fix: add handlers for odhcpd / dnsmasq reload

for: issue #6 Based on 01fda612ae/handlers/main.yml (L8)
feat: Separate network/wifi/dhcp into separate yaml; disable dhcp
2026-04-26 18:09:27 -04:00 · 2026-04-26 18:02:47 -04:00 · 2026-04-26 17:43:05 -04:00 · 2026-03-29 15:15:29 -04:00 · 2026-03-29 15:15:13 -04:00 · 2024-07-25 14:27:24 -04:00
16 changed files with 780 additions and 150 deletions
--- a/inventory.yml
+++ b/inventory.yml
@@ -1,6 +1,56 @@
+templates:
+  package_ath10k_mesh: &package_ath10k_mesh
+    - name: kmod-ath10k-ct
+      state: absent
+    - name: ath10k-firmware-qca988x-ct
+      state: absent
+    - name: kmod-ath10k
+      state: present
+    - name: ath10k-firmware-qca988x
+      state: present
+
+  package_ath10k_99x0_full: &package_ath10k_99x0_full
+    - name: kmod-ath10k-ct
+      state: present
+    - name: ath10k-firmware-qca99x0-ct
+      state: absent
+    - name: ath10k-firmware-qca99x0-ct-full-htt
+      state: present
+
+  package_wpad_mesh: &package_wpad_mesh
+    - name: wpad-basic-wolfssl
+      state: absent
+    - name: wpad-mesh-wolfssl
+      state: absent
+    - name: wpad-basic-mbedtls
+      state: absent
+    - name: wpad-mesh-mbedtls
+      state: absent
+    - name: wpad-wolfssl
+      state: present
+
+  # Note: This is intentionally a duplicate of package_wpad_mesh --
+  # need to manually test migration of other devices to an actual
+  # wpad-mesh-wolfssl (or similar) variant.
+  package_wpad_full: &package_wpad_full
+    - name: wpad-basic-wolfssl
+      state: absent
+    - name: wpad-mesh-wolfssl
+      state: absent
+    - name: wpad-wolfssl
+      state: present
+    - name: wpad-basic-mbedtls
+      state: absent
+    - name: wpad-mesh-mbedtls
+      state: absent
+
 openwrt:
  hosts:
-    ap3825i2.lan:
+
+    ap3825i7:
+      packages:
+        wpad: *package_wpad_mesh
+
      network:
        device:
        - name: br-lan
@@ -13,6 +63,7 @@ openwrt:
          type: bridge
          ports:
          - eth0.2
+          - eth1.2

        interface:
        - key: lan
@@ -25,25 +76,18 @@ openwrt:

      wireless:
        wifi_device:
+
        - name: radio0
          path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0
-          template: qca9880_5
+          template: ath9k_5
+          channel: 149

        - name: radio1
          path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0
          template: ath9k_2
+          channel: 11

        wifi_iface:
-        - ifname: vgo2
-          device: radio1
-          template: vgo2
-          disabled: 1
-
-        - ifname: vgo5
-          device: radio0
-          template: vgo5
-          disabled: 1
-
        - ifname: labb2
          device: radio1
          template: labb
@@ -52,20 +96,301 @@ openwrt:
          device: radio0
          template: labb

-    ap3825i3.lan:
+        - ifname: vgo2
+          device: radio1
+          template: vgo2
+
+        - ifname: vgo5
+          device: radio0
+          template: vgo5
+
+        - ifname: vgo2n
+          device: radio1
+          template: vgo2n
+
+        - ifname: vgo5n
+          device: radio0
+          template: vgo5n
+
+    ap3825i8:
+      packages:
+        wpad: *package_wpad_mesh
+
      network:
        device:
        - name: br-lan
          type: bridge
          ports:
          - eth0
+          - eth1

        - name: br-vgolan
          type: bridge
          ports:
          - eth0.2
+          - eth1.2
+
+        interface:
+        - key: lan
+          device: br-lan
+          proto: dhcp
+
+        - key: vgolan
+          device: br-vgolan
+          proto: dhcp
+
+      wireless:
+        wifi_device:
+
+        - name: radio0
+          path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0
+          template: ath9k_5
+          channel: 157
+
+        - name: radio1
+          path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0
+          template: ath9k_2
+          channel: 6
+
+        wifi_iface:
+        - ifname: labb2
+          device: radio1
+          template: labb
+
+        - ifname: labb5
+          device: radio0
+          template: labb
+
+        - ifname: vgo2
+          device: radio1
+          template: vgo2
+
+        - ifname: vgo5
+          device: radio0
+          template: vgo5
+
+        - ifname: vgo2n
+          device: radio1
+          template: vgo2n
+
+        - ifname: vgo5n
+          device: radio0
+          template: vgo5n
+
+    ap3825i9:
+      packages:
+        wpad: *package_wpad_mesh
+
+      network:
+        device:
+        - name: br-lan
+          type: bridge
+          ports:
+          - eth0
          - eth1

+        - name: br-vgolan
+          type: bridge
+          ports:
+          - eth0.2
+          - eth1.2
+
+        interface:
+        - key: lan
+          device: br-lan
+          proto: dhcp
+
+        - key: vgolan
+          device: br-vgolan
+          proto: dhcp
+
+      wireless:
+        wifi_device:
+
+        - name: radio0
+          path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0
+          template: ath9k_5
+          channel: 161
+
+        - name: radio1
+          path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0
+          template: ath9k_2
+          channel: 1
+
+        wifi_iface:
+        - ifname: labb2
+          device: radio1
+          template: labb
+
+        - ifname: labb5
+          device: radio0
+          template: labb
+
+        - ifname: vgo2
+          device: radio1
+          template: vgo2
+
+        - ifname: vgo5
+          device: radio0
+          template: vgo5
+
+        - ifname: vgo2n
+          device: radio1
+          template: vgo2n
+
+        - ifname: vgo5n
+          device: radio0
+          template: vgo5n
+
+    ap3825i4:
+      packages:
+        wpad: *package_wpad_mesh
+
+      network:
+        device:
+        - name: br-lan
+          type: bridge
+          ports:
+          - eth0
+          - eth1
+
+        - name: br-vgolan
+          type: bridge
+          ports:
+          - eth0.2
+          - eth1.2
+
+        interface:
+        - key: lan
+          device: br-lan
+          proto: dhcp
+
+        - key: vgolan
+          device: br-vgolan
+          proto: dhcp
+
+      wireless:
+        wifi_device:
+
+        - name: radio0
+          path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0
+          template: ath9k_5
+          channel: 36
+
+        - name: radio1
+          path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0
+          template: ath9k_2
+          channel: 1
+
+        wifi_iface:
+        - ifname: labb2
+          device: radio1
+          template: labb
+
+        - ifname: labb5
+          device: radio0
+          template: labb
+
+        - ifname: vgo2
+          device: radio1
+          template: vgo2
+
+        - ifname: vgo5
+          device: radio0
+          template: vgo5
+
+        - ifname: vgo2n
+          device: radio1
+          template: vgo2n
+
+        - ifname: vgo5n
+          device: radio0
+          template: vgo5n
+
+    ap3825i6:
+      packages:
+        wpad: *package_wpad_mesh
+
+      network:
+        device:
+        - name: br-lan
+          type: bridge
+          ports:
+          - eth0
+          - eth1
+
+        - name: br-vgolan
+          type: bridge
+          ports:
+          - eth0.2
+          - eth1.2
+
+        interface:
+        - key: lan
+          device: br-lan
+          proto: dhcp
+
+        - key: vgolan
+          device: br-vgolan
+          proto: dhcp
+
+      wireless:
+        wifi_device:
+
+        - name: radio0
+          path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0
+          template: ath9k_5
+          channel: 48
+
+        - name: radio1
+          path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0
+          template: ath9k_2
+          channel: 11
+
+        wifi_iface:
+        - ifname: labb2
+          device: radio1
+          template: labb
+
+        - ifname: labb5
+          device: radio0
+          template: labb
+
+        - ifname: vgo2
+          device: radio1
+          template: vgo2
+
+        - ifname: vgo5
+          device: radio0
+          template: vgo5
+
+        - ifname: vgo2n
+          device: radio1
+          template: vgo2n
+
+        - ifname: vgo5n
+          device: radio0
+          template: vgo5n
+
+    ap3825i10:
+      packages:
+        wpad: *package_wpad_mesh
+        ath10k: *package_ath10k_mesh
+
+      network:
+        device:
+        - name: br-lan
+          type: bridge
+          ports:
+          - eth0
+          - eth1
+
+        - name: br-vgolan
+          type: bridge
+          ports:
+          - eth0.2
+          - eth1.2
+
        interface:
        - key: lan
          device: br-lan
@@ -88,35 +413,27 @@ openwrt:
          channel: 1

        wifi_iface:
-        - ifname: vgo2
-          device: radio1
-          template: vgo2
-
-        - ifname: vgo5
+        - ifname: vgo5c
          device: radio0
-          template: vgo5
+          template: vgo5c

-        - ifname: labb2
-          device: radio1
-          template: labb
+    ap3825i11:
+      packages:
+        wpad: *package_wpad_mesh
+        ath10k: *package_ath10k_mesh

-        - ifname: labb5
-          device: radio0
-          template: labb
-
-    mr16_3.lan:
      network:
        device:
        - name: br-lan
          type: bridge
          ports:
-          - eth0
-          stp: 1
+          - eth1

        - name: br-vgolan
          type: bridge
          ports:
-          - eth0.2
+          - eth0
+          - eth1.2

        interface:
        - key: lan
@@ -130,42 +447,106 @@ openwrt:
      wireless:
        wifi_device:
        - name: radio0
-          path: pci0000:00/0000:00:11.0
-          template: ath9k_2
-          hwmode: 11n
-          band:
-          channel: 6
+          path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0
+          template: qca9880_5
+          channel: 157

        - name: radio1
-          path: pci0000:00/0000:00:12.0
-          template: ath9k_5
-          hwmode: 11n
-          band:
-          channel: 48
+          path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0
+          template: ath9k_2
+          channel: 1

        wifi_iface:
-        - ifname: vgo5
-          device: radio1
-          template: vgo5
-          disabled: 0
-
-        - ifname: vgomesh2
+        - ifname: vgo5c
          device: radio0
-          template: vgomesh2
-          disabled: 0
+          template: vgo5c

-        - ifname: labb2
+    ap3825i12:
+      packages:
+        wpad: *package_wpad_mesh
+        ath10k: *package_ath10k_mesh
+
+      network:
+        device:
+        - name: br-lan
+          type: bridge
+          ports:
+          - eth0
+          - eth1
+
+        - name: br-vgolan
+          type: bridge
+          ports:
+          - eth0.2
+          - eth1.2
+
+        interface:
+        - key: lan
+          device: br-lan
+          proto: dhcp
+
+        - key: vgolan
+          device: br-vgolan
+          proto: dhcp
+
+      wireless:
+        wifi_device:
+        - name: radio0
+          path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0
+          template: qca9880_5
+          channel: 157
+
+        - name: radio1
+          path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0
+          template: ath9k_2
+          channel: 1
+
+        wifi_iface:
+        - ifname: vgo5c
          device: radio0
-          template: labb
+          template: vgo5c

-        - ifname: labb5
-          device: radio1
-          template: labb
+    ap3825i13:
+      packages:
+        wpad: *package_wpad_mesh
+        ath10k: *package_ath10k_mesh

-        - ifname: labbmesh2
+      network:
+        device:
+        - name: br-lan
+          type: bridge
+          ports:
+          - eth0
+          - eth1
+
+        - name: br-vgolan
+          type: bridge
+          ports:
+          - eth0.2
+          - eth1.2
+
+        interface:
+        - key: lan
+          device: br-lan
+          proto: dhcp
+
+        - key: vgolan
+          device: br-vgolan
+          proto: dhcp
+
+      wireless:
+        wifi_device:
+        - name: radio0
+          path: ffe0a000.pcie/pcia000:02/a000:02:00.0/a000:03:00.0
+          template: qca9880_5
+          channel: 157
+
+        - name: radio1
+          path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0
+          template: ath9k_2
+          channel: 1
+
+        wifi_iface:
+        - ifname: vgo5c
          device: radio0
-          template: labbmesh
-
-        - ifname: labbmesh5
-          device: radio1
-          template: labbmesh
+          template: vgo5c
--- a/roles/config/handlers/main.yml
+++ b/roles/config/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: Reload dropbear
+  service:
+    name: dropbear
+    state: reloaded
+    enabled: yes
--- a/roles/config/meta/main.yml
+++ b/roles/config/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: gekmihesg.openwrt
--- a/roles/config/tasks/main.yml
+++ b/roles/config/tasks/main.yml
@@ -0,0 +1,49 @@
+- name: Setup hostname
+  when: inventory_hostname is defined
+  uci:
+    command: set
+    key: 'system.@system[0]'
+    value:
+      hostname: "{{ inventory_hostname }}"
+
+- name: Setup timezone
+  uci:
+    command: set
+    key: 'system.@system[0]'
+    value:
+      timezone: "{{ timezone | default(system[template | default('default')].timezone) }}"
+      zonename: "{{ zonename | default(system[template | default('default')].zonename) }}"
+      log_ip: "{{ log_ip | default(system[template | default('default')].log_ip) }}"
+      log_port: "{{ log_port | default(system[template | default('default')].log_port) }}"
+      log_proto: "{{ log_proto | default(system[template | default('default')].log_proto) }}"
+
+- name: commit changes
+  uci:
+    command: commit
+    key: system
+
+- name: Update authorized keys
+  lineinfile:
+    path: /etc/dropbear/authorized_keys
+    line: "{{ item }}"
+    state: present
+    create: yes
+    mode: 644
+  loop:
+    - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBEysezzehXkUOm8u8nXP+YloSE8JpKYevCslao5tB2l root@neo"
+    - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILCYhh9Fjo8bV5rV6UfvwDgR+NlmCfKuR14iXgmILeDj hurricos@bielik"
+    - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPh3R8BXv9geqJMaxi134Y5hcOVZPQ/rfghjszYMFG5z hurricos@zephyr"
+
+- name: Disable Root password authentication
+  uci:
+    command: set
+    key: "dropbear.@dropbear[0]"
+    value:
+      RootPasswordAuth: "off"
+      PasswordAuth: "off"
+    notify: reload dropbear
+
+- name: Commit changes
+  uci:
+    command: commit
+    key: dropbear
--- a/roles/config/vars/main.yml
+++ b/roles/config/vars/main.yml
@@ -0,0 +1,8 @@
+system:
+
+  default: &default_system
+    timezone: 'EST5EDT,M3.2.0,M11.1.0'
+    zonename: 'America/New York'
+    log_ip: 10.0.7.226
+    log_proto: tcp
+    log_port: 514
--- a/roles/netconfig/handlers/main.yml
+++ b/roles/netconfig/handlers/main.yml
@@ -0,0 +1,12 @@
+---
+- name: reload odhcpd
+  nohup:
+    command: /etc/init.d/odhcpd reload
+    delay: 1
+  when: "'openwrt' in group_names"
+
+- name: reload dnsmasq
+  nohup:
+    command: /etc/init.d/dnsmasq reload
+    delay: 1
+  when: "'openwrt' in group_names"
--- a/roles/netconfig/meta/main.yml
+++ b/roles/netconfig/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: gekmihesg.openwrt
--- a/roles/netconfig/tasks/main.yml
+++ b/roles/netconfig/tasks/main.yml
@@ -0,0 +1,8 @@
+- name: Setup dhcp
+  ansible.builtin.import_tasks: setup_dhcp.yml
+
+- name: Setup network
+  ansible.builtin.import_tasks: setup_network.yml
+
+- name: Setup wireless
+  ansible.builtin.import_tasks: setup_wireless.yml
--- a/roles/netconfig/tasks/setup_dhcp.yml
+++ b/roles/netconfig/tasks/setup_dhcp.yml
@@ -0,0 +1,8 @@
+---
+- name: Totally eliminate DHCP configuration
+  copy:
+    content: ''
+    dest: "/etc/config/dhcp"
+  notify: # https://selivan.github.io/2017/01/15/ansible-multiple-handlers-subtlety.html
+    - reload odhcpd
+    - reload dnsmasq
--- a/roles/netconfig/tasks/setup_network.yml
+++ b/roles/netconfig/tasks/setup_network.yml
@@ -0,0 +1,31 @@
+---
+- name: Setup network devices
+  uci:
+    command: section
+    config: network
+    type: device
+    find_by:
+      name: "{{ item.name }}"
+    value:
+      type: "{{ item.type }}"
+      ports: "{{ item.ports }}"
+      stp: "{{ item.stp | default() }}"
+  loop: "{{ network['device'] }}"
+
+- name: Setup network interfaces
+  uci:
+    command: section
+    config: network
+    type: interface
+    name: "{{ item.key }}"
+    value:
+      device: "{{ item.device }}"
+      proto: "{{ item.proto }}"
+      ifname: "{{ item.ifname | default() }}"
+  loop: "{{ network['interface'] }}"
+
+- name: commit changes
+  uci:
+    command: commit
+    key: network
+  notify: restart network
--- a/roles/netconfig/tasks/setup_wireless.yml
+++ b/roles/netconfig/tasks/setup_wireless.yml
@@ -0,0 +1,58 @@
+---
+- name: Tear down the default wifi-iface(s)
+  uci:
+    config: wireless
+    command: absent
+    section: "{{ item }}"
+  loop:
+    - default_radio0
+    - default_radio1
+
+- name: Setup wireless devices (radios)
+  uci:
+    command: section
+    config: wireless
+    type: wifi-device
+    find_by:
+      path: "{{ item.path }}"
+    name: "{{ item.name }}"
+    value:
+      type: "mac80211" # they'd BETTER be.
+      band: "{{ item.band | default(wifi_device[item.template].band) | default() }}"
+      channel: "{{ item.channel | default(wifi_device[item.template].channel) }}"
+      country: "{{ item.country | default(wifi_device[item.template].country) }}"
+      disabled: "{{ item.disabled | default(wifi_device[item.template].disabled) }}"
+      hwmode: "{{ item.hwmode | default(wifi_device[item.template].hwmode) | default() }}"
+      htmode: "{{ item.htmode | default(wifi_device[item.template].htmode) }}"
+      log_level: "{{ item.log_level | default(wifi_device[item.template].log_level) | default() }}"
+  loop: "{{ wireless['wifi_device'] }}"
+
+- name: Setup wireless ifaces (VIFs)
+  uci:
+    command: section
+    config: wireless
+    type: wifi-iface
+    name: "{{ item.ifname | default(wifi_iface[item.template].ifname) | default('') }}"
+    value:
+      ifname: "{{ item.ifname | default(wifi_iface[item.template].ifname) | default('') if not item.force_ifnameless | default(false) }}"
+      mode: "{{ item.mode | default(wifi_iface[item.template].mode) }}"
+      device: "{{ item.device | default(wifi_iface[item.template].device) }}"
+      network: "{{ item.network | default(wifi_iface[item.template].network) }}"
+      ssid: "{{ item.ssid | default(wifi_iface[item.template].ssid) | default() }}"
+      bss_transition: "{{ item.bss_transition | default(wifi_iface[item.template].bss_transition) | default() }}"
+      ieee80211k: "{{ item.ieee80211k | default(wifi_iface[item.template].ieee80211k) | default() }}"
+      ieee80211r: "{{ item.ieee80211r | default(wifi_iface[item.template].ieee80211r) | default() }}"
+      ieee80211v: "{{ item.ieee80211v | default(wifi_iface[item.template].ieee80211v) | default() }}"
+      mesh_id: "{{ item.mesh_id | default(wifi_iface[item.template].mesh_id) | default() }}"
+      encryption: "{{ item.encryption | default(wifi_iface[item.template].encryption) }}"
+      key: "{{ item.key | default(wifi_iface[item.template].key) }}"
+      disabled: "{{ item.disabled | default(wifi_iface[item.template].disabled) | default(0) }}"
+      skip_inactivity_poll: "{{ item.skip_inactivity_poll | default(wifi_iface[item.template].skip_inactivity_poll) | default() }}"
+      disassoc_low_ack: "{{ item.disassoc_low_ack | default(wifi_iface[item.template].disassoc_low_ack) | default() }}"
+  loop: "{{ wireless['wifi_iface'] }}"
+
+- name: commit changes
+  uci:
+    command: commit
+    key: wireless
+  notify: reload wifi
--- a/roles/netconfig/vars/main.yml
+++ b/roles/netconfig/vars/main.yml
@@ -5,12 +5,16 @@ wifi_iface:
    mode: 'ap'
    encryption: 'psk2'
    key: 'password'
+    skip_inactivity_poll: '1'
+    disassoc_low_ack: '0'
+    ieee80211k: 1
+    ieee80211r: 1
+    ieee80211v: 1
+    bss_transition: 1

  vgo: &vgo_wifi_iface
    <<: *default_wifi_iface
    network: 'vgolan'
-    skip_inactivity_poll: '1'
-    disassoc_low_ack: '0'
    key: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          63626332663164663666656466373031633564663435646531663331666262626265656335646364
@@ -27,11 +31,21 @@ wifi_iface:
    <<: *vgo_wifi_iface
    ssid: 'Vermont Green Offices 5G'

-  mesh: &mesh_wifi_iface
-    ssid:
-    mode: 'mesh'
-    encryption: 'psk2+ccmp'
-    skip_inactivity_poll:
+  vgo2n:
+    <<: *vgo_wifi_iface
+    ssid: 'Vermont Green Offices'
+
+  vgo5n:
+    <<: *vgo_wifi_iface
+    ssid: 'Vermont Green Offices'
+
+  vgo5c:
+    <<: *vgo_wifi_iface
+    ssid: 'Vermont Green Offices 5AC'
+    ieee80211k: 0
+    ieee80211r: 0
+    ieee80211v: 0
+    bss_transition: 0

  labb: &labb_wifi_iface
    <<: *default_wifi_iface
@@ -45,15 +59,9 @@ wifi_iface:
          3163343464646535370a636331383863653137646636343831643961633633333536393539643861
          62326536343964333331653966663931313438333161626533393235373232626265

-  labbmesh:
+  labbwpa3: &labb_wifi_iface_wpa3
    <<: *labb_wifi_iface
-    <<: *mesh_wifi_iface
-    mesh_id: 'Laboratory B_Mesh'
-
-  vgomesh2:
-    <<: *vgo_wifi_iface
-    <<: *mesh_wifi_iface
-    mesh_id: 'Vermont Green Offices 2G_Mesh'
+    encryption: 'sae'

 wifi_device:

@@ -61,12 +69,38 @@ wifi_device:
    channel: auto
    country: US
    disabled: 0
+    log_level: 0

  qca9880_5:
    <<: *default_wifi_device
    band: 5g
    htmode: VHT80

+  mt761x_2:
+    <<: *default_wifi_device
+    band: 2g
+    htmode: VHT20
+
+  mt761x_5:
+    <<: *default_wifi_device
+    band: 5g
+    htmode: VHT80
+
+  mt791x_2:
+    <<: *default_wifi_device
+    band: 2g
+    htmode: HE20
+
+  mt791x_5:
+    <<: *default_wifi_device
+    band: 5g
+    htmode: HE80
+
+  mt7916_6:
+    <<: *default_wifi_device
+    band: 6g
+    htmode: HE160
+
  ath9k_2:
    <<: *default_wifi_device
    band: 2g
--- a/roles/netpkgconfig/handlers/main.yml
+++ b/roles/netpkgconfig/handlers/main.yml
@@ -0,0 +1,17 @@
+- name: Touch a file
+  command:
+    argv:
+      - touch
+      - /tmp/test_proof
+
+- name: Restart prometheus-ucode
+  service:
+    name: prometheus-node-exporter-ucode
+    state: restarted
+    enabled: yes
+
+- name: Restart prometheus-lua
+  service:
+    name: prometheus-node-exporter-lua
+    state: restarted
+    enabled: yes
--- a/roles/netpkgconfig/meta/main.yml
+++ b/roles/netpkgconfig/meta/main.yml
@@ -0,0 +1,2 @@
+dependencies:
+  - role: gekmihesg.openwrt
--- a/roles/netpkgconfig/tasks/main.yml
+++ b/roles/netpkgconfig/tasks/main.yml
@@ -0,0 +1,86 @@
+- name: Install the correct wpad packages
+  opkg:
+    name: "{{ item.name }}"
+    state: "{{ item.state }}"
+  loop: "{{ packages.wpad | default([]) }}"
+  notify: "{{ item.notify | default([]) }}"
+  register: wpad_config
+
+- name: Reload wpad
+  nohup:
+    command: "wifi down; /etc/init.d/wpad restart; wifi up"
+    delay: 10
+  when:
+    - wpad_config.changed
+
+- name: Wait for connection after netpkg reconfig
+  wait_for_connection:
+    timeout: 70
+    delay: 5
+  when:
+    - wpad_config.changed
+    - openwrt_wait_for_connection
+
+- name: Install the correct ath10k packages
+  opkg:
+    name: "{{ item.name }}"
+    state: "{{ item.state }}"
+  loop: "{{ packages.ath10k | default([]) }}"
+  notify: "{{ item.notify | default([]) }}"
+
+# - name: Install prometheus-ucode packages
+#   opkg:
+#     name: "{{ item }}"
+#     state: present
+#   loop:
+#     - prometheus-node-exporter-ucode
+#     - prometheus-node-exporter-ucode-wifi
+#     - prometheus-node-exporter-ucode-netstat
+#     - prometheus-node-exporter-ucode-openwrt
+#   notify: Restart prometheus-ucode
+
+# - name: Setup prometheus-ucode properly
+#   uci:
+#     command: set
+#     key: 'prometheus-node-exporter-ucode.main'
+#     value:
+#       listen_interface: 'lan'
+#   notify: Restart prometheus-ucode
+
+# - name: commit changes to prometheus-node-exporter-ucode
+#   uci:
+#     command: commit
+#     key: prometheus-node-exporter-ucode
+
+- name: Install prometheus-lua packages
+  opkg:
+    name: "{{ item }}"
+    state: present
+  loop:
+    - prometheus-node-exporter-lua
+    - prometheus-node-exporter-lua-wifi
+    - prometheus-node-exporter-lua-wifi_stations
+    - prometheus-node-exporter-lua-hostapd_stations
+    - prometheus-node-exporter-lua-hostapd_ubus_stations
+    - prometheus-node-exporter-lua-netstat
+    - prometheus-node-exporter-lua-dawn
+  notify: Restart prometheus-lua
+
+- name: Setup prometheus-lua properly
+  uci:
+    command: set
+    key: 'prometheus-node-exporter-lua.main'
+    value:
+      listen_interface: 'lan'
+  notify: Restart prometheus-lua
+
+- name: commit changes to prometheus-node-exporter-lua
+  uci:
+    command: commit
+    key: prometheus-node-exporter-lua
+
+- name: Install dawn
+  opkg:
+    name: dawn
+    state: present
+
--- a/wireless-setup.yml
+++ b/wireless-setup.yml
@@ -1,78 +1,5 @@
 - hosts: openwrt
  roles:
-    - gekmihesg.openwrt
-  tasks:
-
-    - name: Setup network devices
-      uci:
-        command: section
-        config: network
-        type: device
-        find_by:
-          name: "{{ item.name }}"
-        value:
-          type: "{{ item.type }}"
-          ports: "{{ item.ports }}"
-          stp: "{{ item.stp | default() }}"
-      loop: "{{ network['device'] }}"
-
-    - name: Setup network interfaces
-      uci:
-        command: section
-        config: network
-        type: interface
-        name: "{{ item.key }}"
-        value:
-          device: "{{ item.device }}"
-          proto: "{{ item.proto }}"
-          ifname: "{{ item.ifname | default() }}"
-      loop: "{{ network['interface'] }}"
-
-    - name: commit changes
-      uci:
-        command: commit
-        key: network
-      notify: restart network
-
-    - name: Setup wireless devices (radios)
-      uci:
-        command: section
-        config: wireless
-        type: wifi-device
-        find_by:
-          path: "{{ item.path }}"
-        value:
-          band: "{{ item.band | default(wifi_device[item.template].band) | default() }}"
-          channel: "{{ item.channel | default(wifi_device[item.template].channel) }}"
-          country: "{{ item.country | default(wifi_device[item.template].country) }}"
-          disabled: "{{ item.disabled | default(wifi_device[item.template].disabled) }}"
-          hwmode: "{{ item.hwmode | default(wifi_device[item.template].hwmode) | default() }}"
-          htmode: "{{ item.htmode | default(wifi_device[item.template].htmode) }}"
-      loop: "{{ wireless['wifi_device'] }}"
-
-    - name: Setup wireless ifaces (VIFs)
-      uci:
-        command: section
-        config: wireless
-        type: wifi-iface
-        find:
-          ifname: "{{ item.ifname | default(wifi_iface[item.template].ifname) | default('') }}"
-        value:
-          ifname: "{{ item.ifname | default(wifi_iface[item.template].ifname) | default('') }}"
-          mode: "{{ item.mode | default(wifi_iface[item.template].mode) }}"
-          device: "{{ item.device | default(wifi_iface[item.template].device) }}"
-          network: "{{ item.network | default(wifi_iface[item.template].network) }}"
-          ssid: "{{ item.ssid | default(wifi_iface[item.template].ssid) | default() }}"
-          mesh_id: "{{ item.mesh_id | default(wifi_iface[item.template].mesh_id) | default() }}"
-          encryption: "{{ item.encryption | default(wifi_iface[item.template].encryption) }}"
-          key: "{{ item.key | default(wifi_iface[item.template].key) }}"
-          disabled: "{{ item.disabled | default(wifi_iface[item.template].disabled) | default(0) }}"
-          skip_inactivity_poll: "{{ item.skip_inactivity_poll | default(wifi_iface[item.template].skip_inactivity_poll) | default() }}"
-          disassoc_low_ack: "{{ item.disassoc_low_ack | default(wifi_iface[item.template].disassoc_low_ack) | default() }}"
-      loop: "{{ wireless['wifi_iface'] }}"
-
-    - name: commit changes
-      uci:
-        command: commit
-        key: wireless
-      notify: reload wifi
+    - config
+    - netpkgconfig
+    - netconfig
Author	SHA1	Message	Date
Martin Kennedy	10fd5b8668	fix: add handlers for odhcpd / dnsmasq reload for: issue #6 Based on `01fda612ae/handlers/main.yml (L8)`	2026-04-26 18:09:27 -04:00
Martin Kennedy	26ef6cdc33	feat: Separate network/wifi/dhcp into separate yaml; disable dhcp - "disable dhcp" -- erasing /etc/config/dhcp will / should also prevent odhcpcd from starting. For: issue #6	2026-04-26 18:02:47 -04:00
Martin Kennedy	728a897fec	fix: tear down default surplus wifi-iface(s) Fixes: issue #5	2026-04-26 17:43:05 -04:00
Martin Kennedy	120a2b5a93	feat: add new key hashes from bielik/zephyr	2026-03-29 15:15:29 -04:00
Martin Kennedy	9c43186e5a	feat: add ap3825i11/12	2026-03-29 15:15:13 -04:00
Martin Kennedy	44e2634b6e	Add ap3825i10	2024-07-25 14:27:24 -04:00
Martin Kennedy	e92dbe3658	feat: enable dawn Now that we're on ath9k-only ...	2024-07-09 13:32:02 -04:00
Martin Kennedy	2c04241abb	feat: Swap all 5 APs for ath9k cards Details: https://discord.com/channels/910601480241836112/910602028747751454/1259957870699745300	2024-07-09 13:31:01 -04:00
Martin Kennedy	fcbb8826cf	cleanup: drop prometheus-.*ucode, which aren't available in 23.05.3	2024-07-08 22:49:02 -04:00
Martin Kennedy	4dc1d44aea	feat: Re-add ap3825i7	2024-07-08 22:48:17 -04:00
Martin Kennedy	97bfe982cf	cleanup: drop STP everywhere STP is hellishly annoying just like 802.11s is. So, drop both of them. Wow! No more issues.	2024-07-01 19:54:05 -04:00
Martin Kennedy	69c6be8453	feat: Add prometheus packages This commit has the install code add the prometheus packages.	2024-07-01 19:52:18 -04:00
Martin Kennedy	fa5fbb4c7d	feat: add ap3935i1, 2 These two APs replace ap3825i6 (conf room) and ap3825i4 (fishbowl AP) respectively. We switch to the full-htt Candelatech firmware in hopes that it will handle many concurrent users more gracefully.	2024-07-01 19:51:26 -04:00
Martin Kennedy	5b4e8e0147	feat: dropbear: add neo, jafar pubkeys This commit just directly adds the pubkeys to git. They're not special or in need of protection. Makes this code more portable... for now.	2024-07-01 19:50:08 -04:00
Martin Kennedy	714f7dc85f	cleanup: drop missing APs - mr16_4 has been gone for a while. - ap3825i7 is no longer reachable. - ap3825i6 (conference room AP) replaced. - ap3825i4 (fishbowl AP) replaced. - ap3825i1 (office 7 mesh AP) discontinued.	2024-07-01 19:44:11 -04:00
Martin Kennedy	61e98c956c	add ap3825i7, replacing 5	2024-05-20 20:33:09 -04:00
Martin Kennedy	58e204a004	skip inactivity poll in mesh vif	2023-12-10 16:13:28 -05:00
Martin Kennedy	9d7fae28c4	Deploy ap3825i6, replacing sauron; adjust VLANs so Ned / office 8 gets internet; fix broken STP config	2023-12-10 16:13:06 -05:00
Martin Kennedy	d1922dd935	feat: use the config role by default These are all half-baked roles that just let us opt in or out different important steps.	2023-04-07 12:58:34 -04:00
Martin Kennedy	ce468dc798	fix: dropbear: Pull the ed25519 pubkey from $HOME, not /home/$USER Also, pin the mode so it's never world-writable.	2023-04-07 12:57:59 -04:00
Martin Kennedy	cf8514dab7	fix: ap3825i4: Pin back pci sysfs addresses Due to https://github.com/openwrt/openwrt/issues/10530, I had flashed some ap3825i (among others, ap3825i4) with a firmware which changed the sysfs path of the wireless cards. After that issue, however, we managed to revert this back to the old behavior so as to avoid a conf migration script; so, pin the sysfs paths back to stock. We might profit from templating these sysfs paths out somehow -- we'd just need to describe different templates for how we name cards in multi-card systems (or something), and do some indirection in our playbooks.	2023-04-07 12:54:33 -04:00
Martin Kennedy	c6846320b8	fix: Redirect logging to new server (hashtag)	2023-04-07 12:52:19 -04:00
Martin Kennedy	245626589d	Substantial cleanup for 12-22 North's network	2022-12-21 16:56:50 -05:00
Martin Kennedy	c9df2b7516	debug: setup wpad logging, defaulting to "debug"	2022-12-21 16:30:54 -05:00
Martin Kennedy	c9f4d75e87	feat: Setup syslog redirection, defaulting to slate	2022-12-21 16:30:31 -05:00
Martin Kennedy	1f462665cc	feat: Add templates for mt761x wireless devices	2022-12-21 16:30:08 -05:00
Martin Kennedy	889a54fd21	fix: Begin splitting uses of wpad-wolfssl and wpad-mesh-wolfssl In commit `b46bf38e8` ("feat: Configure network-specific packages"), we left a mistake, having the package_wpad_mesh configuration setup actually install wpad-wolfssl as opposed to wpad-mesh-wolfssl (probably after discovering that wpad-mesh-wolfssl wasn't sufficient for some purpose or other). wpad-wolfssl is a feature superset of wpad-mesh-wolfssl, but we'll want to separate these two sets slowly if we can.	2022-12-19 12:32:07 -05:00
Martin Kennedy	8058f197f1	feat: Add a WPA3 (SAE) variant of Laboratory B's WiFi network WPA3 is required in order to transmit on >6GHz.	2022-12-19 12:32:07 -05:00
Martin Kennedy	5c1f99965a	feat: Add templates for mt791x (11x) wifi-devices These need to run with 'HE' htmode(s) in order to gain the benefits of higher coding rates	2022-12-19 12:32:07 -05:00
Martin Kennedy	29e103a176	feat: netconfig: Allow wifi-iface(s) to remain without ifname There are certain situations we do not want to set the ifname on a wifi-ifae, e.g. when navigating bugs related to hard-setting the `ifname` as we see on DBDC-capable mt76 devices. Change our wifi-iface setup so that we do not search for devices by ifname, but instead, by section name (e.g. `labb5` in `config wifi-iface 'labb5'`). Also, add an `force_ifnameless` variable to our wifi-iface YAML so that we can optionally force-empty the ifname field in settings where we would like to do so. By default (with `force_ifnameless` unset or false), we will use the same value for the `ifname` option and for the section name. Impacts - You will need to migrate manually by naming your wifi-iface sections	2022-12-19 12:32:07 -05:00
Martin Kennedy	e05b253210	feat: Setup hostname, timezone, and secure sshd	2022-12-11 16:00:24 -05:00
Martin Kennedy	5d193970bc	fix: Specify the `wireless.wifi-device.type` as mac80211 Before this commit, we do not add a `type` to the wifi-device(s) we create from scratch; we hope that they'd be available and already set to `mac80211`. For example, if we do not have a section in `/etc/config/wireless` for the phy at sysfs path `ffe09000.pcie...`, creating one with Ansible with this inventory variable: ```yaml - name: radio1 path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0 template: ath9k_2 channel: 6 ``` would give us ```/etc/config/wireless config wifi-device 'radio1' option htmode 'HT20' option band '2g' option channel '6' option country 'US' option disabled '0' option path 'ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0' ``` ... and not: ```/etc/config/wireless config wifi-device 'radio1' option type 'mac80211' option htmode 'HT20' option band '2g' option channel '6' option country 'US' option disabled '0' option path 'ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0' ``` Force the section as mac80211. This has no support for non-mac80211, cfg80211-only drivers -- that's fine, as we only see (in practice) ath9k, ath10k, ath11k and mt76 among the routers we're configuring with ansible-labb-wifi. (cherry picked from commit a4b505a4e6c218de4ec02f06f3eb58e97bdb517c)	2022-12-11 16:00:24 -05:00
Martin Kennedy	4be4747f96	fix: Set wifi-device names to ensure ifaces point to correct device Before this commit, we do not add an uci section name to wifi-device(s). For example, if we do not have a section in `/etc/config/wireless` for the phy at sysfs path `ffe09000.pcie...`, creating one with Ansible with this inventory variable: ```yaml - name: radio1 path: ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0 template: ath9k_2 channel: 6 ``` would give us ```/etc/config/wireless config wifi-device option type 'mac80211' option htmode 'HT20' option band '2g' option channel '6' option country 'US' option disabled '0' option path 'ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0' ``` ... and not: ```/etc/config/wireless config wifi-device 'radio1' option type 'mac80211' option htmode 'HT20' option band '2g' option channel '6' option country 'US' option disabled '0' option path 'ffe09000.pcie/pci9000:00/9000:00:00.0/9000:01:00.0' ``` We must name the wifi-device section, since wifi-iface sections point to the name of their wifi-device exclusively. (cherry picked from commit 0c8452b9a6d408b1669e273feb6a9161d0a56da6)	2022-12-11 16:00:24 -05:00
Martin Kennedy	9c426a57bf	feat: Add hosts: ap3285i4.lan, mr16_4.lan	2022-08-27 21:32:14 -04:00
Martin Kennedy	a689dcabab	fix: ap: Globalize disassoc_low_ack for all ap VIFs In the same way as `2ea51c7833`, where varying skip_inactivity_poll. I don't think there's a bug. I don't know, though. We'll find out.	2022-08-11 10:01:51 -04:00
Martin Kennedy	6ba330eb81	cleanup: inventory: drop mr16_3 from inventory Now that this node is gone for good.	2022-08-09 20:43:21 -04:00
Martin Kennedy	2ea51c7833	fix: ap: Globalize skip_inactivity_poll for all ap VIFs There appears to be a bug in hostapd where this[1]: ```hostapd.conf interface=vgo5 : skip_inactivity_poll=1 : interface=labb5 : skip_inactivity_poll=0 : ``` ... still results in inactivity polling on the vgo5 interface: Tue Aug 9 04:54:20 2022 daemon.info hostapd: vgo5: STA 3a:0e:52:a1:43:ea IEEE 802.11: disassociated due to inactivity Tue Aug 9 04:54:21 2022 daemon.info hostapd: vgo5: STA 3a:0e:52:a1:43:ea IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) Tue Aug 9 05:18:05 2022 daemon.info hostapd: vgo5: STA 3a:0e:52:a1:43:ea IEEE 802.11: disassociated due to inactivity Tue Aug 9 05:18:06 2022 daemon.info hostapd: vgo5: STA 3a:0e:52:a1:43:ea IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE) Not sure what's going on there. I will have to verify this fix works in production. [1]: https://paste.c-net.org/MulanMaybe	2022-08-09 20:32:21 -04:00
Martin Kennedy	50ba10ad0e	feat: Add host: ap3825i1.lan YES, believe it or not, I can now configure mesh nodes with this playbook. It's nervewracking, but you better believe it works.	2022-08-06 23:21:13 -04:00
Martin Kennedy	df4fd21984	cleanup: Shift wpad reload from handler to instead occur in-place We cannot afford to defer things to a handler when reconfiguring the network: we need to know as soon as possible when our playbook has gone up in flames and left a remote out-of-reach, so we can know what broke when we have to go and directly service the unit. I've hard-set the timeout here to 70 to handle the full one-minute DFS CAC timeout, but please, for the love of God, don't run mesh on UNII-2A. You do not want to be waiting that full minute for the device to come back.	2022-08-06 23:17:55 -04:00
Martin Kennedy	b46bf38e84	feat: Configure network-specific packages This is probably not the right way to do this ... but it's tricky. Packages that are REQUIRED for proper network config need to be handled somewhere before we do network config. Perhaps this could be moved to the netconfig role on its own, but I don't really want to try.	2022-08-06 22:51:11 -04:00
Martin Kennedy	ad80c3d464	cleanup: separate network config into a role Note that this also drops the package setup at the beginning of the original wireless-setup.yml. We no longer need to specify -e @default_vars.yml since it is included in the role.	2022-08-06 21:42:30 -04:00
Martin Kennedy	d139c423cb	feat: Replace mr16_3 with ap3825i2 Following up from 08dab0af7da30a90a5bd130977704b0ec2ba60fb; the replacement is now complete.	2022-08-05 14:49:18 -04:00
Martin Kennedy	08dab0af7d	feat: ap3825i2: prep to replace the mr16_3 This commit reconfigures the ap3825i2 in preparation for having it replace mr16_3. We set up STP, prep some mesh VIFs and match it to the mr16_3's channels. Replacing the mr16_3 will fix Matt Woodbury's issues.	2022-08-02 00:15:10 -04:00
Martin Kennedy	e1fd69bfee	feat: packages: allow per-host package conf We want to be able to assert / de-assert the presence of certain packages. Note that the ansible-openwrt role already gives us an opkg cache refresh.	2022-08-02 00:11:23 -04:00