Lumpiasty/klaster
0
0
Fork 0
Code Issues Pull Requests 2 Packages Projects Releases Wiki Activity

refactor(ansible): deduplicate dlink-init playbook
ci/woodpecker/push/flux-reconcile-source Pipeline was successful
Details

Browse Source
This commit is contained in:
Lumpiasty
2026-05-13 22:39:57 +02:00
parent 38f0aa699f
commit 28e220d1b7
1 changed files with 10 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ansible/playbooks/dlink-init.yml
+10 -97
View File
@@ -4,10 +4,8 @@
# Run this while your PC is directly connected to a dlink LAN port # Run this while your PC is directly connected to a dlink LAN port
# (factory IP 192.168.1.1, no MikroTik in the picture yet). # (factory IP 192.168.1.1, no MikroTik in the picture yet).
# #
# What it does: # Applies the same network and firewall config as the main openwrt role,
# - Replaces the entire network config (switch VLANs, devices, interfaces) # then reloads network in the background. Skips wireless (requires Vault).
# - Replaces the entire firewall config (mgmt/lan zones, no WAN)
# - Reloads network and firewall in the background
# #
# After this playbook finishes the device is no longer reachable at 192.168.1.1. # After this playbook finishes the device is no longer reachable at 192.168.1.1.
# Plug the WAN port into MikroTik ether3 and use playbooks/openwrt.yml for all # Plug the WAN port into MikroTik ether3 and use playbooks/openwrt.yml for all
@@ -24,100 +22,15 @@
- name: Verify connectivity - name: Verify connectivity
community.openwrt.ping: community.openwrt.ping:
- name: Configure network (switch VLANs, devices, interfaces) # import_tasks (static) is used instead of include_tasks (dynamic) so that
community.openwrt.uci: # handler names referenced via notify in the imported files are silently
command: import # ignored rather than causing an error — no handlers are defined in this
merge: false # play, and the explicit nohup reload below replaces them for the init case.
config: network - name: Network configuration
value: | ansible.builtin.import_tasks: ../roles/openwrt/tasks/network.yml
package network
config interface 'loopback' - name: Firewall configuration
option device 'lo' ansible.builtin.import_tasks: ../roles/openwrt/tasks/firewall.yml
option proto 'static'
list ipaddr '127.0.0.1/8'
config globals 'globals'
option ula_prefix 'fd4d:508e:899a::/48'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option description 'mgmt'
option ports '4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option description 'lan'
option ports '0 1 2 3 4t 6t'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.2'
config interface 'mgmt'
option device 'eth0.1'
option proto 'static'
option ipaddr '192.168.255.11/24'
option gateway '192.168.255.10'
option dns '192.168.0.1'
config interface 'lan'
option device 'br-lan'
option proto 'none'
- name: Commit network config
community.openwrt.uci:
command: commit
key: network
- name: Configure firewall (mgmt/lan zones, no WAN)
community.openwrt.uci:
command: import
merge: false
config: firewall
value: |
package firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'mgmt'
list network 'mgmt'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'ACCEPT'
config rule
option name 'Allow-ICMP-mgmt'
option src 'mgmt'
option proto 'icmp'
option target 'ACCEPT'
- name: Commit firewall config
community.openwrt.uci:
command: commit
key: firewall
- name: Reload network in background (device will drop off 192.168.1.1) - name: Reload network in background (device will drop off 192.168.1.1)
community.openwrt.nohup: community.openwrt.nohup: