kitty: init

locations/kitty.yml

@@ -0,0 +1,111 @@
+---
+
+location: kitty
+location_nice: Brückenstraße 1, 10179 Berlin
+latitude: 52.511268
+longitude: 13.417194
+altitude: 39
+height: 11
+contact_nickname: Vinet
+contacts:
+  - [email protected]
+
+# --MGMT: 10.248.22.60/30
+# --MESH: 10.248.23.232/30
+# --DHCP: 10.248.25.0/24
+
+ipv6_prefix: 2001:bf7:750:7600::/56
+
+hosts:
+  - hostname: kitty-core
+    role: corerouter
+    model: "mikrotik_routerboard-750gr3"
+    host__rclocal__to_merge:
+      - '#'
+      - '# This script adjusts the configuration of vlans.'
+      - '#'
+      - ' '
+      - '. /lib/functions.sh'
+      - ' '
+      - 'handle_vlans() {'
+      - '	# untag the vlans on different ports based on their id'
+      - '	local uci_section="$1"'
+      - ' '
+      - '	config_get vlan "$uci_section" vlan'
+      - '	config_get ports "$uci_section" ports'
+      - ' '
+      - ' '
+      - '	case "$vlan" in'
+      - '		50)'
+      - '			# untag MESH for uplink on port 1'
+      - "			port_config='wan lan2:t lan3:t lan4:t lan5:t' ;;"
+      - '		40)'
+      - '			# untag DHCP on port 2'
+      - "			port_config='wan:t lan2 lan3:t lan4:t lan5:t' ;;"
+      - '		42)'
+      - '			# untag mgmt on port 3'
+      - "			port_config='wan:t lan2:t lan3 lan4:t lan5:t' ;;"
+      - '		*)'
+      - '			# do nothing for the other vlans'
+      - '			return'
+      - '	esac'
+      - ' '
+      - '	# abort if config is applied already'
+      - '	if [ "$ports" = "$port_config" ]; then'
+      - '		printf "Vlan %d applied already.\n" "$vlan"'
+      - '		return'
+      - '	fi'
+      - ' '
+      - '	printf "Port number: %d\n" "$vlan"'
+      - '	printf "Port config: %s\n" "$port_config"'
+      - ' '
+      - '	printf "Configuring %s... " "$uci_section"'
+      - '	uci_set network "$uci_section" ports "$port_config"'
+      - '	printf "Done.\n"'
+      - '}'
+      - ' '
+      - 'config_load network'
+      - ' '
+      - 'config_foreach handle_vlans "bridge-vlan"'
+      - ' '
+      - 'uci commit network'
+      - 'sync'
+      - 'reload_config'
+
+networks:
+  - vid: 40
+    role: dhcp
+    inbound_filtering: true
+    enforce_client_isolation: true
+    prefix: 10.248.25.0/24
+    ipv6_subprefix: 1
+    assignments:
+      kitty-core: 1
+
+  - vid: 42
+    role: mgmt
+    prefix: 10.248.22.60/30
+    ipv6_subprefix: 0
+    gateway: 1
+    dns: 1
+    assignments:
+      kitty-core: 1
+
+  - vid: 50
+    role: uplink
+
+  - role: tunnel
+    ifname: ts_wg0
+    mtu: 1280
+    prefix: 10.248.23.232/32
+    wireguard_port: 51820
+
+  - role: tunnel
+    ifname: ts_wg1
+    mtu: 1280
+    prefix: 10.248.23.233/32
+    wireguard_port: 51821
+
+location__ssh_keys__to_merge:
+  - comment: Vinet
+    key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCRpRJcexdB2N11gsbbKhXGu8sNQIAShohJpjobhSXtcUWTfRlX2SwSF0QuoHP4Bcb8IGCQc8+TK1RSc+owc1bD68gHIGQZ6b3u2sDv1JMoexqtY9PRIhOiUkPMdSJH7ay4WS7p6FHCZ8z1lrf5GaWpA+E0FNvE7sSaA7jHegYZ6D/qru9XddatItWkMgaKqVzaK+W0TldlqqORwQJg0JGPA71vakJCj/H+SsCZyn9HJ/bbq08kBqaBGU7JLFfwKpw8VGn2pwENzHQgzjb6Bfmj1XmbDvXtZjJTF7nhrxemXo9oJDDq8pVveD46cvSffvAAUFRrMlaV+v0qsYK0ir3MDGuguBn3t2+DR0K8JGufYU7i52vTwCuu3d3PRNIwyEYG4vySXpA9m7YSJEHIkasrSADGy47P+Q+jXQZoR5JS0ZtZnqA4JvnYyKd/OeLpNX7MXaDpVAI7pNrDig/4VD7LO70kPPCMAjn40qwF8lcI8U+alrqHG1RIrkugnsGs9g7tselqIi2pAUMml3as778h5Qx+p8FiD3lLPbjJfTBBgl8LfySRWxLgWTMI0TqtMvqNbsUaAB0ThN2FiJE9PrVO2dzUrBUZnaOpT+8B/zW4cGyFqqNZCjpvXkIPzp6jbPDG1aithV0C9mPOGAgq5wUIBgS+Vx95JhA3TArTz4DOdw== Vinet