From 22e275c7b60614196c2d7563a5199144036a4347 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 22 Dec 2018 03:25:25 +0100
Subject: added openwrt role and config for elevate router

---
 inventory/host_vars/ele-router.yml | 210 +++++++++++++++++++++++++++++++++++++
 1 file changed, 210 insertions(+)
 create mode 100644 inventory/host_vars/ele-router.yml

(limited to 'inventory/host_vars')

diff --git a/inventory/host_vars/ele-router.yml b/inventory/host_vars/ele-router.yml
new file mode 100644
index 00000000..8b92a94f
--- /dev/null
+++ b/inventory/host_vars/ele-router.yml
@@ -0,0 +1,210 @@
+---
+openwrt_variant: lede
+openwrt_release: 17.01.6
+openwrt_arch: ar71xx
+openwrt_target: generic
+openwrt_profile: tl-wr710n-v2
+openwrt_output_image_suffixes:
+  - "generic-{{ openwrt_profile }}-squashfs-sysupgrade.bin"
+
+openwrt_packages_remove:
+  - kmod-gpio-button-hotplug
+  - kmod-ath9k
+  - wpad-mini
+  - ppp
+  - ppp-mod-pppoe
+  - firewall
+  - odhcpd-ipv6only
+openwrt_packages_add:
+  - kmod-ipt-nat
+  - haveged
+  - htop
+  - ip
+  - less
+  - nano
+  - tcpdump-mini
+  - iperf
+  - mtr
+  - qos-scripts
+
+
+openwrt_mixin:
+  /etc/dropbear/authorized_keys:
+    content: "{{ ssh_keys_root | join('\n') }}\n"
+
+  /etc/htoprc:
+    file: "{{ global_files_dir }}/common/htoprc"
+
+    ## TODO: this needs to be activated...
+  /etc/init.d/network-nat:
+    mode: "0755"
+    content: |
+      #!/bin/sh /etc/rc.common
+
+      START=22
+      STOP=90
+
+      source /lib/functions/network.sh
+
+      network_get_device WAN_IF "wan"
+
+      network_get_subnets LAN_NETS "lan"
+      network_get_subnets GUEST_NETS "guest"
+      network_get_subnets INFO_NETS "infobeamer"
+
+      start() {
+        for net in $LAN_NETS $GUEST_NETS $INFO_NETS; do
+          iptables -t nat -A POSTROUTING -o $WAN_IF -s $net -j MASQUERADE
+        done;
+      }
+
+      stop() {
+        iptables -t nat POSTROUTING -F
+      }
+
+
+openwrt_uci:
+  system:
+    - name: system
+      options:
+        hostname: '{{ inventory_hostname }}'
+        timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
+        ttylogin: '0'
+        log_size: '64'
+        urandom_seed: '0'
+
+    - name: timeserver 'ntp'
+      options:
+        enabled: '1'
+        enable_server: '0'
+        server:
+          - '0.lede.pool.ntp.org'
+          - '1.lede.pool.ntp.org'
+          - '2.lede.pool.ntp.org'
+          - '3.lede.pool.ntp.org'
+
+  dropbear:
+    - name: dropbear
+      options:
+        PasswordAuth: 'off'
+        RootPasswordAuth: 'off'
+        Port: '22000'
+
+  dhcp:
+    - name: dnsmasq
+      options:
+        domainneeded: '1'
+        boguspriv: '1'
+        filterwin2k: '0'
+        localise_queries: '1'
+        rebind_protection: '1'
+        rebind_localhost: '1'
+        local: '/lan/'
+        domain: 'lan'
+        expandhosts: '1'
+        nonegcache: '0'
+        authoritative: '1'
+        readethers: '1'
+        leasefile: '/tmp/dhcp.leases'
+        resolvfile: '/tmp/resolv.conf.auto'
+        localservice: '1'
+
+    - name: odhcpd 'odhcpd'
+      options:
+        maindhcp: '0'
+        leasefile: '/tmp/hosts/odhcpd'
+        leasetrigger: '/usr/sbin/odhcpd-update'
+
+    - name: dhcp 'mgmt'
+      options:
+        interface: 'mgmt'
+        ignore: '1'
+
+    - name: dhcp 'lan'
+      options:
+        interface: 'lan'
+        start: '1'
+        limit: '199'
+        leasetime: '12h'
+        dhcpv6: 'disabled'
+        ra: 'disabled'
+
+    - name: dhcp 'guest'
+      options:
+        interface: 'guest'
+        start: '1'
+        limit: '199'
+        leasetime: '12h'
+        dhcpv6: 'disabled'
+        ra: 'disabled'
+
+    - name: dhcp 'infobeamer'
+      options:
+        interface: 'infobeamer'
+        start: '100'
+        limit: '199'
+        leasetime: '12h'
+        dhcpv6: 'disabled'
+        ra: 'disabled'
+
+
+  network:
+    - name: globals 'globals'
+      options:
+        ula_prefix: fdc9:e01f:83db::/48
+
+    - name: interface 'loopback'
+      options:
+        ifname: lo
+        proto: static
+        ipaddr: 127.0.0.1
+        netmask: 255.0.0.0
+
+    - name: interface 'wan'
+      options:
+        ifname: eth0
+        proto: dhcp
+
+    # - name: interface 'wan'
+    #   options:
+    #     ifname: eth0.91
+    #     accept_ra: 0
+    #     proto: static
+    #     ipaddr: 85.237.28.228
+    #     netmask: 255.255.255.240
+    #     gateway: 85.237.28.225
+    #     dns:
+    #       - 217.19.144.65
+    #       - 217.19.144.66
+
+    - name: interface 'mgmt'
+      options:
+        ifname: eth1.42
+        accept_ra: 0
+        proto: static
+        ipaddr: 192.168.42.254
+        netmask: 255.255.255.0
+
+    - name: interface 'lan'
+      options:
+        ifname: eth1.18
+        accept_ra: 0
+        proto: static
+        ipaddr: 192.168.18.254
+        netmask: 255.255.255.0
+
+    - name: interface 'guest'
+      options:
+        ifname: eth1.23
+        accept_ra: 0
+        proto: static
+        ipaddr: 192.168.23.254
+        netmask: 255.255.255.0
+
+    - name: interface 'infobeamer'
+      options:
+        ifname: eth1.73
+        accept_ra: 0
+        proto: static
+        ipaddr: 192.168.73.254
+        netmask: 255.255.255.0
-- 
cgit v1.2.3