1 files changed, 125 insertions, 122 deletions

diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
index 8b92a94f..79ee5871 100644
--- a/inventory/host_vars/ele-router.yml
+++ b/inventory/host_vars/ele-router.yml
@@ -1,4 +1,116 @@
 ---
+network_wan_zone: "{{ network_zones.dom }}"
+network_mgmt_zone: "{{ network_zones.mgmt }}"
+network_internal_zone_names:
+  - lan
+  - guest
+  - infobeamer
+
+
+openwrt_network_external:
+  # - name: interface 'wan'
+  #   options:
+  #     ifname: eth0
+  #     proto: dhcp
+
+  - name: interface 'wan'
+    options:
+      ifname: "eth0.{{ network_wan_zone.vlan }}"
+      accept_ra: 0
+      proto: static
+      ipaddr: "{{ network_wan_zone.prefix | ipaddr(network_wan_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
+      netmask: "{{ network_wan_zone.prefix | ipaddr('netmask') }}"
+      gateway: "{{ network_wan_zone.gw }}"
+      dns: "{{ network_wan_zone.dns }}"
+
+openwrt_network_internal: "{{ openwrt_network_internal_yaml | from_yaml }}"
+openwrt_network_internal_yaml: |
+  {% for zone_name in network_internal_zone_names %}
+  - name: "interface '{{ zone_name }}'"
+    options:
+      ifname: "eth1.{{ network_zones[zone_name].vlan }}"
+      accept_ra: 0
+      proto: static
+      ipaddr: "{{ network_zones[zone_name].gw }}"
+      netmask: "{{ network_zones[zone_name].prefix | ipaddr('netmask') }}"
+  {% endfor %}
+
+openwrt_network_base:
+  - name: globals 'globals'
+    options:
+      ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
+
+  - name: interface 'loopback'
+    options:
+      ifname: lo
+      proto: static
+      ipaddr: 127.0.0.1
+      netmask: 255.0.0.0
+
+  - name: interface 'mgmt'
+    options:
+      ifname: "eth1.{{ network_mgmt_zone.vlan }}"
+      accept_ra: 0
+      proto: static
+      ipaddr: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
+      netmask: "{{ network_mgmt_zone.prefix | ipaddr('netmask') }}"
+
+
+openwrt_dhcp_external:
+  - name: dhcp 'wan'
+    options:
+      interface: 'wan'
+      ignore: '1'
+
+openwrt_dhcp_internal: "{{ openwrt_dhcp_internal_yaml | from_yaml }}"
+openwrt_dhcp_internal_yaml: |
+  {% for zone_name in network_internal_zone_names %}
+  - name: "dhcp '{{ zone_name }}'"
+    options:
+      interface: "{{ zone_name }}"
+  {%  if 'dhcp' in network_zones[zone_name] %}
+      start: {{ network_zones[zone_name].dhcp.start }}
+      limit: {{ network_zones[zone_name].dhcp.limit }}
+      leasetime: {{ network_zones[zone_name].dhcp.leasetime | default('12h') }}
+      dhcpv6: 'disabled'
+      ra: 'disabled'
+  {%  else %}
+      ignore: '1'
+  {%  endif %}
+  {% endfor %}
+
+openwrt_dhcp_base:
+  - name: dnsmasq
+    options:
+      domainneeded: '1'
+      boguspriv: '1'
+      filterwin2k: '0'
+      localise_queries: '1'
+      rebind_protection: '1'
+      rebind_localhost: '1'
+      local: '/lan/'
+      domain: 'lan'
+      expandhosts: '1'
+      nonegcache: '0'
+      authoritative: '1'
+      readethers: '1'
+      leasefile: '/tmp/dhcp.leases'
+      resolvfile: '/tmp/resolv.conf.auto'
+      localservice: '1'
+
+  - name: odhcpd 'odhcpd'
+    options:
+      maindhcp: '0'
+      leasefile: '/tmp/hosts/odhcpd'
+      leasetrigger: '/usr/sbin/odhcpd-update'
+
+  - name: dhcp 'mgmt'
+    options:
+      interface: 'mgmt'
+      ignore: '1'
+
+
+
 openwrt_variant: lede
 openwrt_release: 17.01.6
 openwrt_arch: ar71xx
@@ -28,6 +140,7 @@ openwrt_packages_add:
   - qos-scripts
 
 
+
 openwrt_mixin:
   /etc/dropbear/authorized_keys:
     content: "{{ ssh_keys_root | join('\n') }}\n"
@@ -35,7 +148,7 @@ openwrt_mixin:
   /etc/htoprc:
     file: "{{ global_files_dir }}/common/htoprc"
 
-    ## TODO: this needs to be activated...
+    ## TODO: this script needs to be activated ... probably using a symlink file?
   /etc/init.d/network-nat:
     mode: "0755"
     content: |
@@ -48,12 +161,17 @@ openwrt_mixin:
 
       network_get_device WAN_IF "wan"
 
-      network_get_subnets LAN_NETS "lan"
-      network_get_subnets GUEST_NETS "guest"
-      network_get_subnets INFO_NETS "infobeamer"
+      {% for zone_name in network_internal_zone_names %}
+      network_get_subnets NETS "{{ zone_name }}"
+      {%   if loop.first %}
+      INTERNAL_NETS="$NETS"
+      {%   else %}
+      INTERNAL_NETS="INTERNAL_NETS $NETS"
+      {%   endif %}
+      {% endfor %}
 
       start() {
-        for net in $LAN_NETS $GUEST_NETS $INFO_NETS; do
+        for net in $INTERNAL_NETS; do
           iptables -t nat -A POSTROUTING -o $WAN_IF -s $net -j MASQUERADE
         done;
       }
@@ -90,121 +208,6 @@ openwrt_uci:
         RootPasswordAuth: 'off'
         Port: '22000'
 
-  dhcp:
-    - name: dnsmasq
-      options:
-        domainneeded: '1'
-        boguspriv: '1'
-        filterwin2k: '0'
-        localise_queries: '1'
-        rebind_protection: '1'
-        rebind_localhost: '1'
-        local: '/lan/'
-        domain: 'lan'
-        expandhosts: '1'
-        nonegcache: '0'
-        authoritative: '1'
-        readethers: '1'
-        leasefile: '/tmp/dhcp.leases'
-        resolvfile: '/tmp/resolv.conf.auto'
-        localservice: '1'
-
-    - name: odhcpd 'odhcpd'
-      options:
-        maindhcp: '0'
-        leasefile: '/tmp/hosts/odhcpd'
-        leasetrigger: '/usr/sbin/odhcpd-update'
-
-    - name: dhcp 'mgmt'
-      options:
-        interface: 'mgmt'
-        ignore: '1'
-
-    - name: dhcp 'lan'
-      options:
-        interface: 'lan'
-        start: '1'
-        limit: '199'
-        leasetime: '12h'
-        dhcpv6: 'disabled'
-        ra: 'disabled'
-
-    - name: dhcp 'guest'
-      options:
-        interface: 'guest'
-        start: '1'
-        limit: '199'
-        leasetime: '12h'
-        dhcpv6: 'disabled'
-        ra: 'disabled'
-
-    - name: dhcp 'infobeamer'
-      options:
-        interface: 'infobeamer'
-        start: '100'
-        limit: '199'
-        leasetime: '12h'
-        dhcpv6: 'disabled'
-        ra: 'disabled'
-
+  dhcp: "{{ openwrt_dhcp_base + openwrt_dhcp_internal + openwrt_dhcp_external }}"
 
-  network:
-    - name: globals 'globals'
-      options:
-        ula_prefix: fdc9:e01f:83db::/48
-
-    - name: interface 'loopback'
-      options:
-        ifname: lo
-        proto: static
-        ipaddr: 127.0.0.1
-        netmask: 255.0.0.0
-
-    - name: interface 'wan'
-      options:
-        ifname: eth0
-        proto: dhcp
-
-    # - name: interface 'wan'
-    #   options:
-    #     ifname: eth0.91
-    #     accept_ra: 0
-    #     proto: static
-    #     ipaddr: 85.237.28.228
-    #     netmask: 255.255.255.240
-    #     gateway: 85.237.28.225
-    #     dns:
-    #       - 217.19.144.65
-    #       - 217.19.144.66
-
-    - name: interface 'mgmt'
-      options:
-        ifname: eth1.42
-        accept_ra: 0
-        proto: static
-        ipaddr: 192.168.42.254
-        netmask: 255.255.255.0
-
-    - name: interface 'lan'
-      options:
-        ifname: eth1.18
-        accept_ra: 0
-        proto: static
-        ipaddr: 192.168.18.254
-        netmask: 255.255.255.0
-
-    - name: interface 'guest'
-      options:
-        ifname: eth1.23
-        accept_ra: 0
-        proto: static
-        ipaddr: 192.168.23.254
-        netmask: 255.255.255.0
-
-    - name: interface 'infobeamer'
-      options:
-        ifname: eth1.73
-        accept_ra: 0
-        proto: static
-        ipaddr: 192.168.73.254
-        netmask: 255.255.255.0
+  network: "{{ openwrt_network_base + openwrt_network_internal + openwrt_network_external }}"