-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathinventory-sample.yaml
271 lines (270 loc) · 10.1 KB
/
inventory-sample.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
# Must be named openwrt
openwrt:
children:
# There must be a section 'routers' that contains the main router in the network
# There should be only 1 device in this section
routers:
hosts:
# The name or IP address can is used to reach this device
router:
# ID of this device, will get the IP address ending in .1
id: 1
# Unique name for this device
name: router
# Set the model, used to select the correct firmware
# can also be used to differentiate configuration based on the model
# if the complete network contains different models
model: archer-c7-v5
# MAC address of the port that connect upstream. For the router this
# is the port that is connected to the modem.
mac: DD:73:8A:96:87:61
# HTMode for the wireless radio on the 2.4GHz band
radio2_htmode: HT20
# HTMode for the wireless radio on the 5Hz band
radio5_htmode: VHT80
vars:
packages:
# Packages that will be installed on all devices in the group routers,
# but not on devices on other groups
install:
- luci-app-upnp
- luci-app-sqm
- luci-app-dawn
- luci-proto-ipv6
- 6in4
- 6to4
# Additional packages stored in the `packages` folder that will be installed on
# all devices in the routers group
local:
- miniupnpd_2.1.20200510-3_mips_24kc.ipk
# Packaged are pinned (can will not be automatically upgraded by opkg).
# Useful if a specific local version is installed
pin:
- miniupnpd
# Network settiongs that are specific to this device. This dict will be merged
# with openwrt.vars.networks into one dict.
host_networks:
lan:
# Specific ports used for vlan tagging on this device
ports: 0t 2 3 5t
iot:
ports: 0t 4 5t
# additional has a special meaning and can be used to define any additional
# VLANs that aren't turned into full networks
additional:
- name: Management
vlan_id: 100
ports: 0t 1t
- name: Television
vlan_id: 640
ports: 0t 1t
# All the access points. There can be 0 or more access points
aps:
hosts:
# The name or IP address can is used to reach this device
ap1:
# ID of this device, will get the IP address ending in .2
id: 2
# Unique name for this device
name: ap1
# MAC address of the port that connect upstream. For the a[] this
# is the internet (WAN) port that is connected to the router
mac: E0:5A:EB:0A:73:1C
# DUID of the device, used for static leases in DHCP
duid: 00030001e05aeb0a731c
# Configuration of additional devices
ap2:
id: 3
name: ap2
model: wdr4300
mac: 3E:DE:7C:A8:98:EF
duid: 000300013ede7ca898ef
vars:
# Settings that apply to all devices in the group aps. If a device
# has different settings, these can be moved to the individual device
# level. Or even subgroups can be created under the group aps.
model: wdr4300
radio2_htmode: HT20
radio5_htmode: HT20
# Services that need to be disabled on access points.
disabled_services:
- dnsmasq
- firewall
- odhcpd
packages:
# Packages that will be removed for all devices the group aps
# remove:
# - sample
vars:
# SSH connection settings. Use the private key in ~/.ssh/id_rsa to connect
ansible_ssh_common_args: '-o StrictHostKeyChecking=no -i ~/.ssh/id_rsa'
# SCP extra arguments. -O is needed for OpenSSH 9 and higher
ansible_scp_extra_args: '-O'
# Reboot after reconfiguration
reboot_after: yes
# Upgrade all other packages (not recommended, from OpenWrt documentation:
# Mass upgrade of all “upgradable” packages is not a good idea, as opkg only
# indicates that there is a newer version of the package, but does not do any
# further evaluation. Exceeding the flash space or failing to download all needed
# upgrades might brick the router.
upgrade_packages: no
# Packages that will be installed on all devices
# Don't move this to a lower level; instead use `packages_installed`
# for packages that must be installed on devices in a group. The packages
# installed is always common_packages_installed + packages_installed
common_packages:
install:
- wpad-mbedtls
- nano
- fping
# Packages that will be removed on all devices. Use `packages_removed`
# to set packages on a group level that should be removed.
remove:
- wpad-basic-mbedtls
# Local domain name
local_domain: home.arpa
# Local IPv6 addresses
ula_prefix: fd54:28cd:b1c3::/48
# Define the networks and wireless networks. This creates networks,
# firewall zones, and wireless networks. Two networks have a special
# meaning:
# 'wan': this is the network that connects upstream, either to the
# modem, or directly to a fibre connection.
# 'lan': the main internal network. Access points are connected to the
# lan network. Any other network are accessible from the lan, but
# other networks cannot connect to clients in the lan.
# Any other networks defined, such as an iot or guest network will
# be turned in separate networks and firewall zones that are isolated
# from other networks.
# Only lan.cidr is required
common_networks:
wan:
# A name for the network, just as VLAN name
name: Internet
# The VLAN id, will result in an eth0.5 network
vlan_id: 5
# VLAN port tagging
ports: 0t 1t
lan:
name: lan
vlan_id: 10
# The IPv4 CIDR range for this network
cidr: 10.0.0.0/24
# Each network becomes a /64 network, and all clients in the network
# will get IPv6 addresses in the range of {{ula_prefix}}:{{ipv6hint}}::/64
ip6hint: 0
# The wireless network for this networks/firewall zone
wireless:
- SSID: TMNL-1B5481
# wifi password
passphrase: M7SSWP7BM4C7KVMR
# wifi encryption method
encryption: psk2
iot:
name: iot
vlan_id: 20
cidr: 10.0.1.0/24
ip6hint: 10
wireless:
- SSID: TMNL-1B5481_iot
passphrase: A6WK4XQZ632NG5HP
encryption: psk2
# Enable client isolation, defaults to false
client_isolation: true
# Disable 802.11r/v/k roaming, default to true
roaming: false
# SSH password of the root user
ssh_password: rootpassword
# Physical address of the wireless radios. Move lower if using different model, with different settings
# per model
radio2_path: platform/ahb/18100000.wmac
radio5_path: pci0000:00/0000:00:00.0
# List if SSH keys that can access SSH passwordless
authorized_keys:
- ssh-rsa AAAAB3N....== user@machine
# All configuration below is optional and can safely be removed
# Optionally, use Hurricane Electric/Tunnelbroker to get IPv6 if you don't have native IPv6
# See https://tunnelbroker.net/
henet:
enabled: yes
username: username
password: passsword
tunnelid: 123456
peeraddr: 216.66.84.46
ip6addr: 2001:470:1abcd:4df::2/64
ip6prefix: 2001:470:1abc:4de::/64
sqm:
download: 16000
upload: 2300
# Enable 6to4 config for IPv6 transition (if no native IPv6 is available)
ipv6_6to4:
enabled: yes
# MAC addresses that should be blocked from WiFi access
blocked_mac_addresses_on_wifi:
- A6:00:55:27:4B:75
- F4:8C:80:05:16:A1
# Port forwards to set for the firewall
port_forwards:
- name: myNas-SSH
port: 22
# ID/IP to forward to, this select the IP ending in .254
to: 254
# Optional source IP address
source_ip: 123.5.123.7
- name: myNas-HTTP
port: 80
to: 254
- name: myNas-HTTPS
port: 443
to: 254
# List of additional devices that must receive a status IP address
# Don't include the access points, they are automatically added
static_hosts:
- name: nas
# ID/IP to forward to, this select the IP ending in .254
id: 254
mac: 20:09:AF:FA:7B:31
duid: 0001000123f7fb792009affa7b31
- name: streamingbox
id: 100
mac: DD:45:4F:4A:2E:99
duid: 0001000123f7fb79dd454f4a2e99
# define the network this static client is in. Defaults to lan if not defined
network: iot
# Hostname that are created. Devices that have a DHCP name will automatically
# be accessible via name.network
host_names:
- name: cloudserver
ip: 51.91.100.31
- name: cloudserver
ip: 2001:4101:505:100::4b00
- name: modem
ip: 10.0.1.1
# If a device doesn't set a DHCP hostname (shown as - or ? in the overview of luci),
# you can still set/overwrite the name without setting a static address or host_name
# for the device
ethers:
- name: smartHomeDevice
mac: 59:A7:68:D6:09:8B
# Smart Queue Management settings (only used if SQM is installed)
sqm:
download: 23000
upload: 2300
linklayer: ethernet
overhead: 22
# Configure miniupnpd with external IP if router's IP address is different from
# the external IP address (i.e. additional modem between router and Internet, and not
# in bridge mode). When set to true, the external IP address will be automatically
# retrieved.
upnp:
configure_with_external_ip: false
dhcp:
domain_whitelist:
- plex.direct
tags:
- tag: CloudFlareFamily
server:
- 1.1.1.3
- 1.0.0.3
hosts:
- DD:45:4F:4A:2E:99