Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

feat(ansible): add OpenWrt dlink AP configuration

Browse Source 
Add community.openwrt collection, dlink host to inventory,
openwrt role with system/network/firewall tasks, and two
playbooks: dlink-init.yml for one-time bootstrap from factory
IP, and openwrt.yml for ongoing idempotent configuration.

Network: MGMT untagged + LAN (vlan2) tagged on WAN port trunk
to MikroTik ether3. Firewall zones replace factory WAN/LAN
with mgmt (input ACCEPT) and lan (forward ACCEPT, AP mode).
This commit is contained in:
Lumpiasty
2026-05-13 21:08:55 +02:00
parent 17db139125
commit 120547b1b8
13 changed files with 477 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ansible/playbooks/dlink-init.yml
+125
View File
@@ -0,0 +1,125 @@
---
# One-time initialisation playbook for the dlink OpenWrt AP.
#
# Run this while your PC is directly connected to a dlink LAN port
# (factory IP 192.168.1.1, no MikroTik in the picture yet).
#
# What it does:
# - Replaces the entire network config (switch VLANs, devices, interfaces)
# - Replaces the entire firewall config (mgmt/lan zones, no WAN)
# - Reloads network and firewall in the background
#
# After this playbook finishes the device is no longer reachable at 192.168.1.1.
# Plug the WAN port into MikroTik ether3 and use playbooks/openwrt.yml for all
# further configuration.
- name: dlink — one-time network initialisation
hosts: openwrt
gather_facts: false
vars:
ansible_host: "192.168.1.1"
ansible_user: root
tasks:
- name: Verify connectivity
community.openwrt.ping:
- name: Configure network (switch VLANs, devices, interfaces)
community.openwrt.uci:
command: import
merge: false
config: network
value: |
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
list ipaddr '127.0.0.1/8'
config globals 'globals'
option ula_prefix 'fd4d:508e:899a::/48'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option description 'mgmt'
option ports '4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option description 'lan'
option ports '0 1 2 3 4t 6t'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.2'
config interface 'mgmt'
option device 'eth0.1'
option proto 'static'
option ipaddr '192.168.255.11/24'
option gateway '192.168.255.10'
option dns '192.168.0.1'
config interface 'lan'
option device 'br-lan'
option proto 'none'
- name: Commit network config
community.openwrt.uci:
command: commit
key: network
- name: Configure firewall (mgmt/lan zones, no WAN)
community.openwrt.uci:
command: import
merge: false
config: firewall
value: |
package firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'mgmt'
list network 'mgmt'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'ACCEPT'
config rule
option name 'Allow-ICMP-mgmt'
option src 'mgmt'
option proto 'icmp'
option target 'ACCEPT'
- name: Commit firewall config
community.openwrt.uci:
command: commit
key: firewall
- name: Reload network in background (device will drop off 192.168.1.1)
community.openwrt.nohup:
command: /etc/init.d/network reload
ignore_unreachable: true
ansible/playbooks/openwrt.yml
+10
View File
@@ -0,0 +1,10 @@
---
# Main OpenWrt playbook. Connects to dlink on its permanent management IP
# (192.168.255.11 via MikroTik ether3). Run dlink-init.yml first if the
# device has not been initialised yet.
- name: Configure OpenWrt
hosts: openwrt
gather_facts: false
roles:
- role: openwrt