OpenWrt 25.12+ uses apk instead of opkg. The community.openwrt.apk
module is only available in the unreleased 1.4.0 (git main), so
requirements.yml now installs the collection from git.
- requirements.yml: install community.openwrt from git main branch
(comment explains why — apk module not yet in a Galaxy release)
- packages.yml: switch from community.openwrt.opkg to apk, use
join filter to pass all packages at once instead of looping
MikroTik: add vlan5 interface, bridge VLAN entry (ether3 tagged),
IP 192.168.5.1/24, IPv6 from-pool, DHCP pool/server/network,
firewall rules allowing IoT internet-only (IPv4 and IPv6),
DNS input from vlan5.
OpenWrt: add switch VLAN 5 (WAN+CPU tagged), br-iot bridge on
eth0.5, iot interface, iot firewall zone (forward ACCEPT,
input REJECT).
Also remove ensure_order from all non-firewall api_modify tasks
as RouterOS does not support move on those paths.
Add community.openwrt collection, dlink host to inventory,
openwrt role with system/network/firewall tasks, and two
playbooks: dlink-init.yml for one-time bootstrap from factory
IP, and openwrt.yml for ongoing idempotent configuration.
Network: MGMT untagged + LAN (vlan2) tagged on WAN port trunk
to MikroTik ether3. Firewall zones replace factory WAN/LAN
with mgmt (input ACCEPT) and lan (forward ACCEPT, AP mode).
Move flat tasks/ and vars/routeros-secrets.yml into
roles/routeros/ with a main.yml that imports the domain
task files in order. Update playbooks/routeros.yml to
use the role instead of importing tasks directly.
Lumpiasty
