diff options
Diffstat (limited to 'inventory')
| -rw-r--r-- | inventory/group_vars/ele-ap/vars.yml | 15 | ||||
| -rw-r--r-- | inventory/group_vars/elevate-festival/vars.yml | 69 | ||||
| -rw-r--r-- | inventory/host_vars/ele-calypso.yml | 2 | ||||
| -rw-r--r-- | inventory/host_vars/ele-router-orpheum.yml (renamed from inventory/host_vars/ele-router-leslie.yml) | 12 | ||||
| -rw-r--r-- | inventory/host_vars/ele-router.yml | 405 | ||||
| -rw-r--r-- | inventory/host_vars/ele-thetys.yml | 8 | ||||
| -rw-r--r-- | inventory/hosts.ini | 10 |
7 files changed, 70 insertions, 451 deletions
diff --git a/inventory/group_vars/ele-ap/vars.yml b/inventory/group_vars/ele-ap/vars.yml index f7f31a37..dd9e9f6f 100644 --- a/inventory/group_vars/ele-ap/vars.yml +++ b/inventory/group_vars/ele-ap/vars.yml @@ -30,8 +30,8 @@ accesspoint_wifi_channels: ele-ap-hmtsaal1: 13 ele-ap-hmtsaal2: 9 ele-ap-hmtsaal3: 5 - ele-ap-leslie0: 3 - ele-ap-leslie1: 9 + ele-ap-orpheum0: 3 + ele-ap-orpheum1: 9 5g: # ele-ap-forum0: 40 # ele-ap-forum1: 48 @@ -51,8 +51,8 @@ accesspoint_wifi_channels: ele-ap-hmtsaal1: 48 ele-ap-hmtsaal2: 44 ele-ap-hmtsaal3: 40 - ele-ap-leslie0: 36 - ele-ap-leslie1: 48 + ele-ap-orpheum0: 36 + ele-ap-orpheum1: 48 accesspoint_wifi_txpower: 2g: @@ -74,8 +74,8 @@ accesspoint_wifi_txpower: ele-ap-hmtsaal1: 13 ele-ap-hmtsaal2: 9 ele-ap-hmtsaal3: 5 - ele-ap-leslie0: 3 - ele-ap-leslie1: 9 + ele-ap-orpheum0: 3 + ele-ap-orpheum1: 9 accesspoint_wifi_device_htmode: 2g: "HT20" @@ -97,9 +97,8 @@ accesspoint_client_steering: accesspoint_ntp_servers: -# - '{{ network_zones.mgmt.prefix | ansible.utils.ipaddr(network_zones.mgmt.offsets["ele-router"]) | ansible.utils.ipaddr("address") }}' - '{{ network_zones.mgmt.prefix | ansible.utils.ipaddr(network_zones.mgmt.offsets["ele-router-hmtsaal"]) | ansible.utils.ipaddr("address") }}' - - '{{ network_zones.mgmt.prefix | ansible.utils.ipaddr(network_zones.mgmt.offsets["ele-router-leslie"]) | ansible.utils.ipaddr("address") }}' + - '{{ network_zones.mgmt.prefix | ansible.utils.ipaddr(network_zones.mgmt.offsets["ele-router-orpheum"]) | ansible.utils.ipaddr("address") }}' prometheus_scrape_endpoint: "{{ network_mgmt_zone.prefix | ansible.utils.ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:9100" diff --git a/inventory/group_vars/elevate-festival/vars.yml b/inventory/group_vars/elevate-festival/vars.yml index 99ffdbcd..95c95bb1 100644 --- a/inventory/group_vars/elevate-festival/vars.yml +++ b/inventory/group_vars/elevate-festival/vars.yml @@ -106,14 +106,15 @@ network_zones: # ele-ap-kunsthaus0: 130 ### Orpheum - # ele-sw-orpheum0: 40 + ele-sw-orpheum0: 40 # ele-br-orpheum0: 49 # --> ele-br-uhrturm1 - # ele-ap-orpheum0: 140 + ele-ap-orpheum0: 140 + ele-ap-orpheum1: 141 ### Lesliehof - ele-sw-leslie0: 40 - ele-ap-leslie0: 140 - ele-ap-leslie1: 141 + # ele-sw-leslie0: 40 + # ele-ap-leslie0: 140 + # ele-ap-leslie1: 141 ### Uhrturm/Rosengarten/Uhrturm-Kasematten # ele-sw-uhrturm0: 50 @@ -161,14 +162,14 @@ network_zones: ele-ups-hmtsaal0: 210 ele-ups-hmtsaal1: 211 ele-ups-hmtsaal2: 212 - ele-ups-leslie0: 213 + ele-ups-orpheum0: 213 ### Other ele-tub: 240 datacop: 249 ch-equinox-t450s: 250 ele-router-emc: 251 - ele-router-leslie: 252 + ele-router-orpheum: 252 ele-router-hmtsaal: 253 ele-router: 254 @@ -260,32 +261,56 @@ network_zones: ssid: Dom key: "{{ vault_wifi_keys.dom_im_berg }}" - cc_leslie: - description: "citycom upstream @ Lesliehof (Fiber)" + cc_orpheum: + description: "citycom upstream @ Orpheum (Fiber)" vlan: 504 - prefix: 85.237.24.176/29 - gateway: 85.237.24.177 + # prefix: ?.?.?.?/29 + # gateway: ?.?.?.? + prefix: 192.168.28.0/24 + gateway: 192.168.28.254 dns: - - 217.29.144.65 - - 217.29.144.66 + - 1.1.1.1 + # - 217.29.144.65 + # - 217.29.144.66 offsets: ## citycom uses offset 1,2 and 3 - ele-router-leslie: 4 # 85.237.24.180 - ele-thetys: 5 # 85.237.24.181 + # ele-router-orpheum: 4 # ?.?.?.? + # ele-thetys: 5 # ?.?.?.? + ele-router-orpheum: 5 # 192.168.28.5 + ele-thetys: 6 # 192.168.28.6 + + # cc_leslie: + # description: "citycom upstream @ Lesliehof (Fiber)" + # vlan: 504 + # prefix: 85.237.24.176/29 + # gateway: 85.237.24.177 + # dns: + # - 217.29.144.65 + # - 217.29.144.66 + # offsets: + # ## citycom uses offset 1,2 and 3 + # ele-router-leslie: 4 # 85.237.24.180 + # ele-thetys: 5 # 85.237.24.181 cc_hmtsaal: description: "citycom upstream @ Heimatsaal (Fiber)" vlan: 508 - prefix: 109.73.146.224/29 - gateway: 109.73.146.225 + # prefix: 109.73.146.224/29 + # gateway: 109.73.146.225 + prefix: 192.168.28.0/24 + gateway: 192.168.28.254 dns: - - 217.29.144.65 - - 217.29.144.66 + - 1.1.1.1 + # - 217.29.144.65 + # - 217.29.144.66 offsets: ## citycom uses offset 1,2 and 3 - ele-router-hmtsaal: 4 # 109.73.146.228 - ele-router-emc: 5 # 109.73.146.229 - ele-telesto: 6 # 109.73.146.230 + # ele-router-hmtsaal: 4 # 109.73.146.228 + # ele-router-emc: 5 # 109.73.146.229 + # ele-telesto: 6 # 109.73.146.230 + ele-router-hmtsaal: 2 # 192.168.28.2 + ele-router-emc: 3 # 192.168.28.3 + ele-telesto: 4 # 192.168.28.4 funkfeuer: description: "funkfeuer access, subnet will be announced by olsr using HNA" diff --git a/inventory/host_vars/ele-calypso.yml b/inventory/host_vars/ele-calypso.yml index 74f437e5..91bcc1cd 100644 --- a/inventory/host_vars/ele-calypso.yml +++ b/inventory/host_vars/ele-calypso.yml @@ -72,7 +72,7 @@ kubernetes_standalone_cni_variant: with-portmap player_inst_name: emc-feed player_ffmpeg_image_version: bullseye-decklink11.7-2022-07-08.29 -#player_input: [ '-f', 'live_flv', '-rtmp_live', 'live', '-i', "rtmp://{{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr(network_zones.cc_leslie.offsets['ele-thetys']) | ansible.utils.ipaddr('address') }}/emc-feed/full" ] +#player_input: [ '-f', 'live_flv', '-rtmp_live', 'live', '-i', "rtmp://{{ network_zones.cc_orpheum.prefix | ansible.utils.ipaddr(network_zones.cc_orpheum.offsets['ele-thetys']) | ansible.utils.ipaddr('address') }}/emc-feed/full" ] player_input: [ '-stream_loop', '-1', '-i', '/srv/videos/Big Buck Bunny 1080p 60fps.mp4' ] player_output: [ '-ac', '2', '-pix_fmt', 'uyvy422', '-s', '1920x1080' ,'-r', '50','-f', 'decklink', 'DeckLink Mini Monitor 4K' ] player_volume_mounts: diff --git a/inventory/host_vars/ele-router-leslie.yml b/inventory/host_vars/ele-router-orpheum.yml index 1aa9a2b2..249f5d52 100644 --- a/inventory/host_vars/ele-router-leslie.yml +++ b/inventory/host_vars/ele-router-orpheum.yml @@ -13,10 +13,10 @@ openwrt_network_external: options: device: 'eth1' proto: static - ipaddr: "{{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr(network_zones.cc_leslie.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr('netmask') }}" - gateway: "{{ network_zones.cc_leslie.gateway }}" - dns: "{{ network_zones.cc_leslie.dns }}" + ipaddr: "{{ network_zones.cc_orpheum.prefix | ansible.utils.ipaddr(network_zones.cc_orpheum.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" + netmask: "{{ network_zones.cc_orpheum.prefix | ansible.utils.ipaddr('netmask') }}" + gateway: "{{ network_zones.cc_orpheum.gateway }}" + dns: "{{ network_zones.cc_orpheum.dns }}" accept_ra: 0 openwrt_network_internal: "{{ openwrt_network_internal_yaml | from_yaml }}" @@ -97,7 +97,7 @@ openwrt_dhcp_base: leasefile: '/tmp/dhcp.leases' resolvfile: '/tmp/resolv.conf.auto' localservice: '1' - server: "{{ network_zones.cc_leslie.dns }}" + server: "{{ network_zones.cc_orpheum.dns }}" - name: odhcpd 'odhcpd' options: @@ -180,7 +180,7 @@ openwrt_mixin: flush ruleset define nic_citycom = eth1 - define ip_citycom = {{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr(network_zones.cc_leslie.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }} + define ip_citycom = {{ network_zones.cc_orpheum.prefix | ansible.utils.ipaddr(network_zones.cc_orpheum.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }} define nic_mgmt = "eth0.{{ network_mgmt_zone.vlan }}" define prefix_mgmt = {{ network_mgmt_zone.prefix }} diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml deleted file mode 100644 index bddb40e8..00000000 --- a/inventory/host_vars/ele-router.yml +++ /dev/null @@ -1,405 +0,0 @@ ---- -ssh_users_root: - - equinox - - datacop - -network_mgmt_zone: "{{ network_zones.mgmt }}" - - -wireguard_keys: - gwhetzner: - pub: "fqaKDJbSj6V0H98d78d/lnFLolefgp6zDPH9bN4+zUY=" - priv: "{{ vault_wireguard_priv_keys.gwhetzner }}" - -wireguard_gateway_tunnels: - wg-emc: - priv_key: "{{ wireguard_keys.gwhetzner.priv }}" - addresses: - - 192.168.254.6/30 - default_gateway: - inner: 192.168.254.5 - peers: - - pub_key: "{{ hostvars['ele-gwhetzner'].wireguard_keys.emc.pub }}" - endpoint: - host: 178.63.180.138 # TODO: fix this variable "{{ hostvars['ele-gwhetzner'].external_ip }}" - port: 51821 - keepalive_interval: 15 - allowed_ips: - - 0.0.0.0/0 - -openwrt_network_external: - - name: interface 'wanmur' - options: - device: 'eth5' - proto: static - ipaddr: "{{ network_zones.murat_transfer.prefix | ansible.utils.ipaddr(network_zones.murat_transfer.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.murat_transfer.prefix | ansible.utils.ipaddr('netmask') }}" - accept_ra: 0 - - - name: rule - options: - priority: 41050 - src: "{{ network_zones.murat_transfer.prefix | ansible.utils.ipaddr(network_zones.murat_transfer.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}/32" - lookup: 105 - - - name: rule - options: - priority: 41051 - mark: 105 - lookup: 105 - - - name: route 'murdefault' - options: - interface: 'wanmur' - table: 105 - target: '0.0.0.0/0' - gateway: "{{ network_zones.murat_transfer.prefix | ansible.utils.ipaddr(network_zones.murat_transfer.offsets['ele-mur']) | ansible.utils.ipaddr('address') }}" - - - - name: interface 'wanlte' - options: - device: 'eth4' - proto: static - ipaddr: "{{ network_zones.datacop_lte.prefix | ansible.utils.ipaddr(network_zones.datacop_lte.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_zones.datacop_lte.prefix | ansible.utils.ipaddr('netmask') }}" - accept_ra: 0 - - - name: rule - options: - priority: 41040 - src: "{{ network_zones.datacop_lte.prefix | ansible.utils.ipaddr(network_zones.datacop_lte.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}/32" - lookup: 104 - - - name: rule - options: - priority: 41041 - mark: 104 - lookup: 104 - - - name: route 'ltedefault' - options: - interface: 'wanlte' - table: 104 - target: '0.0.0.0/0' - gateway: "{{ network_zones.datacop_lte.gateway }}" - - - name: rule - options: - priority: 50000 - lookup: 105 - - -network_internal_zone_names__wanmur: - - lan - - guest - - mixer - - infoscreens -network_internal_zone_names__wanlte: [] -network_internal_zone_names__wgemc: - - emc - -network_internal_zone_names: "{{ network_internal_zone_names__wanmur + network_internal_zone_names__wanlte + network_internal_zone_names__wgemc }}" -openwrt_network_internal: "{{ openwrt_network_internal_yaml | from_yaml }}" -openwrt_network_internal_yaml: | - {% for zone_name in network_internal_zone_names %} - - name: "interface '{{ zone_name }}'" - options: - device: "eth0.{{ network_zones[zone_name].vlan }}" - proto: static - ipaddr: "{{ network_zones[zone_name].gateway }}" - netmask: "{{ network_zones[zone_name].prefix | ansible.utils.ipaddr('netmask') }}" - accept_ra: 0 - {% endfor %} - - -openwrt_network_base: - - name: globals 'globals' - options: - ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48" - - - name: interface 'loopback' - options: - device: lo - proto: static - ipaddr: 127.0.0.1 - netmask: 255.0.0.0 - - - name: interface 'mgmt' - options: - device: "eth0.{{ network_mgmt_zone.vlan }}" - proto: static - ipaddr: "{{ network_mgmt_zone.prefix | ansible.utils.ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" - netmask: "{{ network_mgmt_zone.prefix | ansible.utils.ipaddr('netmask') }}" - accept_ra: 0 - - - -openwrt_dhcp_external: - - name: dhcp 'wanmur' - options: - interface: 'wanmur' - ignore: '1' - - - name: dhcp 'wanlte' - options: - interface: 'wanlte' - ignore: '1' - - -openwrt_dhcp_internal: "{{ openwrt_dhcp_internal_yaml | from_yaml }}" -openwrt_dhcp_internal_yaml: | - {% for zone_name in network_internal_zone_names %} - - name: "dhcp '{{ zone_name }}'" - options: - interface: "{{ zone_name }}" - {% if 'dhcp' in network_zones[zone_name] %} - start: {{ network_zones[zone_name].dhcp.start }} - limit: {{ network_zones[zone_name].dhcp.limit }} - leasetime: {{ network_zones[zone_name].dhcp.leasetime | default('12h') }} - dhcpv6: 'disabled' - ra: 'disabled' - {% else %} - ignore: '1' - {% endif %} - {% endfor %} - - -openwrt_dhcp_base: - - name: dnsmasq - options: - domainneeded: '1' - boguspriv: '0' - filterwin2k: '0' - localise_queries: '1' - rebind_protection: '0' - rebind_localhost: '1' - local: '/lan/' - domain: 'lan' - expandhosts: '1' - nonegcache: '0' - authoritative: '1' - readethers: '1' - leasefile: '/tmp/dhcp.leases' - resolvfile: '/tmp/resolv.conf.auto' - localservice: '1' - server: - - 1.1.1.1 - - - name: odhcpd 'odhcpd' - options: - maindhcp: '0' - leasefile: '/tmp/hosts/odhcpd' - leasetrigger: '/usr/sbin/odhcpd-update' - - - name: dhcp 'mgmt' - options: - interface: 'mgmt' - ignore: '1' - - -openwrt_arch: x86 -openwrt_target: 64 -openwrt_profile: generic -openwrt_output_image_suffixes: - - "{{ openwrt_profile }}-ext4-combined.img.gz" - -openwrt_packages_remove: - - ppp - - ppp-mod-pppoe - - firewall - - odhcpd-ipv6only -openwrt_packages_add: - - kmod-ipt-nat - - kmod-ipt-conntrack - - haveged - - htop - - ip - - less - - nano - - tcpdump-mini - - iperf - - iperf3 - - mtr - - iptraf-ng - - qos-scripts - - wireguard - - prometheus-node-exporter-lua - - prometheus-node-exporter-lua-nat_traffic - - prometheus-node-exporter-lua-netstat - - prometheus-node-exporter-lua-openwrt - - -openwrt_mixin: - /etc/dropbear/authorized_keys: - content: "{{ ssh_keys_root | join('\n') }}\n" - - /etc/htoprc: - file: "{{ global_files_dir }}/common/htoprc" - - /etc/wireguard/wg-emc.priv: - content: "{{ wireguard_gateway_tunnels['wg-emc'].priv_key }}\n" - mode: "0600" - - /etc/rc.d/S21network-wgemc: - link: "../init.d/network-wgemc" - - /etc/rc.d/K91network-wgemc: - link: "../init.d/network-wgemc" - - /etc/init.d/network-wgemc: - mode: "0755" - content: | - #!/bin/sh /etc/rc.common - - START=21 - STOP=91 - - start() { - ip link add dev wg-emc type wireguard - wg set wg-emc fwmark 105 private-key /etc/wireguard/wg-emc.priv - - {% for peer in wireguard_gateway_tunnels['wg-emc'].peers %} - wg set wg-emc peer {{ peer.pub_key }} endpoint {{ peer.endpoint.host }}:{{ peer.endpoint.port }} persistent-keepalive {{ peer.keepalive_interval }} allowed-ips {{ peer.allowed_ips | join(',') }} - {% endfor %} - - {% for addr in wireguard_gateway_tunnels['wg-emc'].addresses %} - ip addr add dev wg-emc {{ addr }} - {% endfor %} - ip link set up dev wg-emc - - ip route add default via {{ wireguard_gateway_tunnels['wg-emc'].default_gateway.inner }} table 200 proto static - } - - stop() { - ip link del dev wg-emc - } - - /etc/rc.d/S22network-fw: - link: "../init.d/network-fw" - - /etc/rc.d/K92network-fw: - link: "../init.d/network-fw" - - /etc/init.d/network-fw: - mode: "0755" - content: | - #!/bin/sh /etc/rc.common - - START=22 - STOP=91 - - start() { - ### management - MGMT_IF=$(uci get network.mgmt.device) - MGMT_IPADDR=$(uci get network.mgmt.ipaddr) - MGMT_NETMASK=$(uci get network.mgmt.netmask) - iptables -A INPUT -i lo -d 127.0.0.0/8 -j ACCEPT - iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT - - - ### external zones - # mur - iptables -A INPUT -i "eth5" -p icmp -j ACCEPT - iptables -A INPUT -i "eth5" -p tcp --dport {{ ansible_port }} -j ACCEPT - iptables -A INPUT -i "eth5" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - # LTE - iptables -A INPUT -i "eth4" -p icmp -j ACCEPT - iptables -A INPUT -i "eth4" -p tcp --dport {{ ansible_port }} -j ACCEPT - iptables -A INPUT -i "eth4" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - # Wireguard EMC - iptables -A INPUT -i "wg-emc" -p icmp -j ACCEPT - iptables -A INPUT -i "wg-emc" -p tcp --dport {{ ansible_port }} -j ACCEPT - iptables -A INPUT -i "wg-emc" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -A FORWARD -o "wg-emc" -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu - - - ### internal zones - {% for zone_name in network_internal_zone_names %} - # {{ zone_name }} - {% if 'dhcp' in network_zones[zone_name] %} - iptables -A INPUT -i "eth0.{{ network_zones[zone_name].vlan }}" -p udp --dport 67 --sport 68 -j ACCEPT - {% endif %} - {% if 'dhcp' in network_zones[zone_name] or network_zones[zone_name].gateway in network_zones[zone_name].dns %} - iptables -A INPUT -i "eth0.{{ network_zones[zone_name].vlan }}" -p udp --dport 53 -d "{{ network_zones[zone_name].gateway }}" -s "{{ network_zones[zone_name].prefix }}" -j ACCEPT - iptables -A INPUT -i "eth0.{{ network_zones[zone_name].vlan }}" -p tcp --dport 53 -d "{{ network_zones[zone_name].gateway }}" -s "{{ network_zones[zone_name].prefix }}" -j ACCEPT - {% endif %} - iptables -A INPUT -i "eth0.{{ network_zones[zone_name].vlan }}" -p icmp -d "{{ network_zones[zone_name].gateway }}" -s "{{ network_zones[zone_name].prefix }}" -j ACCEPT - iptables -A INPUT -i "eth0.{{ network_zones[zone_name].vlan }}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - - {% if zone_name in network_internal_zone_names__wanmur %} - {% set ext_interface = "eth5" %} - {% set rt_table = "105" %} - {% elif zone_name in network_internal_zone_names__wanlte %} - {% set ext_interface = "eth4" %} - {% set rt_table = "104" %} - {% elif zone_name in network_internal_zone_names__wgemc %} - {% set ext_interface = "wg-emc" %} - {% set rt_table = "200" %} - {% endif %} - iptables -A FORWARD -i "eth0.{{ network_zones[zone_name].vlan }}" -o "{{ ext_interface }}" -s "{{ network_zones[zone_name].prefix }}" -j ACCEPT - iptables -A FORWARD -i "{{ ext_interface }}" -o "eth0.{{ network_zones[zone_name].vlan }}" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT - iptables -t nat -A POSTROUTING -o "{{ ext_interface }}" -s "{{ network_zones[zone_name].prefix }}" -j MASQUERADE - ip rule add pref {{ loop.index + 33000 }} iif "eth0.{{ network_zones[zone_name].vlan }}" lookup {{ rt_table }} - - {% endfor %} - - ### - iptables -P INPUT DROP - iptables -P FORWARD DROP - } - - stop() { - iptables -P INPUT ACCEPT - iptables -F INPUT - iptables -P FORWARD ACCEPT - iptables -F FORWARD - iptables -t nat -F POSTROUTING - {% for zone_name in network_internal_zone_names %} - ip rule del pref {{ loop.index + 33000 }} - {% endfor %} - } - - -openwrt_uci: - system: - - name: system - options: - hostname: '{{ host_name }}' - timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' - ttylogin: '0' - log_size: '64' - urandom_seed: '0' - - - name: timeserver 'ntp' - options: - enabled: '1' - enable_server: '0' - server: - - '0.lede.pool.ntp.org' - - '1.lede.pool.ntp.org' - - '2.lede.pool.ntp.org' - - '3.lede.pool.ntp.org' - - dropbear: - - name: dropbear - options: - PasswordAuth: 'off' - RootPasswordAuth: 'off' - Port: '{{ ansible_port }}' - - prometheus-node-exporter-lua: - - name: prometheus-node-exporter-lua 'main' - options: - listen_interface: 'mgmt' - listen_ipv6: '0' - listen_port: '9100' - - dhcp: "{{ openwrt_dhcp_base + openwrt_dhcp_internal + openwrt_dhcp_external }}" - network: "{{ openwrt_network_base + openwrt_network_internal + openwrt_network_external }}" - - -prometheus_scrape_endpoint: "{{ network_mgmt_zone.prefix | ansible.utils.ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:9100" -prometheus_exporters_default: - - openwrt diff --git a/inventory/host_vars/ele-thetys.yml b/inventory/host_vars/ele-thetys.yml index d8a00b4d..1fee8710 100644 --- a/inventory/host_vars/ele-thetys.yml +++ b/inventory/host_vars/ele-thetys.yml @@ -8,12 +8,12 @@ install: - "consoleblank=0" network: - nameservers: "{{ network_zones.cc_leslie.dns }}" + nameservers: "{{ network_zones.cc_orpheum.dns }}" domain: "{{ host_domain }}" primary: &_network_primary_ name: eno1 - address: "{{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr(network_zones.cc_leslie.offsets[inventory_hostname]) }}" - gateway: "{{ network_zones.cc_leslie.gateway }}" + address: "{{ network_zones.cc_orpheum.prefix | ansible.utils.ipaddr(network_zones.cc_orpheum.offsets[inventory_hostname]) }}" + gateway: "{{ network_zones.cc_orpheum.gateway }}" interfaces: - *_network_primary_ @@ -54,7 +54,7 @@ prometheus_exporter_node_textfile_collector_scripts: prometheus_job_multitarget_blackbox__probe: ele-calypso: - instance: "ssh-{{ inventory_hostname }}" - target: "{{ network_zones.cc_leslie.prefix | ansible.utils.ipaddr(network_zones.cc_leslie.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}" + target: "{{ network_zones.cc_orpheum.prefix | ansible.utils.ipaddr(network_zones.cc_orpheum.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:{{ ansible_port | default(22) }}" module: ssh_banner diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 515998aa..97b3ac21 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -192,7 +192,7 @@ env_group=dan ele-media host_name=media ele-router ele-router-hmtsaal -ele-router-leslie +ele-router-orpheum ele-router-emc ele-telesto host_name=telesto ele-thetys host_name=thetys @@ -228,7 +228,7 @@ ele-infobeamer # ele-ap-uhrturm0 # ele-ap-nextlib[0:6] ele-ap-hmtsaal[0:3] -ele-ap-leslie[0:1] +ele-ap-orpheum[0:1] [ele-ups] # ele-ups-forum[0:1] @@ -236,7 +236,7 @@ ele-ap-leslie[0:1] # ele-ups-parkhouse0 # ele-ups-nextlib[0:3] ele-ups-hmtsaal[0:2] -ele-ups-leslie0 +ele-ups-orpheum0 [ele-dolmetsch-raspi] ele-dol-raspi0 @@ -289,7 +289,7 @@ glt-gw-r3 glt-gw-tug ele-router ele-router-hmtsaal -ele-router-leslie +ele-router-orpheum ele-router-emc ele-uhrturm ele-orpheum @@ -453,7 +453,7 @@ ele-telesto #ele-router-emc #ele-ap-hmtsaal[0:3] #ele-ups-hmtsaal[0:2] -#ele-router-leslie +#ele-router-orpheum #ele-thetys [promzone-elevate-festival:children] #ele-ap |