46 lines
1.7 KiB
YAML
46 lines
1.7 KiB
YAML
---
|
|
# One-time initialisation playbook for the dlink OpenWrt AP.
|
|
#
|
|
# Run this while your PC is directly connected to a dlink LAN port
|
|
# (factory IP 192.168.1.1, no MikroTik in the picture yet).
|
|
#
|
|
# Applies the same network and firewall config as the main openwrt role,
|
|
# then reloads network in the background. Skips wireless (requires Vault).
|
|
#
|
|
# After this playbook finishes the device is no longer reachable at 192.168.1.1.
|
|
# Plug the WAN port into MikroTik ether3 and use playbooks/openwrt.yml for all
|
|
# further configuration.
|
|
|
|
- name: dlink — one-time network initialisation
|
|
hosts: openwrt
|
|
gather_facts: false
|
|
vars:
|
|
ansible_host: "192.168.1.1"
|
|
ansible_user: root
|
|
# Role defaults are not loaded when importing role task files directly.
|
|
# These must mirror roles/openwrt/defaults/main.yml.
|
|
openwrt_mgmt_ip: 192.168.255.11
|
|
openwrt_mgmt_prefix: 24
|
|
openwrt_mgmt_gateway: 192.168.255.10
|
|
openwrt_dns_servers:
|
|
- 192.168.0.1
|
|
|
|
tasks:
|
|
- name: Verify connectivity
|
|
community.openwrt.ping:
|
|
|
|
# import_tasks (static) is used instead of include_tasks (dynamic) so that
|
|
# handler names referenced via notify in the imported files are silently
|
|
# ignored rather than causing an error — no handlers are defined in this
|
|
# play, and the explicit nohup reload below replaces them for the init case.
|
|
- name: Network configuration
|
|
ansible.builtin.import_tasks: ../roles/openwrt/tasks/network.yml
|
|
|
|
- name: Firewall configuration
|
|
ansible.builtin.import_tasks: ../roles/openwrt/tasks/firewall.yml
|
|
|
|
- name: Reload network in background (device will drop off 192.168.1.1)
|
|
community.openwrt.nohup:
|
|
command: /etc/init.d/network reload
|
|
ignore_unreachable: true
|