From 2940fb38e0f3ee26e6ce103a72e290f8e46daeca Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 16 Mar 2024 23:00:00 +0100
Subject: ele-router-hmtsaal: add NAT for mixer vlan ele-companion-raspi: base
 deployment

---
 inventory/host_vars/ele-companion-raspi.yml | 43 +++++++++++++++++++++++++++++
 inventory/host_vars/ele-router-hmtsaal.yml  |  4 +--
 2 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 inventory/host_vars/ele-companion-raspi.yml

(limited to 'inventory/host_vars')

diff --git a/inventory/host_vars/ele-companion-raspi.yml b/inventory/host_vars/ele-companion-raspi.yml
new file mode 100644
index 00000000..cbfd8e2f
--- /dev/null
+++ b/inventory/host_vars/ele-companion-raspi.yml
@@ -0,0 +1,43 @@
+---
+raspios_variant: lite
+raspios_arch: arm64
+
+network:
+  nameservers: "{{ network_zones.mixer.dns }}"
+  domain: "{{ host_domain }}"
+  primary: &_network_primary_
+    name: eth0
+    address: "{{ network_zones.mixer.prefix | ansible.utils.ipaddr(network_zones.mixer.offsets[inventory_hostname]) }}"
+    gateway: "{{ network_zones.mixer.gateway }}"
+  interfaces:
+  - *_network_primary_
+
+raspios_boot_config:
+  - regexp: '^#?dtoverlay=disable-bt'
+    line: 'dtoverlay=disable-bt'
+  - regexp: '^#?dtoverlay=disable-wifi'
+    line: 'dtoverlay=disable-wifi'
+
+base_entropy_generator: rngd
+
+
+spreadspace_apt_repo_components:
+  - container
+
+
+docker_pkg_provider: docker-com
+docker_plugins:
+  - buildx
+
+kubernetes_version: 1.29.2
+kubernetes_container_runtime: docker
+kubernetes_standalone_max_pods: 42
+kubernetes_standalone_cni_variant: with-portmap
+kubernetes_standalone_install_kubeletctl: no
+
+
+companion_storage:
+  type: directory
+  dest: /srv/companion
+
+companion_version: 3.2.2
diff --git a/inventory/host_vars/ele-router-hmtsaal.yml b/inventory/host_vars/ele-router-hmtsaal.yml
index 426e4c02..e5ab11a6 100644
--- a/inventory/host_vars/ele-router-hmtsaal.yml
+++ b/inventory/host_vars/ele-router-hmtsaal.yml
@@ -293,12 +293,12 @@ openwrt_mixin:
         chain forward {
           type filter hook forward priority filter; policy drop;
           ct state vmap { established: accept, related: accept, invalid: drop }
-          iifname { {{ ['$nic_'] | product(network_internal_zone_names) | map('join') | join(', ') }} } oifname $nic_citycom accept
+          iifname { {{ ['$nic_'] | product(network_internal_zone_names | union(['mixer'])) | map('join') | join(', ') }} } oifname $nic_citycom accept
         }
 
         chain postrouting {
           type nat hook postrouting priority srcnat; policy accept;
-          ip saddr { {{ ['$prefix_'] | product(network_internal_zone_names) | map('join') | join(', ') }} } oifname $nic_citycom snat to $ip_citycom
+          ip saddr { {{ ['$prefix_'] | product(network_internal_zone_names | union(['mixer'])) | map('join') | join(', ') }} } oifname $nic_citycom snat to $ip_citycom
         }
       }
 
-- 
cgit v1.2.3