From a9513fe0df182429380d61b54bf83654256ee73c Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 30 Dec 2018 20:55:47 +0100
Subject: dolmetsch-ctl basic install works now

---
 inventory/group_vars/dolmetsch-ctl/main.yml | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

(limited to 'inventory/group_vars/dolmetsch-ctl/main.yml')

diff --git a/inventory/group_vars/dolmetsch-ctl/main.yml b/inventory/group_vars/dolmetsch-ctl/main.yml
index d81a141f..8c1ace83 100644
--- a/inventory/group_vars/dolmetsch-ctl/main.yml
+++ b/inventory/group_vars/dolmetsch-ctl/main.yml
@@ -26,6 +26,8 @@ openwrt_packages_add:
   - tcpdump-mini
   - kmod-usb-audio
   - alsa-lib
+  - alsa-utils
+  - alsa-utils-seq
 
 
 openwrt_mixin:
@@ -63,10 +65,20 @@ openwrt_mixin:
       MGMT_IF=$(uci get network.mgmt.ifname)
       MGMT_IPADDR=$(uci get network.mgmt.ipaddr)
       MGMT_NETMASK=$(uci get network.mgmt.netmask)
+      MIXER_IF=br-mixer
+      MIXER_IPADDR=$(uci get network.mixer.ipaddr)
+      MIXER_NETMASK=$(uci get network.mixer.netmask)
 
       start() {
-        iptables -A INPUT -i lo -j ACCEPT
-        iptables -A INPUT -i "$MGMT_IF" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
+        iptables -A INPUT -i lo -d 127.0.0.0/8 -s 127.0.0.0/8 -j ACCEPT
+        iptables -A INPUT -i "$MGMT_IF" -d "$MGMT_IPADDR" -s "$MGMT_IPADDR/$MGMT_NETMASK" -j ACCEPT
+
+        iptables -A INPUT -i "$MIXER_IF" -p tcp --dport 22000 -d "$MIXER_IPADDR" -j REJECT --reject-with tcp-reset
+        iptables -A INPUT -i "$MIXER_IF" -p icmp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
+        iptables -A INPUT -i "$MIXER_IF" -p udp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
+        iptables -A INPUT -i "$MIXER_IF" -p tcp -d "$MIXER_IPADDR" -s "$MIXER_IPADDR/$MIXER_NETMASK" -j ACCEPT
+        iptables -A INPUT -i "$MIXER_IF" -m state --state RELATED,ESTABLISHED -j ACCEPT
+
         iptables -P INPUT DROP
         iptables -P FORWARD DROP
       }
@@ -133,3 +145,5 @@ openwrt_uci:
         proto: static
         ipaddr: "{{ network_mixer_zone.prefix | ipaddr(network_mixer_zone.offsets[inventory_hostname]) | ipaddr('address') }}"
         netmask: "{{ network_mixer_zone.prefix | ipaddr('netmask') }}"
+        gateway: "{{ network_mixer_zone.gw }}"
+        dns: "{{ network_mixer_zone.dns }}"
-- 
cgit v1.2.3