2) }') - echo "$interface ($bssid, ssid: $essid)" - iw $interface station dump | grep "^Station" | awk '{ print(" - "$2) }'; - echo ""; + bssid=$(iw $interface info | grep "addr " | cut -d ' ' -f2) + essid=$(iw $interface info | grep "ssid " | cut -d ' ' -f2-) + channel=$(iw $interface info | grep "channel " | cut -d ' ' -f2-) + echo "$interface ($bssid, ssid: '$essid', channel: $channel)" + iw $interface station dump | grep "^Station" | awk '{ print(" - "$2) }' + echo "" done exit 0 @@ -166,6 +169,20 @@ openwrt_uci: - '2.lede.pool.ntp.org' - '3.lede.pool.ntp.org' + - name: led + options: + name: blue + sysfs: ubnt:blue:dome + trigger: none + default: 0 + + - name: led + options: + name: white + sysfs: ubnt:white:dome + trigger: none + default: 0 + dropbear: - name: dropbear options: diff --git a/inventory/group_vars/chaos-at-home-ap/vars.yml b/inventory/group_vars/chaos-at-home-ap/vars.yml index eb05dfad..fcd13ab6 100644 --- a/inventory/group_vars/chaos-at-home-ap/vars.yml +++ b/inventory/group_vars/chaos-at-home-ap/vars.yml @@ -45,4 +45,3 @@ accesspoint_wireless_ifaces_yaml: | key: '{{ accesspoint_zones[zone].key }}' {% endfor %} {% endfor %} - diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index ba06f20c..4fb10e61 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -25,7 +25,7 @@ network_zones: ch-prometheus-legacy: 250 wifi: ssid: "chaos at home" - encryption: "psk2" + encryption: "sae-mixed" key: "{{ vault_wifi_keys.lan }}" iot: @@ -36,7 +36,7 @@ network_zones: limit: 199 wifi: ssid: "stuff at home" - encryption: "psk2" + encryption: "sae-mixed" key: "{{ vault_wifi_keys.iot }}" svc: diff --git a/roles/openwrt/image/tasks/fetch.yml b/roles/openwrt/image/tasks/fetch.yml index 1170ea2d..e6aebeb2 100644 --- a/roles/openwrt/image/tasks/fetch.yml +++ b/roles/openwrt/image/tasks/fetch.yml @@ -4,53 +4,54 @@ dest: "{{ openwrt_download_dir }}" state: directory -- block: - - name: Generate OpenWrt download URLs - set_fact: - openwrt_url: - https://downloads.openwrt.org/releases/{{ openwrt_release }}/targets/{{ openwrt_arch | mandatory }}/{{ openwrt_target }} - - - name: Download sha256sums - get_url: - url: "{{ openwrt_url }}/sha256sums" - dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - - - name: Download sha256sums.asc - get_url: - url: "{{ openwrt_url }}/sha256sums.asc" - dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" - - - name: Check OpenPGP signature - command: >- - gpgv --keyring "{{ global_files_dir }}/common/keyrings/openwrt.gpg" - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - changed_when: False - register: openwrt_image_gpg_result - - - debug: - var: openwrt_image_gpg_result.stderr_lines - - - name: Extract SHA256 hash of the imagebuilder archive - command: grep '{{ openwrt_tarball_name }}' "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - register: sha256 - changed_when: False - - - name: Download imagebuilder - get_url: - url: "{{ openwrt_url }}/{{ openwrt_tarball_name }}" - dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" - checksum: sha256:{{ sha256.stdout.split(' ') | first }} +- name: download the openwrt image builder + block: + - name: Generate OpenWrt download URLs + set_fact: + openwrt_url: + https://downloads.openwrt.org/releases/{{ openwrt_release }}/targets/{{ openwrt_arch | mandatory }}/{{ openwrt_target }} + + - name: Download sha256sums + get_url: + url: "{{ openwrt_url }}/sha256sums" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + + - name: Download sha256sums.asc + get_url: + url: "{{ openwrt_url }}/sha256sums.asc" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" + + - name: Check OpenPGP signature + command: >- + gpgv --keyring "{{ global_files_dir }}/common/keyrings/openwrt.gpg" + "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + changed_when: False + register: openwrt_image_gpg_result + + - debug: + var: openwrt_image_gpg_result.stderr_lines + + - name: Extract SHA256 hash of the imagebuilder archive + command: grep '{{ openwrt_tarball_name }}' "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + changed_when: False + register: sha256 + + - name: Download imagebuilder + get_url: + url: "{{ openwrt_url }}/{{ openwrt_tarball_name }}" + dest: "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + checksum: sha256:{{ sha256.stdout.split(' ') | first }} rescue: - - name: Delete downloaded artifacts - loop: - - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" - - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" - - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" - file: - path: "{{ item }}" - state: absent - - - name: the download has failed... - fail: - msg: Something borked + - name: Delete downloaded artifacts + loop: + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256" + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_basename }}.sha256.asc" + - "{{ openwrt_download_dir }}/{{ openwrt_tarball_name }}" + file: + path: "{{ item }}" + state: absent + + - name: the download has failed... + fail: + msg: Something borked diff --git a/roles/openwrt/image/tasks/main.yml b/roles/openwrt/image/tasks/main.yml index 5a3f332b..82a1c50d 100644 --- a/roles/openwrt/image/tasks/main.yml +++ b/roles/openwrt/image/tasks/main.yml @@ -3,55 +3,56 @@ run_once: true when: openwrt_imgbuilder_tarball is not defined -- block: - - include: prepare.yml - - - name: Create the output directory for built images - file: - path: "{{ openwrt_output_dir }}" - state: directory - - - name: generate list of packages to add or remove - set_fact: - openwrt_packages: >- - {{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }} - {{ openwrt_packages_add | join(' ') }} - {{ openwrt_packages_extra | join(' ') }} - - - name: Build the OpenWrt image - command: >- - make -C {{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }} image - {% if openwrt_profile is defined %}PROFILE="{{ openwrt_profile }}" {% endif %} - FILES="{{ openwrt_imgbuilder_files }}" - PACKAGES="{{ openwrt_packages }}" - {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %} - register: openwrt_build - - - name: Copy newly built OpenWrt image - loop: "{{ openwrt_output_image_suffixes }}" - copy: - src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}" - dest: "{{ openwrt_output_dir }}" - - ## TODO: make this less ugly.. - - name: set output image names - set_fact: - openwrt_output_images: "{{ '[\"' + openwrt_output_dir + '/' + openwrt_output_image_name_base + '-' + (openwrt_output_image_suffixes | join('\", \"' + openwrt_output_dir + '/' + openwrt_output_image_name_base + '-')) + '\"]' }}" +- name: build the image + block: + - include: prepare.yml + + - name: Create the output directory for built images + file: + path: "{{ openwrt_output_dir }}" + state: directory + + - name: generate list of packages to add or remove + set_fact: + openwrt_packages: >- + {{ openwrt_packages_remove | map('regex_replace', '^', '-') | join(' ') }} + {{ openwrt_packages_add | join(' ') }} + {{ openwrt_packages_extra | join(' ') }} + + - name: Build the OpenWrt image + command: >- + make -C {{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }} image + {% if openwrt_profile is defined %}PROFILE="{{ openwrt_profile }}" {% endif %} + FILES="{{ openwrt_imgbuilder_files }}" + PACKAGES="{{ openwrt_packages }}" + {% if openwrt_extra_name is defined %} EXTRA_IMAGE_NAME="{{ openwrt_extra_name }}" {% endif %} + register: openwrt_build + + - name: Copy newly built OpenWrt image + loop: "{{ openwrt_output_image_suffixes }}" + copy: + src: "{{ openwrt_imgbuilder_dir }}/{{ openwrt_tarball_basename }}/bin/targets/{{ openwrt_arch }}/{{ openwrt_target }}/{{ openwrt_output_image_name_base }}-{{ item }}" + dest: "{{ openwrt_output_dir }}" + + ## TODO: make this less ugly.. + - name: set output image names + set_fact: + openwrt_output_images: "{{ '[\"' + openwrt_output_dir + '/' + openwrt_output_image_name_base + '-' + (openwrt_output_image_suffixes | join('\", \"' + openwrt_output_dir + '/' + openwrt_output_image_name_base + '-')) + '\"]' }}" always: - - name: save stdout build-log to output directory - when: openwrt_build is defined - copy: - content: "{{ openwrt_build.stdout }}\n" - dest: "{{ openwrt_output_dir }}/build-stdout.log" - - - name: save stderr build-log to output directory - when: openwrt_build is defined - copy: - content: "{{ openwrt_build.stderr }}\n" - dest: "{{ openwrt_output_dir }}/build-stderr.log" - - - name: Delete the temporary build directory - file: - path: "{{ openwrt_imgbuilder_dir }}" - state: absent + - name: save stdout build-log to output directory + when: openwrt_build is defined + copy: + content: "{{ openwrt_build.stdout }}\n" + dest: "{{ openwrt_output_dir }}/build-stdout.log" + + - name: save stderr build-log to output directory + when: openwrt_build is defined + copy: + content: "{{ openwrt_build.stderr }}\n" + dest: "{{ openwrt_output_dir }}/build-stderr.log" + + - name: Delete the temporary build directory + file: + path: "{{ openwrt_imgbuilder_dir }}" + state: absent diff --git a/roles/openwrt/image/tasks/prepare.yml b/roles/openwrt/image/tasks/prepare.yml index 339d3fdd..4b7cda7a 100644 --- a/roles/openwrt/image/tasks/prepare.yml +++ b/roles/openwrt/image/tasks/prepare.yml @@ -23,7 +23,7 @@ - name: Copy mixins in place [1/3] - loop: "{{ openwrt_mixin | dict2items }}" + loop: "{{ openwrt_mixin | dict2items | selectattr('value.link', 'defined') | list }}" loop_control: label: "{{ item.key }}" file: @@ -32,29 +32,27 @@ force: yes follow: no state: link - when: '"link" in item.value' - name: Copy mixins in place [2/3] - loop: "{{ openwrt_mixin | dict2items }}" + loop: "{{ openwrt_mixin | dict2items | selectattr('value.file', 'defined') | list }}" loop_control: label: "{{ item.key }}" copy: src: "{{ item.value.file }}" dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" mode: "{{ item.value.mode | default('0644') }}" - when: '"file" in item.value' - name: Copy mixins in place [3/3] - loop: "{{ openwrt_mixin | dict2items }}" + loop: "{{ openwrt_mixin | dict2items | selectattr('value.content', 'defined') | list }}" loop_control: label: "{{ item.key }}" copy: content: "{{ item.value.content }}" dest: "{{ openwrt_imgbuilder_files }}/{{ item.key }}" mode: "{{ item.value.mode | default('0644') }}" - when: '"content" in item.value' - name: Generate /etc/fstab + when: openwrt_mounts is defined loop: "{{ openwrt_mounts }}" loop_control: label: "{{ item.path }}" @@ -68,7 +66,6 @@ boot: "{{ item.boot | default(omit) }}" dump: "{{ item.dump | default(omit) }}" passno: "{{ item.passno | default(omit) }}" - when: openwrt_mounts is defined - name: Create UCI configuration files @@ -83,20 +80,20 @@ # force: no ## TODO: fail when overwriting a file - name: Create /etc/passwd + when: openwrt_users is defined template: src: passwd.j2 dest: "{{ openwrt_imgbuilder_files }}/etc/passwd" mode: 0644 trim_blocks: yes - when: openwrt_users is defined - name: Create /etc/group + when: openwrt_groups is defined or openwrt_users is defined template: src: group.j2 dest: "{{ openwrt_imgbuilder_files }}/etc/group" mode: 0644 trim_blocks: yes - when: openwrt_groups is defined or openwrt_users is defined - name: extract image builder tarball unarchive: |