diff --git a/locations/kitty.yml b/locations/kitty.yml new file mode 100644 index 00000000..c41f5944 --- /dev/null +++ b/locations/kitty.yml @@ -0,0 +1,111 @@ +--- + +location: kitty +location_nice: Brückenstraße 1, 10179 Berlin +latitude: 52.511268 +longitude: 13.417194 +altitude: 39 +height: 11 +contact_nickname: Vinet +contacts: + - vinet@c-base.org + +# --MGMT: 10.248.22.60/30 +# --MESH: 10.248.23.232/30 +# --DHCP: 10.248.25.0/24 + +ipv6_prefix: 2001:bf7:750:7600::/56 + +hosts: + - hostname: kitty-core + role: corerouter + model: "mikrotik_routerboard-750gr3" + host__rclocal__to_merge: + - '#' + - '# This script adjusts the configuration of vlans.' + - '#' + - ' ' + - '. /lib/functions.sh' + - ' ' + - 'handle_vlans() {' + - ' # untag the vlans on different ports based on their id' + - ' local uci_section="$1"' + - ' ' + - ' config_get vlan "$uci_section" vlan' + - ' config_get ports "$uci_section" ports' + - ' ' + - ' ' + - ' case "$vlan" in' + - ' 50)' + - ' # untag MESH for uplink on port 1' + - " port_config='wan lan2:t lan3:t lan4:t lan5:t' ;;" + - ' 40)' + - ' # untag DHCP on port 2' + - " port_config='wan:t lan2 lan3:t lan4:t lan5:t' ;;" + - ' 42)' + - ' # untag mgmt on port 3' + - " port_config='wan:t lan2:t lan3 lan4:t lan5:t' ;;" + - ' *)' + - ' # do nothing for the other vlans' + - ' return' + - ' esac' + - ' ' + - ' # abort if config is applied already' + - ' if [ "$ports" = "$port_config" ]; then' + - ' printf "Vlan %d applied already.\n" "$vlan"' + - ' return' + - ' fi' + - ' ' + - ' printf "Port number: %d\n" "$vlan"' + - ' printf "Port config: %s\n" "$port_config"' + - ' ' + - ' printf "Configuring %s... " "$uci_section"' + - ' uci_set network "$uci_section" ports "$port_config"' + - ' printf "Done.\n"' + - '}' + - ' ' + - 'config_load network' + - ' ' + - 'config_foreach handle_vlans "bridge-vlan"' + - ' ' + - 'uci commit network' + - 'sync' + - 'reload_config' + +networks: + - vid: 40 + role: dhcp + inbound_filtering: true + enforce_client_isolation: true + prefix: 10.248.25.0/24 + ipv6_subprefix: 1 + assignments: + kitty-core: 1 + + - vid: 42 + role: mgmt + prefix: 10.248.22.60/30 + ipv6_subprefix: 0 + gateway: 1 + dns: 1 + assignments: + kitty-core: 1 + + - vid: 50 + role: uplink + + - role: tunnel + ifname: ts_wg0 + mtu: 1280 + prefix: 10.248.23.232/32 + wireguard_port: 51820 + + - role: tunnel + ifname: ts_wg1 + mtu: 1280 + prefix: 10.248.23.233/32 + wireguard_port: 51821 + +location__ssh_keys__to_merge: + - comment: Vinet + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRpRJcexdB2N11gsbbKhXGu8sNQIAShohJpjobhSXtcUWTfRlX2SwSF0QuoHP4Bcb8IGCQc8+TK1RSc+owc1bD68gHIGQZ6b3u2sDv1JMoexqtY9PRIhOiUkPMdSJH7ay4WS7p6FHCZ8z1lrf5GaWpA+E0FNvE7sSaA7jHegYZ6D/qru9XddatItWkMgaKqVzaK+W0TldlqqORwQJg0JGPA71vakJCj/H+SsCZyn9HJ/bbq08kBqaBGU7JLFfwKpw8VGn2pwENzHQgzjb6Bfmj1XmbDvXtZjJTF7nhrxemXo9oJDDq8pVveD46cvSffvAAUFRrMlaV+v0qsYK0ir3MDGuguBn3t2+DR0K8JGufYU7i52vTwCuu3d3PRNIwyEYG4vySXpA9m7YSJEHIkasrSADGy47P+Q+jXQZoR5JS0ZtZnqA4JvnYyKd/OeLpNX7MXaDpVAI7pNrDig/4VD7LO70kPPCMAjn40qwF8lcI8U+alrqHG1RIrkugnsGs9g7tselqIi2pAUMml3as778h5Qx+p8FiD3lLPbjJfTBBgl8LfySRWxLgWTMI0TqtMvqNbsUaAB0ThN2FiJE9PrVO2dzUrBUZnaOpT+8B/zW4cGyFqqNZCjpvXkIPzp6jbPDG1aithV0C9mPOGAgq5wUIBgS+Vx95JhA3TArTz4DOdw== Vinet