summaryrefslogtreecommitdiff
path: root/inventory/host_vars/glt-gw-tug.yml
diff options
context:
space:
mode:
Diffstat (limited to 'inventory/host_vars/glt-gw-tug.yml')
-rw-r--r--inventory/host_vars/glt-gw-tug.yml177
1 files changed, 0 insertions, 177 deletions
diff --git a/inventory/host_vars/glt-gw-tug.yml b/inventory/host_vars/glt-gw-tug.yml
deleted file mode 100644
index 5e1d0a45..00000000
--- a/inventory/host_vars/glt-gw-tug.yml
+++ /dev/null
@@ -1,177 +0,0 @@
----
-openwrt_arch: x86
-openwrt_target: 64
-openwrt_profile: generic
-openwrt_output_image_suffixes:
- - "{{ openwrt_profile }}-ext4-combined.img.gz"
-
-openwrt_packages_remove:
- - ppp
- - ppp-mod-pppoe
- - firewall
-openwrt_packages_add:
- - kmod-ipt-nat
- - kmod-ipt-conntrack
- - haveged
- - htop
- - ip
- - less
- - nano
- - tcpdump-mini
- - iperf
- - iperf3
- - mtr
- - iptraf-ng
-
-
-openwrt_mixin:
- /etc/dropbear/authorized_keys:
- content: "{{ ssh_keys_root | join('\n') }}\n"
-
- /etc/htoprc:
- file: "{{ global_files_dir }}/common/htoprc"
-
- /etc/rc.d/S22network-fw:
- link: "../init.d/network-fw"
-
- /etc/rc.d/K92network-fw:
- link: "../init.d/network-fw"
-
- /etc/init.d/network-fw:
- mode: "0755"
- content: |
- #!/bin/sh /etc/rc.common
-
- START=22
- STOP=91
-
- start() {
- WAN_IF=$(uci get network.wan.device)
- LAN_IF="br-lan"
- LAN_IP=$(uci get network.lan.ipaddr)
- LAN_MASK=$(uci get network.lan.netmask)
-
- iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
-
- ### external incoming
- iptables -A INPUT -i "$WAN_IF" -p icmp -j ACCEPT
- iptables -A INPUT -i "$WAN_IF" -p tcp --dport {{ ansible_port }} -j ACCEPT
- iptables -A INPUT -i "$WAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-
- ### internal
- iptables -A INPUT -i "$LAN_IF" -p udp --dport 67 --sport 68 -j ACCEPT
- iptables -A INPUT -i "$LAN_IF" -p udp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
- iptables -A INPUT -i "$LAN_IF" -p tcp --dport 53 -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
-
- iptables -A INPUT -i "$LAN_IF" -p icmp -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
- iptables -A INPUT -i "$LAN_IF" -p tcp --dport {{ ansible_port }} -d "$LAN_IP" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
- iptables -A INPUT -i "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-
- iptables -A FORWARD -i "$LAN_IF" -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j ACCEPT
- iptables -A FORWARD -i "$WAN_IF" -o "$LAN_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
- iptables -t nat -A POSTROUTING -o "$WAN_IF" -s "$LAN_IP/$LAN_MASK" -j MASQUERADE
-
- ### default policies
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- }
-
- stop() {
- iptables -P INPUT ACCEPT
- iptables -F INPUT
- iptables -P FORWARD ACCEPT
- iptables -F FORWARD
- iptables -t nat -F POSTROUTING
- }
-
-openwrt_uci:
- system:
- - name: system
- options:
- hostname: '{{ host_name }}'
- timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
- ttylogin: '0'
- log_size: '64'
- urandom_seed: '0'
-
- - name: timeserver 'ntp'
- options:
- enabled: '1'
- enable_server: '0'
- server:
- - '0.lede.pool.ntp.org'
- - '1.lede.pool.ntp.org'
- - '2.lede.pool.ntp.org'
- - '3.lede.pool.ntp.org'
-
- dropbear:
- - name: dropbear
- options:
- PasswordAuth: 'off'
- RootPasswordAuth: 'off'
- Port: '{{ ansible_port }}'
-
- dhcp:
- - name: dnsmasq
- options:
- domainneeded: '1'
- boguspriv: '0'
- filterwin2k: '0'
- localise_queries: '1'
- rebind_protection: '0'
- rebind_localhost: '1'
- local: '/lan/'
- domain: 'lan'
- expandhosts: '1'
- nonegcache: '0'
- authoritative: '1'
- readethers: '1'
- leasefile: '/tmp/dhcp.leases'
- resolvfile: '/tmp/resolv.conf.auto'
- localservice: '1'
-
- - name: odhcpd 'odhcpd'
- options:
- maindhcp: '0'
- leasefile: '/tmp/hosts/odhcpd'
- leasetrigger: '/usr/sbin/odhcpd-update'
-
- - name: dhcp 'wan'
- options:
- interface: 'wan'
- ignore: '1'
-
- - name: dhcp 'lan'
- options:
- interface: 'lan'
- start: "{{ network_zones.tug_lan.dhcp.start }}"
- limit: "{{ network_zones.tug_lan.dhcp.limit }}"
- leasetime: "{{ network_zones.tug_lan.dhcp.leasetime | default('12h') }}"
- dhcpv6: 'disabled'
- ra: 'disabled'
-
- network:
- - name: globals 'globals'
- options:
- ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
-
- - name: interface 'loopback'
- options:
- device: lo
- proto: static
- ipaddr: 127.0.0.1
- netmask: 255.0.0.0
-
- - name: interface 'lan'
- options:
- type: bridge
- device: "eth0 eth1 eth2 eth3 eth4"
- proto: static
- ipaddr: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr(network_zones.tug_lan.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}"
- netmask: "{{ network_zones.tug_lan.prefix | ansible.utils.ipaddr('netmask') }}"
-
- - name: interface 'wan'
- options:
- device: eth5
- proto: dhcp
- macaddr: 00:11:22:33:44:55