From 4150a0de644085e928cdbd5a2c08cc74f6f5caf6 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Fri, 1 Oct 2021 13:51:00 +0200
Subject: accesspoint upgrade to openwrt 21.02

---
 inventory/group_vars/accesspoints/vars.yml     | 89 +++++++++++++++++++++-----
 inventory/group_vars/chaos-at-home-ap/vars.yml | 38 -----------
 inventory/group_vars/ele-ap/vars.yml           | 38 -----------
 3 files changed, 73 insertions(+), 92 deletions(-)

diff --git a/inventory/group_vars/accesspoints/vars.yml b/inventory/group_vars/accesspoints/vars.yml
index 59d10b07..8dc28aea 100644
--- a/inventory/group_vars/accesspoints/vars.yml
+++ b/inventory/group_vars/accesspoints/vars.yml
@@ -9,27 +9,61 @@ accesspoint_wireless_frequencies:
   - 5g
 
 
-accesspoint_network_base:
+accesspoint_network_base: "{{ accesspoint_network_base_yaml | from_yaml }}"
+accesspoint_network_base_yaml: |
   - name: globals 'globals'
     options:
       ula_prefix: "fc{{ '%02x:%04x:%04x' | format((255 | random(seed=inventory_hostname + '0')), (65535 | random(seed=inventory_hostname + '1')), (65535 | random(seed=inventory_hostname + '2'))) }}::/48"
 
   - name: interface 'loopback'
     options:
-      ifname: lo
+      device: lo
       proto: static
       ipaddr: 127.0.0.1
       netmask: 255.0.0.0
 
+  {% if 'vlan' in network_mgmt_zone %}
+  - name: device
+    options:
+      type: 8021q
+      ifname: "{{ accesspoint_wired_interface }}"
+      vid: {{ network_mgmt_zone.vlan }}
+      name: "{{ accesspoint_wired_interface }}.{{ network_mgmt_zone.vlan }}"
+
+  {% endif %}
   - name: interface 'mgmt'
     options:
-      ifname: "{{ accesspoint_wired_interface }}{% if 'vlan' in network_mgmt_zone %}.{{ network_mgmt_zone.vlan }}{% endif %}"
+      device: "{{ accesspoint_wired_interface }}{% if 'vlan' in network_mgmt_zone %}.{{ network_mgmt_zone.vlan }}{% endif %}"
       accept_ra: 0
       proto: static
       ipaddr: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
       netmask: "{{ network_mgmt_zone.prefix | ipaddr('netmask') }}"
 
-accesspoint_network_zones: {}
+
+accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
+accesspoint_network_zones_yaml: |
+  {% for zone_name in accesspoint_zones.keys() %}
+  - name: device
+    options:
+      type: 8021q
+      ifname: "{{ accesspoint_wired_interface }}"
+      vid: {{ network_zones[zone_name].vlan }}
+      name: "{{ accesspoint_wired_interface }}.{{ network_zones[zone_name].vlan }}"
+
+  - name: device
+    options:
+      type: bridge
+      name: "br-{{ zone_name }}"
+      ports:
+      - "{{ accesspoint_wired_interface }}.{{ network_zones[zone_name].vlan }}"
+
+  - name: "interface '{{ zone_name }}'"
+    options:
+      device: "br-{{ zone_name }}"
+      accept_ra: 0
+      proto: none
+  {% endfor %}
+
 
 
 accesspoint_wireless_devices:
@@ -41,6 +75,7 @@ accesspoint_wireless_devices:
       country: AT
       path: "{{ accesspoint_wireless_device_paths['5g'] }}"
       htmode: 'VHT80'
+      cell_density: '0'
 
   - name: wifi-device 'radio2g4'
     options:
@@ -50,14 +85,41 @@ accesspoint_wireless_devices:
       country: AT
       path: "{{ accesspoint_wireless_device_paths['2g4'] }}"
       htmode: 'HT20'
+      cell_density: '0'
+
+
+## TODO: set up 802.11r see:
+##        * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
+##        * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
+accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
+accesspoint_wireless_ifaces_yaml: |
+  {% for zone in accesspoint_zones.keys() %}
+  {%   for freq in accesspoint_wireless_frequencies %}
+  - name: wifi-iface '{{ zone }}{{ freq }}'
+    options:
+      device: 'radio{{ freq }}'
+      network: '{{ zone }}'
+      mode: 'ap'
+      disassoc_low_ack: '1'
+      rsn_preauth: '1'
+      ssid: '{{ accesspoint_zones[zone].ssid }}'
+      encryption: '{{ accesspoint_zones[zone].encryption }}'
+      key: '{{ accesspoint_zones[zone].key }}'
+  {%   endfor %}
+  {% endfor %}
+
+
+
+prometheus_scrape_endpoint: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}:9100"
+prometheus_exporters_default:
+  - openwrt
 
-accesspoint_wireless_ifaces: {}
 
 
 install_playbook: openwrt
 
 openwrt_variant: openwrt
-openwrt_release: 19.07.8
+openwrt_release: 21.02.0
 openwrt_arch: ath79
 openwrt_target: generic
 openwrt_profile: ubnt_unifiac-lite
@@ -71,9 +133,7 @@ openwrt_packages_remove:
   - firewall
   - odhcpd
   - odhcpd-ipv6only
-  - wpad-basic
 openwrt_packages_add:
-  - hostapd-openssl
   - haveged
   - htop
   - ip
@@ -121,7 +181,7 @@ openwrt_mixin:
       START=22
       STOP=91
 
-      MGMT_IF=$(uci get network.mgmt.ifname)
+      MGMT_IF=$(uci get network.mgmt.device)
       MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
       MGMT_NETMASK=$(uci get network.mgmt.netmask)
 
@@ -169,7 +229,7 @@ openwrt_uci:
 
     - name: timeserver 'ntp'
       options:
-        enabled: '1'
+        enabled: '0'
         enable_server: '0'
         server:
           - '0.lede.pool.ntp.org'
@@ -179,16 +239,13 @@ openwrt_uci:
 
     - name: led
       options:
-        name: blue
-        sysfs: ubnt:blue:dome
+        sysfs: blue:dome
         trigger: none
-        default: 0
 
     - name: led
       options:
-        name: white
-        sysfs: ubnt:white:dome
-        trigger: none
+        sysfs: white:dome
+        trigger: default-on
         default: 0
 
   dropbear:
diff --git a/inventory/group_vars/chaos-at-home-ap/vars.yml b/inventory/group_vars/chaos-at-home-ap/vars.yml
index 97a03367..05f564c6 100644
--- a/inventory/group_vars/chaos-at-home-ap/vars.yml
+++ b/inventory/group_vars/chaos-at-home-ap/vars.yml
@@ -12,41 +12,3 @@ accesspoint_wifi_channels:
 accesspoint_zones:
   lan: "{{ network_zones.lan.wifi }}"
   iot: "{{ network_zones.iot.wifi }}"
-
-
-accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
-accesspoint_network_zones_yaml: |
-  {% for zone_name in accesspoint_zones.keys() %}
-  - name: "interface '{{ zone_name }}'"
-    options:
-      type: bridge
-      ifname: "{{ accesspoint_wired_interface }}.{{ network_zones[zone_name].vlan }}"
-      accept_ra: 0
-      proto: none
-  {% endfor %}
-
-
-## TODO: set up 802.11r see:
-##        * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
-##        * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
-accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
-accesspoint_wireless_ifaces_yaml: |
-  {% for zone in accesspoint_zones.keys() %}
-  {%   for freq in accesspoint_wireless_frequencies %}
-  - name: wifi-iface '{{ zone }}{{ freq }}'
-    options:
-      device: 'radio{{ freq }}'
-      network: '{{ zone }}'
-      mode: 'ap'
-      disassoc_low_ack: '1'
-      rsn_preauth: '1'
-      ssid: '{{ accesspoint_zones[zone].ssid }}'
-      encryption: '{{ accesspoint_zones[zone].encryption }}'
-      key: '{{ accesspoint_zones[zone].key }}'
-  {%   endfor %}
-  {% endfor %}
-
-
-prometheus_scrape_endpoint: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}:9100"
-prometheus_exporters_default:
-  - openwrt
diff --git a/inventory/group_vars/ele-ap/vars.yml b/inventory/group_vars/ele-ap/vars.yml
index f6c7ca85..bbffaa82 100644
--- a/inventory/group_vars/ele-ap/vars.yml
+++ b/inventory/group_vars/ele-ap/vars.yml
@@ -41,41 +41,3 @@ accesspoint_zones:
   lan: "{{ network_zones.lan.wifi }}"
   guest: "{{ network_zones.guest.wifi }}"
   infoscreens: "{{ network_zones.infoscreens.wifi }}"
-
-
-accesspoint_network_zones: "{{ accesspoint_network_zones_yaml | from_yaml }}"
-accesspoint_network_zones_yaml: |
-  {% for zone_name in accesspoint_zones.keys() %}
-  - name: "interface '{{ zone_name }}'"
-    options:
-      type: bridge
-      ifname: "{{ accesspoint_wired_interface }}.{{ network_zones[zone_name].vlan }}"
-      accept_ra: 0
-      proto: none
-  {% endfor %}
-
-
-## TODO: set up 802.11r see:
-##        * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
-##        * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
-accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
-accesspoint_wireless_ifaces_yaml: |
-  {% for zone in accesspoint_zones.keys() %}
-  {%   for freq in accesspoint_wireless_frequencies %}
-  - name: wifi-iface '{{ zone }}{{ freq }}'
-    options:
-      device: 'radio{{ freq }}'
-      network: '{{ zone }}'
-      mode: 'ap'
-      disassoc_low_ack: '1'
-      rsn_preauth: '1'
-      ssid: '{{ accesspoint_zones[zone].ssid }}'
-      encryption: '{{ accesspoint_zones[zone].encryption }}'
-      key: '{{ accesspoint_zones[zone].key }}'
-  {%   endfor %}
-  {% endfor %}
-
-
-prometheus_scrape_endpoint: "{{ network_mgmt_zone.prefix | ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ipaddr('address') }}:9100"
-prometheus_exporters_default:
-  - openwrt
-- 
cgit v1.2.3