From 243117389cca916b2b9bd57a550f2a27a628ce15 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Thu, 15 Sep 2022 00:18:28 +0200
Subject: accesspoints: initial tests with 802.11r

---
 inventory/group_vars/accesspoints/vars.yml     | 21 +++++++++++++++++++--
 inventory/group_vars/chaos-at-home-ap/vars.yml | 16 ++++++++++++++++
 2 files changed, 35 insertions(+), 2 deletions(-)

(limited to 'inventory')

diff --git a/inventory/group_vars/accesspoints/vars.yml b/inventory/group_vars/accesspoints/vars.yml
index 7abe0582..3a11205c 100644
--- a/inventory/group_vars/accesspoints/vars.yml
+++ b/inventory/group_vars/accesspoints/vars.yml
@@ -91,22 +91,39 @@ accesspoint_wireless_devices_yaml: |
 accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
 accesspoint_wireless_ifaces_yaml: |
   {% for zone in accesspoint_zones.keys() %}
+  {%   set outer_loop = loop %}
   {%   for band in accesspoint_wireless_frequency_bands %}
   - name: wifi-iface '{{ zone }}{{ band }}'
     options:
       device: 'radio{{ band }}'
       network: '{{ zone }}'
       mode: 'ap'
-      disassoc_low_ack: '1'
-      rsn_preauth: '1'
       ssid: '{{ accesspoint_zones[zone].ssid }}'
       encryption: '{{ accesspoint_zones[zone].encryption }}'
       key: '{{ accesspoint_zones[zone].key }}'
+      disassoc_low_ack: '1'
+      rsn_preauth: '1'
+  {%     if accesspoint_80211r is defined %}
+      ieee80211r: '1'
+      mobility_domain: '{{ '%04x' % (accesspoint_80211r.mobility_domain_base[band] + outer_loop.index0) }}'
+      nasid: '{{ accesspoint_wifi_mac_addr[band][inventory_hostname] | replace(':', '') }}'
+      ft_psk_generate_local: '0'
+      r1_key_holder: '{{ accesspoint_wifi_mac_addr[band][inventory_hostname] }}'
+      r0kh:
+  {%       for ap in accesspoint_wifi_mac_addr[band] %}
+      - '{{ accesspoint_wifi_mac_addr[band][ap] }},{{ accesspoint_wifi_mac_addr[band][ap] | replace(':', '') }},{{ [accesspoint_80211r.key_seed,band,zone] | join(':') | wifi_80211r_key }}'
+  {%       endfor %}
+      r1kh:
+  {%       for ap in accesspoint_wifi_mac_addr[band] %}
+      - '{{ accesspoint_wifi_mac_addr[band][ap] }},{{ accesspoint_wifi_mac_addr[band][ap] }},{{ [accesspoint_80211r.key_seed,band,zone] | join(':') | wifi_80211r_key }}'
+  {%       endfor %}
+  {%     endif %}
   {%   endfor %}
   {% endfor %}
 
 
 
+
 openwrt_arch: ath79
 openwrt_target: generic
 openwrt_profile: ubnt_unifiac-lite
diff --git a/inventory/group_vars/chaos-at-home-ap/vars.yml b/inventory/group_vars/chaos-at-home-ap/vars.yml
index 83925639..c36ab953 100644
--- a/inventory/group_vars/chaos-at-home-ap/vars.yml
+++ b/inventory/group_vars/chaos-at-home-ap/vars.yml
@@ -10,6 +10,22 @@ accesspoint_wifi_channels:
     ch-ap1: 48
     ch-ap2: 40
 
+accesspoint_wifi_mac_addr:
+  2g:
+    ch-ap0: 18:e8:29:aa:43:c2
+    ch-ap1: 18:e8:29:aa:44:07
+  5g:
+    ch-ap0: 18:e8:29:ab:43:c2
+    ch-ap1: 18:e8:29:ab:44:07
+    ch-ap2: 80:2a:a8:ee:f6:d5
+
+accesspoint_80211r:
+  mobility_domain_base:
+    2g: 0x2400
+    5g: 0x5000
+  key_seed: "{{ vault_accesspoint_80211r.key_seed }}"
+
+
 accesspoint_zones:
   lan: "{{ network_zones.lan.wifi }}"
   iot: "{{ network_zones.iot.wifi }}"
-- 
cgit v1.2.3