Compare commits
No commits in common. "master" and "d48a7eed8b53994abe99eaa951e371b013c9b4bc" have entirely different histories.
master
...
d48a7eed8b
|
@ -1,3 +1,2 @@
|
|||
ansible-facts.json/
|
||||
switch-configs-stock/
|
||||
*.html
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
[submodule "roles/gekmihesg.openwrt"]
|
||||
path = roles/gekmihesg.openwrt
|
||||
url = https://github.com/gekmihesg/ansible-openwrt.git
|
37
README.md
37
README.md
|
@ -1,18 +1,11 @@
|
|||
# Freifunk Leipzig - Erstaufnahme Einrichtungen
|
||||
# Freifunk Leipzig - Erstaufnahme Einrichtung - Am Deutschen Platz
|
||||
|
||||
This repo contains the config and documentation for our installations at
|
||||
* `Am Deutschen Platz`
|
||||
* `Arno-Nitzsche-Straße`
|
||||
This repo contains the config and documentation for our installation at the "Erstaufnahme Einrichtung - Am Deutschen Platz"
|
||||
|
||||
---
|
||||
|
||||
**this is a work in progress**
|
||||
|
||||
* this repo was created for `Am Deutschen Platz` and was then reused for `Arno-Nitzsche-Straße`
|
||||
* therefore the ansible stuff is a bit smelly
|
||||
* there is a lot of documentation missing for the `Arno-Nitzsche-Straße`
|
||||
* ...
|
||||
|
||||
---
|
||||
|
||||
## Quick Links
|
||||
|
@ -34,7 +27,7 @@ This repo contains the config and documentation for our installations at
|
|||
### Initial Setup
|
||||
|
||||
0. install requirements
|
||||
1. clone repo and change directory: `git clone --recurse-submodules https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp`
|
||||
1. clone repo and change directory: `git clone https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp`
|
||||
2. create python3 virtual enviroment: `python3 -m venv ansible-environment`
|
||||
3. enter python3 virtual environment: `. ansible-environment/bin/activate`
|
||||
4. install ansible and dependencies: `pip3 install -r ansible-environment.txt`
|
||||
|
@ -53,30 +46,6 @@ Should something in the inventory change or you want to use/change the jumphost
|
|||
|
||||
Passwords managed using `pass`. Simply call `pass` after sourcing the environment.
|
||||
|
||||
### Monitoring
|
||||
|
||||
Initially we've deployed the monitoring on `monitoring01` (that lives on `hyper01` in `Am Deutschen Platz`).
|
||||
|
||||
After deploying the second camp we've decided to move the monitoring into the `cloud`.
|
||||
The new monitoring stack runs on `eae-adp-jump01`.
|
||||
Unfortunately `prometheus` crashes every few hours on `openbsd`.
|
||||
So there is a cronjob restarting `prometheus` every 2 hours on `eae-adp-jump01`.
|
||||
|
||||
As soon as someone finds the time we will move the monitoring stack onto a normal linux machine.
|
||||
|
||||
* old monitoring: `monitoring01 - 10.84.1.51`
|
||||
* is not getting new configs via ansible
|
||||
* rocks an old version of the grafana dashboard
|
||||
* the facility management still has a link to this instance
|
||||
* new monitoring: `eae-adp-jump01 - 10.84.254.0`
|
||||
|
||||
Both stacks offer the following services:
|
||||
* `prometheus`: `tcp/9090`
|
||||
* `alertmanager`: `tcp/9093`
|
||||
* `grafana`: `tcp/3000`
|
||||
|
||||
Use `ssh -D 8888 eae-adp-jump01` an configure this socks proxy in your favorite browser to visit the webguis.
|
||||
|
||||
### Descriptions
|
||||
|
||||
* `environment`: configure environment (path to `pass` store, http(s) socks proxy and python venv for ansible)
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
ansible==6.1.0
|
||||
ansible-core==2.13.2
|
||||
ansible==6.0.0
|
||||
ansible-core==2.13.1
|
||||
certifi==2022.6.15
|
||||
cffi==1.15.1
|
||||
charset-normalizer==2.1.0
|
||||
cryptography==37.0.4
|
||||
cryptography==37.0.2
|
||||
idna==3.3
|
||||
Jinja2==3.1.2
|
||||
MarkupSafe==2.1.1
|
||||
packaging==21.3
|
||||
pkg_resources==0.0.0
|
||||
proxmoxer==1.3.1
|
||||
pycparser==2.21
|
||||
pyparsing==3.0.9
|
||||
|
@ -16,4 +15,4 @@ PySocks==1.7.1
|
|||
PyYAML==6.0
|
||||
requests==2.28.1
|
||||
resolvelib==0.8.1
|
||||
urllib3==1.26.10
|
||||
urllib3==1.26.9
|
||||
|
|
|
@ -1,187 +1,21 @@
|
|||
[accesspoints]
|
||||
ap-c5d1 ip=10.84.1.33 location=office-social2 channel_2g=1 channel_5g=36 txpower_2g=12 txpower_5g=13
|
||||
ap-ac7c ip=10.84.1.31 location=office-social1 channel_2g=11 channel_5g=161 txpower_2g=12 txpower_5g=13
|
||||
ap-8f42 ip=10.84.1.36 location=tent-1 channel_2g=6 channel_5g=40
|
||||
ap-0b99 ip=10.84.1.32 location=tent-2 channel_2g=11 channel_5g=44
|
||||
ap-c495 ip=10.84.1.34 location=tent-3 channel_2g=1 channel_5g=48
|
||||
ap-2bbf ip=10.84.1.30 location=tent-4 channel_2g=11 channel_5g=149
|
||||
ap-1a38 ip=10.84.1.35 location=tent-5 channel_2g=6 channel_5g=153
|
||||
ap-8f39 ip=10.84.1.37 location=tent-5 channel_2g=1 channel_5g=157
|
||||
ap-1293 ip=10.84.1.38 location=office-facility channel_2g=1 channel_5g=100 txpower_2g=6 txpower_5g=7
|
||||
|
||||
ap-b62f ip=10.85.1.31 location=tent-1 channel_2g=1 channel_5g=36 txpower_2g=15 txpower_5g=20
|
||||
ap-b656 ip=10.85.1.35 location=tent-1 channel_2g=6 channel_5g=140 txpower_2g=15 txpower_5g=20
|
||||
ap-b6ee ip=10.85.1.32 location=office-security channel_2g=1 channel_5g=48 txpower_2g=12 txpower_5g=13
|
||||
ap-b5df ip=10.85.1.38 location=office-social channel_2g=11 channel_5g=153 txpower_2g=12 txpower_5g=13
|
||||
ap-b6cb ip=10.85.1.33 location=office-facility channel_2g=6 channel_5g=60 txpower_2g=12 txpower_5g=13
|
||||
ap-b641 ip=10.85.1.30 location=tent-2 channel_2g=1 channel_5g=136 txpower_2g=15 txpower_5g=20
|
||||
ap-b6d7 ip=10.85.1.34 location=tent-2 channel_2g=6 channel_5g=104 txpower_2g=15 txpower_5g=20
|
||||
ap-b644 ip=10.85.1.36 location=tent-2 channel_2g=11 channel_5g=124 txpower_2g=15 txpower_5g=20
|
||||
ap-b634 ip=10.85.1.37 location=tent-3 channel_2g=1 channel_5g=116 txpower_2g=15 txpower_5g=20
|
||||
ap-b6cc ip=10.85.1.39 location=tent-3 channel_2g=6 channel_5g=40 txpower_2g=15 txpower_5g=20
|
||||
ap-b682 ip=10.85.1.40 location=tent-3 channel_2g=11 channel_5g=64 txpower_2g=15 txpower_5g=20
|
||||
|
||||
ap-116e ip=10.86.1.31 location=p203 disable_2g=1 channel_5g=48 txpower_2g=17 txpower_5g=20
|
||||
ap-11c4 ip=10.86.1.32 location=office-security channel_2g=1 channel_5g=36 txpower_2g=17 txpower_5g=20
|
||||
ap-1202 ip=10.86.1.33 location=p201 disable_2g=1 channel_5g=153 txpower_2g=17 txpower_5g=20
|
||||
ap-12a8 ip=10.86.1.34 location=p104 channel_2g=11 channel_5g=60 txpower_2g=17 txpower_5g=20
|
||||
ap-13ac ip=10.86.1.35 location=p106 disable_2g=1 channel_5g=116 txpower_2g=17 txpower_5g=20
|
||||
ap-144c ip=10.86.1.36 location=p108 channel_2g=1 channel_5g=140 txpower_2g=17 txpower_5g=20
|
||||
ap-12c2 ip=10.86.1.37 location=p207 disable_2g=1 channel_5g=128 txpower_2g=17 txpower_5g=20
|
||||
ap-16bc ip=10.86.1.38 location=p205 channel_2g=6 channel_5g=104 txpower_2g=17 txpower_5g=20
|
||||
ap-1374 ip=10.86.1.39 location=kitchen-og disable_2g=1 channel_5g=153 txpower_2g=17 txpower_5g=20
|
||||
|
||||
[accesspoints:vars]
|
||||
ansible_remote_tmp=/tmp
|
||||
garet_profile=aruba-ap-105_22.03
|
||||
garet_release=9974455
|
||||
|
||||
[aptype_aruba_ap_303]
|
||||
ap-11c4
|
||||
ap-116e
|
||||
ap-1202
|
||||
ap-12a8
|
||||
ap-13ac
|
||||
ap-144c
|
||||
ap-12c2
|
||||
ap-16bc
|
||||
ap-1374
|
||||
|
||||
[aptype_aruba_ap_105]
|
||||
ap-c5d1
|
||||
ap-ac7c
|
||||
ap-8f42
|
||||
ap-0b99
|
||||
ap-c495
|
||||
ap-2bbf
|
||||
ap-1a38
|
||||
ap-8f39
|
||||
ap-1293
|
||||
ap-b62f
|
||||
ap-b656
|
||||
ap-b6ee
|
||||
ap-b5df
|
||||
ap-b6cb
|
||||
ap-b641
|
||||
ap-b6d7
|
||||
ap-b644
|
||||
ap-b634
|
||||
ap-b6cc
|
||||
ap-b682
|
||||
ap-c5d1 ip=10.84.1.33 channel_2g=1 channel_5g=36 # Office
|
||||
ap-8f42 ip=10.84.1.36 channel_2g=6 channel_5g=40 # Tent 1
|
||||
ap-0b99 ip=10.84.1.32 channel_2g=11 channel_5g=44 # Tent 2
|
||||
ap-c495 ip=10.84.1.34 channel_2g=1 channel_5g=48 # Tent 3
|
||||
ap-2bbf ip=10.84.1.30 channel_2g=11 channel_5g=149 # Tent 4
|
||||
ap-1a38 ip=10.84.1.35 channel_2g=6 channel_5g=153 # Tent 5
|
||||
|
||||
[switches]
|
||||
sw-access01 ip=10.84.1.11 base_mac=bc:cf:4f:e3:bb:8d location=office-social2
|
||||
sw-access02 ip=10.84.1.12 base_mac=bc:cf:4f:e3:ac:39 location=tent-5
|
||||
sw-access04 ip=10.84.1.14 base_mac=5c:e2:8c:6a:7f:cc location=tent-2
|
||||
|
||||
[switches_stock]
|
||||
ffl-ans-sw-distribution01 ip=10.85.1.11 base_mac=5c:e2:8c:60:82:fb sw_type=gs1900-10hp location=office-facility
|
||||
ffl-ans-sw-access01 ip=10.85.1.12 base_mac=04:bf:6d:15:c6:b3 sw_type=gs1900-10hp location=tent-1
|
||||
ffl-ans-sw-access02 ip=10.85.1.13 base_mac=04:bf:6d:15:c6:92 sw_type=gs1900-10hp location=tent-2
|
||||
sax-rgs-sw-access01 ip=10.86.1.11 sw_type=s2800s-8t2f-p location=p104
|
||||
sax-rgs-sw-access02 ip=10.86.1.12 sw_type=s2800s-8t2f-p location=p204
|
||||
sw-access01 ip=10.84.1.11
|
||||
sw-access02 ip=10.84.1.12
|
||||
|
||||
[gateways]
|
||||
gw-core01 ip=10.84.1.1
|
||||
ffl-ans-gw-core01 ip=10.85.1.1
|
||||
sax-rgs-gw-core01 ip=10.86.1.1 garet_profile=sophos-sg-xxx_22.03 garet_release=601bc29
|
||||
|
||||
[gateways:vars]
|
||||
ansible_remote_tmp=/tmp
|
||||
garet_profile=sophos-sg-125r2_22.03
|
||||
garet_release=89cbd27
|
||||
gw-core01 ip=10.84.1.1
|
||||
|
||||
[server]
|
||||
hyper01 ip=10.84.1.21
|
||||
|
||||
[vms]
|
||||
eae-adp-jump01 ip=162.55.53.85 monitoring_ip=10.84.254.0 ansible_python_interpreter=/usr/local/bin/python3
|
||||
|
||||
[container]
|
||||
monitoring01 ip=10.84.1.51 cpus=2 disk=50 memory=1024 net='{"net0":"name=eth0,ip=10.84.1.51/24,gw=10.84.1.1,bridge=vmbr0"}'
|
||||
mon-e2e-clients01 ip=10.84.7.30 cpus=1 disk=10 memory=256 net='{"net0":"name=eth0,ip=dhcp,bridge=vmbr1"}'
|
||||
mon-e2e-wan01 ip=192.168.0.3 cpus=1 disk=10 memory=256 net='{"net0":"name=eth0,ip=dhcp,bridge=vmbr3"}'
|
||||
|
||||
[container:vars]
|
||||
ostemplate=local:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst
|
||||
|
||||
[openwrt:children]
|
||||
switches
|
||||
|
||||
[site_adp]
|
||||
ap-c5d1
|
||||
ap-ac7c
|
||||
ap-8f42
|
||||
ap-0b99
|
||||
ap-c495
|
||||
ap-2bbf
|
||||
ap-1a38
|
||||
ap-8f39
|
||||
ap-1293
|
||||
sw-access01
|
||||
sw-access02
|
||||
sw-access04
|
||||
gw-core01
|
||||
hyper01
|
||||
monitoring01
|
||||
mon-e2e-clients01
|
||||
mon-e2e-wan01
|
||||
|
||||
[site_adp:vars]
|
||||
wifi_ssid="GU Deutscher Platz"
|
||||
wifi_encryption=none
|
||||
backoffice_wifi_ssid="GU Deutscher Platz Backoffice"
|
||||
backoffice_wifi_encryption=psk2
|
||||
backoffice_wifi_psk="{{ lookup('passwordstore', 'wifi/GU_Deutscher_Platz_Backoffice') }}"
|
||||
site=adp
|
||||
|
||||
[site_ans]
|
||||
ap-b641
|
||||
ap-b62f
|
||||
ap-b6ee
|
||||
ap-b6cb
|
||||
ap-b6d7
|
||||
ap-b656
|
||||
ap-b644
|
||||
ap-b634
|
||||
ap-b5df
|
||||
ap-b682
|
||||
ap-b6cc
|
||||
ffl-ans-gw-core01
|
||||
ffl-ans-sw-distribution01
|
||||
ffl-ans-sw-access01
|
||||
ffl-ans-sw-access02
|
||||
|
||||
[site_ans:vars]
|
||||
wifi_ssid="GU Arno-Nitzsche-Strasse"
|
||||
wifi_encryption=none
|
||||
wifi_disabled=0
|
||||
backoffice_wifi_ssid="GU Arno-Nitzsche-Strasse BO"
|
||||
backoffice_wifi_encryption=psk2
|
||||
backoffice_wifi_psk="{{ lookup('passwordstore', 'wifi/GU_Arno-Nitzsche-Straße_Backoffice') }}"
|
||||
mgmt_gateway=10.85.1.1
|
||||
site=ans
|
||||
|
||||
[site_rgs]
|
||||
sax-rgs-sw-access01
|
||||
sax-rgs-sw-access02
|
||||
sax-rgs-gw-core01
|
||||
ap-11c4
|
||||
ap-116e
|
||||
ap-1202
|
||||
ap-12a8
|
||||
ap-13ac
|
||||
ap-144c
|
||||
ap-12c2
|
||||
ap-16bc
|
||||
ap-1374
|
||||
|
||||
[site_rgs:vars]
|
||||
wifi_ssid="{{ lookup('passwordstore', 'wifi/site_rgs_ssid') }}"
|
||||
wifi_encryption=none
|
||||
wifi_disabled=0
|
||||
backoffice_wifi_ssid="{{ lookup('passwordstore', 'wifi/site_rgs_backoffice_ssid') }}"
|
||||
backoffice_wifi_encryption=psk2
|
||||
backoffice_wifi_psk="{{ lookup('passwordstore', 'wifi/site_rgs_backoffice') }}"
|
||||
mgmt_gateway=10.86.1.1
|
||||
site=rgs
|
||||
monitoring01 ip=10.84.1.51
|
||||
|
|
|
@ -4,4 +4,3 @@ interpreter_python=/usr/bin/python3
|
|||
gathering=smart
|
||||
fact_caching=jsonfile
|
||||
fact_caching_connection=ansible-facts.json
|
||||
callbacks_enabled = ansible.posix.profile_tasks
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
<mxfile host="app.diagrams.net" modified="2023-03-14T01:11:23.043Z" agent="5.0 (X11)" etag="HeUGzaMI0PEll7OsNIGH" version="21.0.6" type="device"><diagram name="Page-1" id="YwlCLJMcKuBeH3aDT3El">7R3bcqM49mvy6BQS98e2k57tquntbGe2ZvepC4NiM0OMC5N2sl+/EkgYkAC5zUWJ6U6VrSMh4Nx1zpF8o6+eX39LvP32axyg6AZqweuNfncDITRMDX8QyFsOcSwK2CRhkIPACfAY/g9RIBv2EgboUBmYxnGUhvsq0I93O+SnFZiXJPGxOuwpjqp33XsbxAEefS/ioX+GQbqlb8Fei8D/gcLNlt0ZaLTn2WODKeCw9YL4WALp9zf6KonjNP/2/LpCEUEew0t+3eeG3uLBErRLZS5w7N/sf23saPH564/7ryvwLbzbL4BOn+6nF73QV6aPm74xHCTxyy5AZBrtRl8et2GKHveeT3qPmOoYtk2fI9wC+CudDiUpem18UlC8P2YcFD+jNHnDQ9gFNn0oyjOQtY8nCkBGgW0J+wXQo1TfFHOfEIO/UNycgyfoqo8n4EjiyR0OTc47QJMmiSZnMDQBCW5Cu+ATUWC4tYt3GLgMvMM2wxuo4ojAH7w0Rckug0BNx9BDmsR/F0oL42dZRXx+QxRw+q8TryW8idDGYAmKvDT8WZ1ehEt6h4c4xDcuyLbQG7QAm+IQvyQ+oleVFV9tItfomCj1kg1KuYky0havfQm1JYRipnaDLruU2txEg1Pbnql9NrW1vqhdn2hwaps9G7ynMIpWcRQn2bX6kxfYnl+QvNSzNixTM/oxkYZuilVkiR3w7Xh+GNDjAtbgmHUDU4RZDxlAhz1h1oAVzOqWwPlgBqKMWWAMh1ljWMyuPd8JdBFmoW4YZnAhZlt4FFgCnTUkj76H1dP03i4clt8CzUcIivjNtExgo57w6tg1SQYcYkUqckhBBgMLsoZ0ZIkQqyFHc5x+EAst+9asoZbn2ZFR63YgMk7SbbyJd170exzvKfr+Qmn6RmNY3ksaV5GLXsP0P+TyW2jS5n9LXXevdOqs8cYanKeIIZ9D8jZ5P/bxHulDnp7p/gSV9gXxy2ZOVwtWmJeQO1UtAy0xwc/zGvF7e2+lAXvixB1KM9d8QWgZVS4yawGx+niotY3HX/In6NVhLKKBgzDWR+croPfBWBwn6FrNZDrurVv+Z1RnbFid9MYjYEgesT88k9jDMAmw+2CSc7WarltnaTXdNtvGD6PVLIfj2G7eGEjvae0sjRsPKAnxG6OkYHP89qWJSLMQDtI4TZW1ZMWjT+aXNbzmhbx/kdekd7ujh79R6m8pgijv4w5zif+0W42EU1bF542JL1llPa7T1UM/Sz1sNr4H5oAqUASzeSDI5oSmACiC2fV7ZwAguHcdBgVA4ZSCe2u1h8R/+pJ46aGPBcxbo+ghPoRpGJOo4jpO0/i5Klts7Kco3JAxKZHJpXfY50nWp/CVSO7So90+5mgiTzlJUXL/E+WUJXMdtt6ekP/5dUOSxLd+ePBj4N4m2VzLffLFz54jgj8OxzBjj/pK5PMn8l+4EtFMzdZ7WonUdCcUZIraoqK9C5REoGYWqFmglBUosyZPggT1qPIkE6/bYL9k3/jutM7EW7Ph2rk4AW51sWHogmCHACn1rGVvSJGIs/N6Rc/kgfimFREjkWyxHrjVjRrYgYKxri2aOJd8y+YGU33E6QSR+GuwYXRtcjnRrujdkeX8GGJ/Dh0OPzzfJx/ZtbyMF5JclXHqq0qJd4sUNQv9tDIuKq2wIoKeNf6yIV+8/WJtIcTg+DZFF8f6GDtplcJCbJZRT0Ecieus8RwGQbYSEkVlRQndPon1ViVDh/KBg2lkidzA0BoZ2oppZEOiPOhypLTQo7UuYFRUAIk15WydZutUFx5VrZMw9y4wT2bwdBXmqYlaqpgnCed4aPOkG9VV1OTmSabCbdbJs06ui5GyOllUnytaMvjrq9DJTdRSRCezRGAbuZ6eooW3OywOx0UQYuyH6xcijhr4aATsWNmwbSssACegHWAViuMQT2J5XiJerq6ujWy1TLMuMPgAWiNSjbHIRPndm1J2t8j1NpUsiHO5p+xtUy4Xt/jEcEf9gyCZnCNq1KSvIWamcXK+hjEla4CZNVpZY9JyAGZsJs22KBbaMyVKdue107x2qkuRqmsnUxS/F62d4HXEs5qopcjayZQIpw+tklXLf5sSVTYDZVvMhnrmyVAhsZtxtk6zdaoLj7LWSRS+F1knMvAarFMDtRSxTuxm864rUcise7HXYHcv3PhgVe21LnkOx7kbHWo7+UfZt2AOus3v3e60kWa4S8MLYk4A2jgcB6bYAGhJJE8HL3jSqwHmYh97V4B5uJRyN1LaC92bysolnEHhOGDkDiL9LLuqptnSlfWwIYL5nFPPuyghx5yYTzJQ/XiLjDQXRDjTepUWv0piKavNceHHCdL4HZxquI5P8S5ldgT0T6BmP3LcfJXNO5KT7UfsMvwjJiV69BEsWR/hUp/0Ij5wJOzK0MbWqDm2k8e7HFHIdg7yzEGeDjFSNcjjiGLaoiAPSVVfQZCniVqKBHmcUcLtHRwLVdPJEoH3gXIQTkNMcDJUzPsRZ/N0nsJrCEMpYp5EAR+hefpwVY5nUUsV8yRxWPPg5slVbMeHI7EhcdbJs06ui5GqOpmVoAh0chD+PKlekZoObLGaLmCVGT6a8m4gqyLK21Ug3mOxQ05UUd7uHO+ZlfdZUu4qHe9xZeM9vn8VDnUTtVTRyQrEe2xLNZ08XbzHVSze487xntk8nafwlI73uLLxHv060hFN1FLFPCkQ73F0xeI97hzvmXXyeVKudLynqCjtVMoOvA6lrHYcB2gqBHI0WNHKotNrx62SlVg0zMdBz8dBT3gcdJs0K1vPa0gYB/5MmuswFI20U6XUF2g6h/TLK3klTvfgT6aBHeePiH56ZMx9PdR8dJbs5gWiU9XsAo0/UWYign4Uek7yc2wmUw1sd5Vm1nhjgN1VgN5kGuY5a4vpmJzCLFw3qzQcxzosq1hsfTjmRjyg2ROwSifVf2n76BSs4l5qJRp4oXYYe3H4Xc+bP+3ayVAj8Rz/Q2mjqaezzkp7L7bNncS22e4ktm2I3eq/xDwfxdN1LzV3F/72hWjhWaMwT6DAO2wzkoMqKQn8wUsxyncZBGqnOO+fdHkGG5aG3VhvTRi3LdcvtAcLvSpqZn0l2WAPuIlco2OinFu4iXoTX0bcErVX377fcxRXI2SQxKlH41ekXPJXtg53JL1qRc4AUn+sI+hc9wd6FEe+sOjuy+Mf378s//3Hl2//nAmVt6HgtIiRCcWXFH1are4fH2cSUdQLUhUjk4jPVSy/fb+7/z6TKG8bfNB7ZApJ1F3NzkfVZ+jL9xjb9dB514Oj9diHDskeaj9YNlUCJ/OZQ1dz5hCVEWWTlOzAlRK7bsKN57+skaImtaezhhoJM3wGEjeTOE7Lypgw7tc4QGTE/wE=</diagram></mxfile>
|
Binary file not shown.
Before Width: | Height: | Size: 64 KiB |
File diff suppressed because it is too large
Load Diff
|
@ -9,35 +9,19 @@ Diagram:
|
|||
IPAM / Device Overview:
|
||||
-----------------------
|
||||
|
||||
| Name | Location | MGMT IPv4 | MAC | Device | Notes |
|
||||
| ------------------- | ------------ | ------------- | ------------------- | -------------------- | ------------------------------------------------- |
|
||||
| `gigacube-2001` | Büro | `192.168.0.1` | `c8:ea:f8:b6:e9:50` | ZTE MF289F/Gigacube | property of Saxonia Catering/rental from Vodafone |
|
||||
| `gw-core01` | Büro | `10.84.1.1` | `00:1a:8c:48:b3:98` | Sophos SG125r2 | |
|
||||
| `sw-access01` | Büro | `10.84.1.11` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP | |
|
||||
| `sw-access02` | Zelt 5 | `10.84.1.12` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP | |
|
||||
| `sw-access03` | Sozialarbeit | / | / | KTI KGS-510F | manageable but used as a dumb switch |
|
||||
| `hyper01` | Büro | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? | |
|
||||
| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox Container | |
|
||||
| `mon-e2e-clients01` | `hyper01` | `10.84.7.30` | `ca:ac:5a:d0:b6:02` | Proxmox Container | used for end to end monitoring of the public net |
|
||||
| `ap-2bbf` | Zelt 4 | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105 | |
|
||||
| `ap-1a38` | Zelt 5 | `10.84.1.35` | `18:64:72:cf:1a:38` | Aruba AP-105 | |
|
||||
| `ap-ac7c` | Sozialarbeit | `10.84.1.31` | `24:de:c6:c3:ac:7c` | Aruba AP-105 | |
|
||||
| `ap-0b99` | Zelt 2 | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105 | |
|
||||
| `ap-c5d1` | Büro | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105 | |
|
||||
| `ap-c495` | Zelt 3 | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105 | |
|
||||
| `ap-8f42` | Zelt 1 | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105 | |
|
||||
| `ap-8f39` | Zelt 5 | `10.84.1.37` | `??:??:??:??:??:??` | Aruba AP-105 | |
|
||||
|
||||
|
||||
Upstream Connectivity:
|
||||
----------------------
|
||||
|
||||
The gigacube itself only get's an RFC1918 address from Vodafone (CGNAT - no IPv6).
|
||||
Our gateway (`gw-core01`) itself also nats, because there is no way to configure additional networks on the gigacube.
|
||||
|
||||
Currently the generated traffic is directly routed into the internet - without an vpn tunnel.
|
||||
|
||||
Therefore v4 streams get masqueraded 3 times.
|
||||
| Name | Location | MGMT IPv4 | MAC | Device | Notes |
|
||||
| -------------- | --------- | ------------ | ------------------- | -------------------- | ----- |
|
||||
| `gw-core01` | Büro | `10.84.1.1` | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX | |
|
||||
| `sw-access01` | Büro | `10.84.1.10` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP | |
|
||||
| `sw-access02` | Zelt 5 | `10.84.1.11` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP | |
|
||||
| `hyper01` | Büro | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? | |
|
||||
| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox VM | |
|
||||
| `ap-2bbf` | Zelt 4 | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105 | |
|
||||
| `ap-1a38` | Zelt 5 | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105 | |
|
||||
| `ap-0b99` | Zelt 2 | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105 | |
|
||||
| `ap-c5d1` | Büro | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105 | |
|
||||
| `ap-c495` | Zelt 3 | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105 | |
|
||||
| `ap-8f42` | Zelt 1 | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105 | |
|
||||
|
||||
Cloud VMs:
|
||||
----------
|
||||
|
@ -50,21 +34,19 @@ Cloud VMs:
|
|||
Networks:
|
||||
---------
|
||||
|
||||
| Name | VLAN | v4 Space | v6 Space | Description |
|
||||
| ------------ | ---- | ----------------- | -------- | --------------------------------------------------------------------- |
|
||||
| `mgmt` | 1 | `10.84.1.0/24` | / | default network which is used for administrative and monitoring tasks |
|
||||
| `clients` | 2 | `10.84.4.0/22` | / | this is where the wifi clients live |
|
||||
| `wan` | 3 | `192.168.0.0/24` | / | created by the gigacube. wan for our gateway |
|
||||
| `backbone` | / | `10.84.254.0/30` | / | tunnel network between `gw-core01` and `eae-adp-jump01` |
|
||||
| `backoffice` | 8 | `10.84.8.0/24` | / | backoffice network for the orga |
|
||||
| Name | VLAN | v4 Space | v6 Space | Description |
|
||||
| ---------- | ---- | ----------------- | -------- | --------------------------------------------------------------------- |
|
||||
| `mgmt` | 1 | `10.84.1.0/24` | / | default network which is used for administrative and monitoring tasks |
|
||||
| `clients` | 2 | `10.84.2.0/22` | / | this is where the wifi clients live |
|
||||
| `gigacube` | / | `192.168.8.0/24` | / | created by the gigacube. wan for our gateway |
|
||||
| `backbone` | / | `10.84.254.0/30` | / | tunnel network between `gw-core01` and `eae-adp-jump01` |
|
||||
|
||||
WiFi Networks:
|
||||
--------------
|
||||
|
||||
| SSID | Encryption | VLAN | Description |
|
||||
| ------------------------------- | ---------- | ---- | ----------- |
|
||||
| `GU Deutscher Platz` | / | 2 | |
|
||||
| `GU Deutscher Platz Backoffice` | wpa2 psk | 8 | |
|
||||
| SSID | Encryption | VLAN | Description |
|
||||
| -------------------- | ---------- | ---- | ----------- |
|
||||
| `GU Deutscher Platz` | / | 2 | |
|
||||
|
||||
Remote Access / VPN:
|
||||
--------------------
|
||||
|
|
|
@ -2,13 +2,11 @@
|
|||
|
||||
## Software
|
||||
|
||||
* [x] add monitoring vm
|
||||
* [ ] add monitoring vm
|
||||
* replace `prometheus-node-exporter-lua-hostapd_stations` with an exporter that does not collect mac addresses!
|
||||
* [x] put aps on non overlapping wifi channels
|
||||
* [x] document configuration of `gw-core01`
|
||||
* [x] provision config of `gw-core01` via ansible (network, firewall, ...)
|
||||
* [ ] bootstrap an additional prometheus instance on `eae-adp-jump01` that alarms on a missing connection to `gw-core01`
|
||||
* [ ] move openwrt device to 22.03 - track fw version in ansible ?
|
||||
* [ ] put aps on non overlapping wifi channels
|
||||
* [ ] document configuration of `gw-core01`
|
||||
* [ ] provision config of `gw-core01` via ansible (network, firewall, ...)
|
||||
* [ ] add wireguard profiles for admins on `eae-adp-jump01`
|
||||
|
||||
## Hardware
|
||||
|
@ -17,16 +15,5 @@
|
|||
|
||||
## Documentation
|
||||
|
||||
* [x] publish `incident 21 - replace gw-core01, reorg cabling`
|
||||
* [x] publish `incident 22 - installation of directional LTE antenna`
|
||||
* [ ] document backbone between `gw-core01` and `eap-adp-jump01`
|
||||
* [x] move config/installation stuff into other file (keep OS versions in `README.MD`)
|
||||
|
||||
## Wifi Experience
|
||||
|
||||
* [ ] increase airtime by only broadcasting `GU Deutscher Platz Backoffice` in the office containers
|
||||
* [ ] improve wifi experience for residents
|
||||
- put at least two aps into every tent
|
||||
- put the aps into more central locations into the tents
|
||||
- measure and decrease tx signal power of aps
|
||||
- maybe replace aps with something more modern (> 2012, > 802.11a/n)
|
||||
* [ ] move config/installation stuff into other file (keep OS versions in `README.MD`)
|
||||
|
|
File diff suppressed because one or more lines are too long
Binary file not shown.
Before Width: | Height: | Size: 126 KiB After Width: | Height: | Size: 85 KiB |
|
@ -1,90 +0,0 @@
|
|||
groups:
|
||||
- name: Basic
|
||||
rules:
|
||||
# from https://awesome-prometheus-alerts.grep.to/rules.html#rule-prometheus-self-monitoring-1-2
|
||||
- alert: PrometheusTargetMissing
|
||||
expr: up == 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: Prometheus target missing (instance {{ $labels.instance }})
|
||||
description: "A Prometheus target has disappeared. An exporter might be crashed.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
|
||||
- alert: NodeRebooted
|
||||
expr: changes(node_boot_time_seconds[2h]) > 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: A node rebooted in the last 2 hours (instance {{ $labels.instance }})
|
||||
description: "The uptime of a node changed in the last two hours. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
|
||||
- alert: PublicWifiUpstreamLost
|
||||
expr: sum(probe_success{job="e2e_adp_clients_v4"}) == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: The public wifi lost its ability to route into the internet
|
||||
description: "check the vpn connection"
|
||||
|
||||
- name: ServerSpecific
|
||||
rules:
|
||||
# https://awesome-prometheus-alerts.grep.to/rules#rule-host-and-hardware-1-7
|
||||
#
|
||||
# Please add ignored mountpoints in node_exporter parameters like
|
||||
# "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|run)($|/)".
|
||||
# Same rule using "node_filesystem_free_bytes" will fire when disk fills for non-root users.
|
||||
- alert: HostOutOfDiskSpace
|
||||
expr: (node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host out of disk space (instance {{ $labels.instance }})
|
||||
description: "Disk is almost full (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
|
||||
# https://awesome-prometheus-alerts.grep.to/rules#rule-host-and-hardware-1-9
|
||||
- alert: HostOutOfInodes
|
||||
expr: node_filesystem_files_free / node_filesystem_files * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Host out of inodes (instance {{ $labels.instance }})
|
||||
description: "Disk is almost running out of available inodes (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
||||
|
||||
- name: Network
|
||||
rules:
|
||||
- alert: PortChangedState
|
||||
expr: changes(ifLastChange[2h]) != 0
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: "{{ $labels.ifName }} on {{ $labels.instance }} changed it's state {{ $value }}x time(s) in the last 2 hours"
|
||||
description: "This alarm will clear in 2 hours"
|
||||
|
||||
- alert: PortIfInErrors
|
||||
expr: increase(ifInErrors[2h]) > 0 or increase(node_network_receive_errs_total[2h]) > 0
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: "{{ if $labels.ifName }} {{ $labels.ifName }} {{ else }} {{ $labels.device }} {{ end }} on {{ $labels.instance }} has {{ $value }} ifInErrors in the last 2 hours. This alarm will clear automatically in 2 hours"
|
||||
description: "For some reason the port is throwing ifInErrors"
|
||||
|
||||
- alert: PortIfOutErrors
|
||||
expr: increase(ifOutErrors[2h]) > 0 or increase(node_network_transmit_errs_total[2h]) > 0
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: "{{ if $labels.ifName }} {{ $labels.ifName }} {{ else }} {{ $labels.device }} {{ end }} on {{ $labels.instance }} has {{ $value }} ifOutErrors in the last 2 hours"
|
||||
description: "For some reason the port is throwing ifOutErrors. This alarm will clear automatically in 2 hours"
|
||||
|
||||
- alert: SNMPNodeRebooted
|
||||
expr: (sysUpTime / 100) <= (60 * 60 * 2)
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: "{{ $labels.instance }} rebooted at least one time in the last two hours"
|
||||
description: "This alarm will clear in 2 hours"
|
|
@ -3,5 +3,3 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAykqqvlk2XTSa5xxAtWUA7RpEcI0rPBIAmFmT+zzU2VdU
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTFLWYfL9LhAj1tTfjdy2b9ncT3IqxDSXrVyG0Anci7H37GbkVGxiQw86HPR5CL2TzIX9jhrWnK8T3f/CQmhEiYhjE6p3kRkZN+krTTfm77sarb3wdg1OHtmlCNm6EmkIOuK7ewIzHgNsHW5jeNg4wl/klmXK4XKMIiJsr7s1gTZ6F7jz3av2p0aaHF6ntAyMmSPJTVhCbvUQaM27tSaPjGUOya2sxXajgIVbVBSMsaSwSGfOCty/Bef4WTM14NNMiSpdYs3uW1BMM39bYy2vgONFPeQLjmWr/X940wZZvYCcEaYSyTAbIXdaVyilxyC69ZDEg/rf3jvyemO0pWQn3 chaosox@molly (Linux)
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaUUOwqS03cgJmvA5ryagZXKxmU03gLfoYZVQ8zJIDeHzgNyfFX8orXCxL6vZYeMuM5KRFsqXQPXFc5ILjoen5qhkTI+qc70nHr2Zvy3+Zq4zVqcE8Vpcgfy4VbzJPrrcxwxmdeGzf8LlfrWPlX5OG8rZx8kpSqUpDadG3ma1guykyq4FN8oEEuzlo6gBjgSuse9qrC94JwRUbd+jHN/RbaKnbXKwslO73zVNkdbq3BVCHLjLNq40NkxQv49vYVyWIozugFoNTul3hI/M0OPxNfkx+kzkG+2cgE8nxLdjkojqAkVKNM+SC70UCuEVofEYbyyzXDWwZ3JwDO9mUpsH2XKPLsdKCwlIc9dwnKu5Pu2Q9rsvpbgmcTNhsV8EXXglsROO3YXspKwg9oAXAFjmeAzYylrMRjFv/q0RL5d8+YnN6xoRZad7/fcj5OHpaxFTDeyTQ50TSc1uIlWJmnFCE0PzWmuTz/BkR0X52fh7Tu2vE90nOn24lrZxokiLVwDo7WBbBtT7MXTnr0wKf3jMPSk7Mp2e4TaLoole4NyNHa7RwHWhwu4o/y29qwW4SvKoSOiKFnpa7HiRCkEvxpuYgVA/KsmGWySRXNndMn4TOFfRJcMHx1B67XgGLTDTtGMrP+eN2mIerAxdv/4uAIwnQUaWnycPex90BN1uyc6/itw== chaosox@wintermute
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWktkX613ZL6iXrSXXFykgXj3XHTGhHAUMXLypKV5Qw chaosox@molly (WSL)
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVJAFhvSqCggIxCjxl8ybLUGP/WJJJ67AzipkIVpVsfYUwNGvMUFu13meHBaf34c2sVVSn7dV0qw51Xj3h570KFFuijFwsQbRb7xtyPY6c+Vw7Ehhu9EPcopxGltSk8VmxNdyO5X4DxVrnGN2xZOQq/4aDNnl1aegVtsMEXfy/wUvkMp89gJmn9u2yXhjnbgdYB4VE/Zxtwi1h0JqL6WbGf/wrvwjD6xJBmUe+G/+2tdcyYcEPmyObpNq4RYtu3JhNYD8xXRxEFVy+dNXm2P3/8JspW6N7VHYpLQTvDf3PzxoTlfENap+pgihag1URJzhqhJ4g+OHGAcpk3rKcnJbF rsa-key-20221112
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzA1vg4hukp41JZYW7I/TG02s4pBEiuUgfUqmQskbjoKpvcHxhZv82S3QqJQnqBANtOL+QTCrVyMEn6pjQ61BVTgaYNldUnedWorHXS93r32Eqz+NWW7zTqPgylEdWzznY3Sx8mimaHNnGjBjcgAgyVekk+vx4LOaTw8pqu85Da5eKAp97XQTxdJtEsxG1etp7LZrvKCL2+1KGz5J/AoyMHMdEWgMRHZPFzOJJ81uxBwvEt+1dIcO72bl+rNK1AgwEnqyrJav5mA0Z1Dj85cCb6QccUZI2J3c9RDSLMIrab359rdMj7mOVgm5GGaHS2VZb2Zjsxux9JBY7yv/wh5katkSXlpsW9LS5SGN4TPsALVEmDPLkaA0LXDsXyvWs12Sdamw5igdpJhWfnmsqvkiD3eNb0uTf/uhO8qyNx8fzn1WhxkDEphSfmH/0rP3mCvkyTWqBS1Dr15Iq4dHyVc1IfhijErbk0RUF3aedmvj7Jbpg/NfZ3dGrHUWEbRhZXngKgS9WJ3KayF7T6CsH/P2iPufYaa9PcOAp01Ezdk/wvdq1O1hRb5H76+5ilKg1HjtJ/kMgX7U39jchNZ94KGIDDiWKKvq3D+Q9Cxe6qndiGmPAyCszQ8dzEs/p11QxhDlIJHLaUF/nMRuVsFaJljIe5SA2r4tYzWQ5O7BL09e6qQ== mowoe@decima
|
||||
|
|
|
@ -1,36 +0,0 @@
|
|||
modules:
|
||||
http_2xx:
|
||||
prober: http
|
||||
http_post_2xx:
|
||||
prober: http
|
||||
http:
|
||||
method: POST
|
||||
tcp_connect:
|
||||
prober: tcp
|
||||
pop3s_banner:
|
||||
prober: tcp
|
||||
tcp:
|
||||
query_response:
|
||||
- expect: "^+OK"
|
||||
tls: true
|
||||
tls_config:
|
||||
insecure_skip_verify: false
|
||||
ssh_banner:
|
||||
prober: tcp
|
||||
tcp:
|
||||
query_response:
|
||||
- expect: "^SSH-2.0-"
|
||||
irc_banner:
|
||||
prober: tcp
|
||||
tcp:
|
||||
query_response:
|
||||
- send: "NICK prober"
|
||||
- send: "USER prober prober prober :prober"
|
||||
- expect: "PING :([^ ]+)"
|
||||
send: "PONG ${1}"
|
||||
- expect: "^:[^ ]+ 001"
|
||||
icmp_v4:
|
||||
prober: icmp
|
||||
icmp:
|
||||
preferred_ip_protocol: ip4
|
||||
ip_protocol_fallback: false
|
|
@ -1,13 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mDMEY2/88hYJKwYBBAHaRw8BAQdAV9QF5wXsizMDUD2w2GTUurA04t+z3n7SAq4V
|
||||
blntKKu0Fk1heCA8YWRtaW5AbG9kcmljaC5kZT6ImQQTFgoAQRYhBCLp8m6zG1Mb
|
||||
22CRck/7U9n7BCTMBQJjb/zyAhsDBQkDwzg+BQsJCAcCAiICBhUKCQgLAgQWAgMB
|
||||
Ah4HAheAAAoJEE/7U9n7BCTMkIMBAKHQMDe8Rb1bi2mF+caQyYP5sklMVbOTlSY4
|
||||
f1tbqzG3AQDCZoClNCVF7ppCYjPsEpuhayRmS+mI9YR4JuF73owsDbg4BGNv/PIS
|
||||
CisGAQQBl1UBBQEBB0CbniuHfjUu/nd6uBDYVkW4MSJo3lpg/Mdt5s64NY4jQwMB
|
||||
CAeIfgQYFgoAJhYhBCLp8m6zG1Mb22CRck/7U9n7BCTMBQJjb/zyAhsMBQkDwzg+
|
||||
AAoJEE/7U9n7BCTM/CwBAO+rrWsyE4x0Owx4bggh144JIu5J5DGij1KboGsoxFW0
|
||||
AP9Xe4aoaYfKNEouckI2G0cmDE/9FtA9v73SkzeXTKQfDw==
|
||||
=0vzZ
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -1,51 +0,0 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGOvMSsBEACf1T6IuReSSg+qo/qZCPvOKAiZhVc230/iM0sPaxhtCOD7mpNA
|
||||
NX59dLNGfGF3jlA4+cL1pI48klLB98VttVQwxGBTN1RtIjN/WXk5OoNXfGMbj63V
|
||||
/sn/4vhgWcW1r1sJBE5I5/E5GU7RJfW44IRNbMoGjNoMiAHAX/RS7Sk2JsYM4fd/
|
||||
RcSIFTicCUuMoyIVUw7PYUPertOf1l/+vS4VI/J9X7ykk+jdWqu5LmdKbFY+1CSf
|
||||
cmqn5/5oG00wByTEGelzW9f3tAr+WGIclD0VKZeIEwnifxrucI3EWPb/p2yatSLS
|
||||
1OZj4Ub0N3bHSUwOuBuzwKD9zK4PpDUCD8we9uN8SdvhDNh/zVoQh3RrqaQJBixb
|
||||
hpTEPwZt17Mxop3KNruBiGHutnOO3OAr8U1iOeIwLjiG/BnuGMm97tniLAZi/7d5
|
||||
4/AgmF2yYdDvl1TfYAMD80ZA97hWR50anjPQGaCgp7lOruffMPK4kEOv1t2+Tn0P
|
||||
Msf04xYa+8kn/ck9TUxFcEkhtJ9nhqX8JY+a/HPI3wFY0FOveatWAg2y17FR3yv2
|
||||
laOEIztRoFmj8foxWv8bUZKAkmXlkSbbQwJyBNQKYFEpag4VR7bCZNyOo9pgLTza
|
||||
r5pVFuejTKnYfWful+fiHlfyYtaIQEzAKDiJFY/N9vMRBsOO3PPZZ/tXFwARAQAB
|
||||
tCFtb3dvZS1pbmZyYS1kcGwgPG1vd29lQG1vd29lLmNvbT6JAk4EEwEIADgWIQQx
|
||||
eV+4PFvI2a2yPLoBNQ7MK4nlcgUCY68xKwIbAwULCQgHAgYVCgkICwIEFgIDAQIe
|
||||
AQIXgAAKCRABNQ7MK4nlchfID/9XzAxH0CFa0v3skLBcAWbFvy2vWvJ9rPALGnO4
|
||||
IYznzUy9lt8LT4lK1fqcGMWpe1Ore1e1rdtHLNZuII2VkTJqImsWT4B4JMO2vkfy
|
||||
rDlOc0cO+/hS1jchs4165YiCvnhoGO9kCGvFNzvoDY7xFHccPO8STRSiRpC7YMXH
|
||||
JNSAONUHe25zlfRORauAa58QAaxRhhb8E7zcnad2jIbYEBqBh2rFgMmVk99L1SBt
|
||||
IhrLYX5iRKKwSEiuhjBeTlUbhXPMr2WGE1PFfGKT0HFmDBC1Z8csz4mZSa/wQoH8
|
||||
40lx+c3wBS/CE2JKRM3LCJX0Tm9pjhPKg5ykV9WT5QHxy4Tbv7FUbA9Fs9VuT1r7
|
||||
cGprH+aXFWKK3DQJ3CsvhOx9zRSOGk1/RqteJ8LeaFxwocjOfQtjFv3uJ/Mc5A8V
|
||||
lM8OfB6hLdTX+HP7U9glaT4A7Dmu/q6CGvKN1+kDGf8Ansn2yGrOG1kD9Fd2htEH
|
||||
xqZK34PZALOZzG644adnHS6yYBCXjEQdKWfg3wOMWDITVFeirFvJ654r7WgrUJ6F
|
||||
jE4CNNu7R8e1Nm6Z4iVP0yjJjnZBZHSTW3nY2hz8fXEpxjBB8GCSDjVS7fkA5gBe
|
||||
A9TVT3EWXl+zImRoWqjLGXbFMrM0aAjO+ralQzExATxqXH75l4i2FDX78sXGfsmE
|
||||
DLVjerkCDQRjrzErARAA9ikeaDPeCGPeFsxSkxTNMtVdguY3WOo/dG/HOIE+DAgK
|
||||
A0ZrDr6IhrnKPu4tsAjpxY7qgaT1crkXKFkc/eRWFUS5+3x2JkbLD0Qzhm+S76HE
|
||||
NL+UtiXXNOTGt3yFLZrq6PF8LN00e0ottzcEr52R8UShvKyH3GotQuULdOmOxa7V
|
||||
0HAdPAkI6waFgZ6c5Oje4R6aCTK5VuVBgZXuh5TRkF/fcvtP5lI94dKVHAIE+OGX
|
||||
Rh1aKuzxwrVlwgbFKKqySnUdc/RO6xD6Cw2KNjs2HYSNw5oM0oEYJo5IQWTpw2zF
|
||||
Ut7pOx4Htbtv7DXr1OiPOFjKl/9MgbErmdmw6Ovjw4IT++jVrUWOJy16fiDsulk0
|
||||
9Z5Lv6PQLB814mXyCCWK9Juhymv4Ii1d8u7f55Di7vVJoyT2dG23OloYitWSfldA
|
||||
Cp3jVtv6YHxjOR3/LzI6Qdg23vOxFYYesDb8REnGpood0ProNdesfd8TJIuPTJGo
|
||||
fanWAmk+10mIgm0DuBv9ZAbxFPa/PJBlARCapr3uMmtJ+RwXW8k/MPzoLEsM7VWv
|
||||
rSvGAjACVLV+FjV+nHzITOOX7xHoT3xl81cXx4NdyCGsHlpoE8Us07g8qMGJX45+
|
||||
4N6YZi/x0/5M0qwdJTQoMIPqystBCGfijLLFP/+vpjm21WRc9gMrQVlORsJbuLkA
|
||||
EQEAAYkCNgQYAQgAIBYhBDF5X7g8W8jZrbI8ugE1DswrieVyBQJjrzErAhsMAAoJ
|
||||
EAE1DswrieVyQCMP/0d9bXYs9yYq1PkopIOOc8BnfNSTMkl8qjZR7Cx5IBH6wHWx
|
||||
Q4RuETNsMJhAgZyjCKP2A/SS8BmFsc2OcnGVjdYDDovrfZW53Cz0kM0KS1NY0t+S
|
||||
IdGw64twNoxQxtSvySTC7kofBMJxbjdEAyxnft0qPWDKrWxRiGVepcnIGnxjHOGU
|
||||
L6GyJfw/0X5lF8yVIsio8A0cvlhgpL5p7blgrYrmyCPV2HIfUgCDAqDnm8Kfsr6e
|
||||
FqARo3P5SrGCKDXBSG9NSjsbKRATdpg9ZwMqoKNMCNzUl1DbzJ+BzY9PWn31FeNL
|
||||
BBd7DDp92gH+hgu1O23m/S6GX/ZehnyF8jucwMlY1S5giOOehmvLd1YZKlDTkpV2
|
||||
9ucFM77IVyQryiix/vC31s0g/4aeKxFmkilKlEXqY2A7zfjhIy08xl9nr2BKd9aL
|
||||
ZTZLydkDuPWeYrk6yTJS8tSQyN5U4ivAdXVhi2/Da2+OEEsL3CgMp4HLiZDljHco
|
||||
m0wJkU6O9psJGMuewgStPUhY0TkYOsR5vRu27HAy/c/YPFHYGTj7chSpR8zkBSYc
|
||||
LZaotTEQWm+RYOtyDumuLXAuZzhYd9fbY3bpRNC1673+Bm9y0uNRtfxBC1j/K/bs
|
||||
nTTsaduddyYg2mV8VlVt/hTTAreMwfDpejWq7W7xhcwP5MCovdGD+d/hCLk6
|
||||
=OJvy
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
|
@ -28,10 +28,4 @@ area 0.0.0.0 {
|
|||
interface wg0 {
|
||||
type p2p
|
||||
}
|
||||
interface wg2 {
|
||||
type p2p
|
||||
}
|
||||
interface wg3 {
|
||||
type p2p
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
# allow incoming udp packets for wg2
|
||||
pass in proto udp from any to self port 51822
|
||||
|
||||
# allow ospf on wg2
|
||||
pass on wg2 proto ospf
|
||||
|
||||
# allow prometheus on wg2
|
||||
pass on wg2 proto tcp from any to self port 9100
|
||||
|
||||
# allow outgoing snmp on wg2
|
||||
pass out on wg2 proto udp from self to any port snmp
|
|
@ -1,11 +0,0 @@
|
|||
# allow incoming udp packets for wg3
|
||||
pass in proto udp from any to self port 51823
|
||||
|
||||
# allow ospf on wg3
|
||||
pass on wg3 proto ospf
|
||||
|
||||
# allow prometheus on wg3
|
||||
pass on wg3 proto tcp from any to self port 9100
|
||||
|
||||
# allow outgoing snmp on wg3
|
||||
pass out on wg3 proto udp from self to any port snmp
|
|
@ -1,58 +0,0 @@
|
|||
local ubus = require "ubus"
|
||||
local iwinfo = require "iwinfo"
|
||||
|
||||
local function scrape()
|
||||
local metric_wifi_network_quality = metric("wifi_network_quality","gauge")
|
||||
local metric_wifi_network_bitrate = metric("wifi_network_bitrate","gauge")
|
||||
local metric_wifi_network_noise = metric("wifi_network_noise_dbm","gauge")
|
||||
local metric_wifi_network_signal = metric("wifi_network_signal_dbm","gauge")
|
||||
local metric_wifi_clients = metric("wifi_network_clients", "gauge")
|
||||
local metric_wifi_airtime_total = metric("wifi_network_airtime_total", "gauge")
|
||||
local metric_wifi_airtime_busy = metric("wifi_network_airtime_busy", "gauge")
|
||||
local metric_wifi_airtime_utilization = metric("wifi_network_airtime_utilization", "gauge")
|
||||
|
||||
local u = ubus.connect()
|
||||
local status = u:call("network.wireless", "status", {})
|
||||
|
||||
for dev, dev_table in pairs(status) do
|
||||
for _, intf in ipairs(dev_table['interfaces']) do
|
||||
local ifname = intf['ifname']
|
||||
if ifname ~= nil then
|
||||
local iw = iwinfo[iwinfo.type(ifname)]
|
||||
local labels = {
|
||||
channel = iw.channel(ifname),
|
||||
ssid = iw.ssid(ifname),
|
||||
bssid = string.lower(iw.bssid(ifname)),
|
||||
mode = iw.mode(ifname),
|
||||
ifname = ifname,
|
||||
country = iw.country(ifname),
|
||||
frequency = iw.frequency(ifname),
|
||||
device = dev,
|
||||
}
|
||||
|
||||
local qc = iw.quality(ifname) or 0
|
||||
local qm = iw.quality_max(ifname) or 0
|
||||
local quality = 0
|
||||
if qc > 0 and qm > 0 then
|
||||
quality = math.floor((100 / qm) * qc)
|
||||
end
|
||||
|
||||
local wifi_clients = 0
|
||||
for _ in pairs(iw.assoclist(ifname)) do wifi_clients = wifi_clients +1 end
|
||||
|
||||
local hostapd_status = u:call("hostapd." .. ifname, "get_status", {})
|
||||
|
||||
metric_wifi_network_quality(labels, quality)
|
||||
metric_wifi_network_noise(labels, iw.noise(ifname) or 0)
|
||||
metric_wifi_network_bitrate(labels, iw.bitrate(ifname) or 0)
|
||||
metric_wifi_network_signal(labels, iw.signal(ifname) or -255)
|
||||
metric_wifi_clients(labels, wifi_clients)
|
||||
metric_wifi_airtime_total(labels, hostapd_status.airtime.time)
|
||||
metric_wifi_airtime_busy(labels, hostapd_status.airtime.time_busy)
|
||||
metric_wifi_airtime_utilization(labels, hostapd_status.airtime.utilization)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
return { scrape = scrape }
|
|
@ -1,2 +0,0 @@
|
|||
*
|
||||
!.gitignore
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
radios:
|
||||
radio0:
|
||||
type: "mac80211"
|
||||
path: "pci0000:00/0000:00:11.0"
|
||||
band: "2g"
|
||||
htmode: "HT20"
|
||||
radio1:
|
||||
type: "mac80211"
|
||||
path: "pci0000:00/0000:00:12.0"
|
||||
band: "5g"
|
||||
htmode: "HT20"
|
|
@ -1,12 +0,0 @@
|
|||
---
|
||||
radios:
|
||||
radio0:
|
||||
type: "mac80211"
|
||||
path: "platform/soc/a000000.wifi"
|
||||
band: "2g"
|
||||
htmode: "HT20"
|
||||
radio1:
|
||||
type: "mac80211"
|
||||
path: "platform/soc/a800000.wifi"
|
||||
band: "5g"
|
||||
htmode: "VHT20"
|
|
@ -1,4 +1,2 @@
|
|||
EB0D409FD8884BBECC04532AF937CB4882C16136
|
||||
C2AA3A4266D111B27C3774EB2438B8ADFDF45447
|
||||
22E9F26EB31B531BDB6091724FFB53D9FB0424CC
|
||||
31795FB83C5BC8D9ADB23CBA01350ECC2B89E572
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue