.gitignore

@@ -1,3 +1,2 @@
 ansible-facts.json/
-switch-configs-stock/
 *.html

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "roles/gekmihesg.openwrt"]
-	path = roles/gekmihesg.openwrt
-	url = https://github.com/gekmihesg/ansible-openwrt.git

README.md

@@ -1,18 +1,11 @@
-# Freifunk Leipzig - Erstaufnahme Einrichtungen
+# Freifunk Leipzig - Erstaufnahme Einrichtung - Am Deutschen Platz
 
-This repo contains the config and documentation for our installations at
-* `Am Deutschen Platz`
-* `Arno-Nitzsche-Straße`
+This repo contains the config and documentation for our installation at the "Erstaufnahme Einrichtung - Am Deutschen Platz"
 
 ---
 
 **this is a work in progress**
 
-* this repo was created for `Am Deutschen Platz` and was then reused for `Arno-Nitzsche-Straße`
-* therefore the ansible stuff is a bit smelly
-* there is a lot of documentation missing for the `Arno-Nitzsche-Straße`
-* ...
-
 ---
 
 ## Quick Links
@@ -34,7 +27,7 @@ This repo contains the config and documentation for our installations at
 ### Initial Setup
 
 0. install requirements
-1. clone repo and change directory:    `git clone --recurse-submodules https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp`
+1. clone repo and change directory:    `git clone https://git.sr.ht/~hirnpfirsich/ffl-eae-adp && cd ffl-aea-adp`
 2. create python3 virtual enviroment:  `python3 -m venv ansible-environment`
 3. enter python3 virtual environment:  `. ansible-environment/bin/activate`
 4. install ansible and dependencies:   `pip3 install -r ansible-environment.txt`
@@ -53,30 +46,6 @@ Should something in the inventory change or you want to use/change the jumphost
 
 Passwords managed using `pass`. Simply call `pass` after sourcing the environment.
 
-### Monitoring
-
-Initially we've deployed the monitoring on `monitoring01` (that lives on `hyper01` in `Am Deutschen Platz`).
-
-After deploying the second camp we've decided to move the monitoring into the `cloud`.
-The new monitoring stack runs on `eae-adp-jump01`.
-Unfortunately `prometheus` crashes every few hours on `openbsd`.
-So there is a cronjob restarting `prometheus` every 2 hours on `eae-adp-jump01`.
-
-As soon as someone finds the time we will move the monitoring stack onto a normal linux machine.
-
-* old monitoring: `monitoring01   - 10.84.1.51`
-	* is not getting new configs via ansible
-	* rocks an old version of the grafana dashboard
-	* the facility management still has a link to this instance
-* new monitoring: `eae-adp-jump01 - 10.84.254.0`
-
-Both stacks offer the following services:
-* `prometheus`:   `tcp/9090`
-* `alertmanager`: `tcp/9093`
-* `grafana`:      `tcp/3000`
-
-Use `ssh -D 8888 eae-adp-jump01` an configure this socks proxy in your favorite browser to visit the webguis.
-
 ### Descriptions
 
 * `environment`:                             configure environment (path to `pass` store, http(s) socks proxy and python venv for ansible)

ansible-environment.txt

@@ -1,14 +1,13 @@
-ansible==6.1.0
-ansible-core==2.13.2
+ansible==6.0.0
+ansible-core==2.13.1
 certifi==2022.6.15
 cffi==1.15.1
 charset-normalizer==2.1.0
-cryptography==37.0.4
+cryptography==37.0.2
 idna==3.3
 Jinja2==3.1.2
 MarkupSafe==2.1.1
 packaging==21.3
-pkg_resources==0.0.0
 proxmoxer==1.3.1
 pycparser==2.21
 pyparsing==3.0.9
@@ -16,4 +15,4 @@ PySocks==1.7.1
 PyYAML==6.0
 requests==2.28.1
 resolvelib==0.8.1
-urllib3==1.26.10
+urllib3==1.26.9

ansible-inventory

@@ -1,187 +1,21 @@
 [accesspoints]
-ap-c5d1 ip=10.84.1.33 location=office-social2  channel_2g=1  channel_5g=36  txpower_2g=12 txpower_5g=13
-ap-ac7c ip=10.84.1.31 location=office-social1  channel_2g=11 channel_5g=161 txpower_2g=12 txpower_5g=13
-ap-8f42 ip=10.84.1.36 location=tent-1          channel_2g=6  channel_5g=40
-ap-0b99 ip=10.84.1.32 location=tent-2          channel_2g=11 channel_5g=44
-ap-c495 ip=10.84.1.34 location=tent-3          channel_2g=1  channel_5g=48
-ap-2bbf ip=10.84.1.30 location=tent-4          channel_2g=11 channel_5g=149
-ap-1a38 ip=10.84.1.35 location=tent-5          channel_2g=6  channel_5g=153
-ap-8f39 ip=10.84.1.37 location=tent-5          channel_2g=1  channel_5g=157
-ap-1293 ip=10.84.1.38 location=office-facility channel_2g=1  channel_5g=100 txpower_2g=6 txpower_5g=7
-
-ap-b62f ip=10.85.1.31 location=tent-1          channel_2g=1  channel_5g=36  txpower_2g=15 txpower_5g=20
-ap-b656 ip=10.85.1.35 location=tent-1          channel_2g=6  channel_5g=140 txpower_2g=15 txpower_5g=20
-ap-b6ee ip=10.85.1.32 location=office-security channel_2g=1  channel_5g=48  txpower_2g=12 txpower_5g=13
-ap-b5df ip=10.85.1.38 location=office-social   channel_2g=11 channel_5g=153 txpower_2g=12 txpower_5g=13
-ap-b6cb ip=10.85.1.33 location=office-facility channel_2g=6  channel_5g=60  txpower_2g=12 txpower_5g=13
-ap-b641 ip=10.85.1.30 location=tent-2          channel_2g=1  channel_5g=136 txpower_2g=15 txpower_5g=20
-ap-b6d7 ip=10.85.1.34 location=tent-2          channel_2g=6  channel_5g=104 txpower_2g=15 txpower_5g=20
-ap-b644 ip=10.85.1.36 location=tent-2          channel_2g=11 channel_5g=124 txpower_2g=15 txpower_5g=20
-ap-b634 ip=10.85.1.37 location=tent-3          channel_2g=1  channel_5g=116 txpower_2g=15 txpower_5g=20
-ap-b6cc ip=10.85.1.39 location=tent-3          channel_2g=6  channel_5g=40  txpower_2g=15 txpower_5g=20
-ap-b682 ip=10.85.1.40 location=tent-3          channel_2g=11 channel_5g=64  txpower_2g=15 txpower_5g=20
-
-ap-116e ip=10.86.1.31 location=p203            disable_2g=1   channel_5g=48  txpower_2g=17 txpower_5g=20
-ap-11c4 ip=10.86.1.32 location=office-security channel_2g=1   channel_5g=36  txpower_2g=17 txpower_5g=20
-ap-1202 ip=10.86.1.33 location=p201            disable_2g=1   channel_5g=153 txpower_2g=17 txpower_5g=20
-ap-12a8 ip=10.86.1.34 location=p104            channel_2g=11  channel_5g=60  txpower_2g=17 txpower_5g=20
-ap-13ac ip=10.86.1.35 location=p106            disable_2g=1   channel_5g=116 txpower_2g=17 txpower_5g=20
-ap-144c ip=10.86.1.36 location=p108            channel_2g=1   channel_5g=140 txpower_2g=17 txpower_5g=20
-ap-12c2 ip=10.86.1.37 location=p207            disable_2g=1   channel_5g=128 txpower_2g=17 txpower_5g=20
-ap-16bc ip=10.86.1.38 location=p205            channel_2g=6   channel_5g=104 txpower_2g=17 txpower_5g=20
-ap-1374 ip=10.86.1.39 location=kitchen-og      disable_2g=1   channel_5g=153 txpower_2g=17 txpower_5g=20
-
-[accesspoints:vars]
-ansible_remote_tmp=/tmp
-garet_profile=aruba-ap-105_22.03
-garet_release=9974455
-
-[aptype_aruba_ap_303]
-ap-11c4
-ap-116e
-ap-1202
-ap-12a8
-ap-13ac
-ap-144c
-ap-12c2
-ap-16bc
-ap-1374
-
-[aptype_aruba_ap_105]
-ap-c5d1
-ap-ac7c
-ap-8f42
-ap-0b99
-ap-c495
-ap-2bbf
-ap-1a38
-ap-8f39
-ap-1293
-ap-b62f
-ap-b656
-ap-b6ee
-ap-b5df
-ap-b6cb
-ap-b641
-ap-b6d7
-ap-b644
-ap-b634
-ap-b6cc
-ap-b682
+ap-c5d1 ip=10.84.1.33 channel_2g=1  channel_5g=36  # Office
+ap-8f42 ip=10.84.1.36 channel_2g=6  channel_5g=40  # Tent 1
+ap-0b99 ip=10.84.1.32 channel_2g=11 channel_5g=44  # Tent 2
+ap-c495 ip=10.84.1.34 channel_2g=1  channel_5g=48  # Tent 3
+ap-2bbf ip=10.84.1.30 channel_2g=11 channel_5g=149 # Tent 4
+ap-1a38 ip=10.84.1.35 channel_2g=6  channel_5g=153 # Tent 5
 
 [switches]
-sw-access01 ip=10.84.1.11 base_mac=bc:cf:4f:e3:bb:8d location=office-social2
-sw-access02 ip=10.84.1.12 base_mac=bc:cf:4f:e3:ac:39 location=tent-5
-sw-access04 ip=10.84.1.14 base_mac=5c:e2:8c:6a:7f:cc location=tent-2
-
-[switches_stock]
-ffl-ans-sw-distribution01 ip=10.85.1.11 base_mac=5c:e2:8c:60:82:fb sw_type=gs1900-10hp   location=office-facility
-ffl-ans-sw-access01       ip=10.85.1.12 base_mac=04:bf:6d:15:c6:b3 sw_type=gs1900-10hp   location=tent-1
-ffl-ans-sw-access02       ip=10.85.1.13 base_mac=04:bf:6d:15:c6:92 sw_type=gs1900-10hp   location=tent-2
-sax-rgs-sw-access01       ip=10.86.1.11                            sw_type=s2800s-8t2f-p location=p104
-sax-rgs-sw-access02       ip=10.86.1.12                            sw_type=s2800s-8t2f-p location=p204
+sw-access01 ip=10.84.1.11 
+sw-access02 ip=10.84.1.12 
 
 [gateways]
-gw-core01         ip=10.84.1.1
-ffl-ans-gw-core01 ip=10.85.1.1
-sax-rgs-gw-core01 ip=10.86.1.1 garet_profile=sophos-sg-xxx_22.03 garet_release=601bc29
-
-[gateways:vars]
-ansible_remote_tmp=/tmp
-garet_profile=sophos-sg-125r2_22.03
-garet_release=89cbd27
+gw-core01 ip=10.84.1.1
 
 [server]
 hyper01 ip=10.84.1.21 
 
 [vms]
 eae-adp-jump01 ip=162.55.53.85 monitoring_ip=10.84.254.0 ansible_python_interpreter=/usr/local/bin/python3
-
-[container]
-monitoring01      ip=10.84.1.51  cpus=2 disk=50 memory=1024 net='{"net0":"name=eth0,ip=10.84.1.51/24,gw=10.84.1.1,bridge=vmbr0"}'
-mon-e2e-clients01 ip=10.84.7.30  cpus=1 disk=10 memory=256  net='{"net0":"name=eth0,ip=dhcp,bridge=vmbr1"}'
-mon-e2e-wan01     ip=192.168.0.3 cpus=1 disk=10 memory=256  net='{"net0":"name=eth0,ip=dhcp,bridge=vmbr3"}'
-
-[container:vars]
-ostemplate=local:vztmpl/debian-11-standard_11.3-1_amd64.tar.zst
-
-[openwrt:children]
-switches
-
-[site_adp]
-ap-c5d1
-ap-ac7c
-ap-8f42
-ap-0b99
-ap-c495
-ap-2bbf
-ap-1a38
-ap-8f39
-ap-1293
-sw-access01
-sw-access02
-sw-access04
-gw-core01
-hyper01
-monitoring01
-mon-e2e-clients01
-mon-e2e-wan01
-
-[site_adp:vars]
-wifi_ssid="GU Deutscher Platz"
-wifi_encryption=none
-backoffice_wifi_ssid="GU Deutscher Platz Backoffice"
-backoffice_wifi_encryption=psk2
-backoffice_wifi_psk="{{ lookup('passwordstore', 'wifi/GU_Deutscher_Platz_Backoffice') }}"
-site=adp
-
-[site_ans]
-ap-b641
-ap-b62f
-ap-b6ee
-ap-b6cb
-ap-b6d7
-ap-b656
-ap-b644
-ap-b634
-ap-b5df
-ap-b682
-ap-b6cc
-ffl-ans-gw-core01
-ffl-ans-sw-distribution01
-ffl-ans-sw-access01
-ffl-ans-sw-access02
-
-[site_ans:vars]
-wifi_ssid="GU Arno-Nitzsche-Strasse"
-wifi_encryption=none
-wifi_disabled=0
-backoffice_wifi_ssid="GU Arno-Nitzsche-Strasse BO"
-backoffice_wifi_encryption=psk2
-backoffice_wifi_psk="{{ lookup('passwordstore', 'wifi/GU_Arno-Nitzsche-Straße_Backoffice') }}"
-mgmt_gateway=10.85.1.1
-site=ans
-
-[site_rgs]
-sax-rgs-sw-access01
-sax-rgs-sw-access02
-sax-rgs-gw-core01
-ap-11c4
-ap-116e
-ap-1202
-ap-12a8
-ap-13ac
-ap-144c
-ap-12c2
-ap-16bc
-ap-1374
-
-[site_rgs:vars]
-wifi_ssid="{{ lookup('passwordstore', 'wifi/site_rgs_ssid') }}"
-wifi_encryption=none
-wifi_disabled=0
-backoffice_wifi_ssid="{{ lookup('passwordstore', 'wifi/site_rgs_backoffice_ssid') }}"
-backoffice_wifi_encryption=psk2
-backoffice_wifi_psk="{{ lookup('passwordstore', 'wifi/site_rgs_backoffice') }}"
-mgmt_gateway=10.86.1.1
-site=rgs
+monitoring01 ip=10.84.1.51

ansible.cfg

@@ -4,4 +4,3 @@ interpreter_python=/usr/bin/python3
 gathering=smart
 fact_caching=jsonfile
 fact_caching_connection=ansible-facts.json
-callbacks_enabled = ansible.posix.profile_tasks

documentation/EAE-ANS.drawio

@@ -1 +0,0 @@
-<mxfile host="app.diagrams.net" modified="2023-03-14T01:11:23.043Z" agent="5.0 (X11)" etag="HeUGzaMI0PEll7OsNIGH" version="21.0.6" type="device"><diagram name="Page-1" id="YwlCLJMcKuBeH3aDT3El">7R3bcqM49mvy6BQS98e2k57tquntbGe2ZvepC4NiM0OMC5N2sl+/EkgYkAC5zUWJ6U6VrSMh4Nx1zpF8o6+eX39LvP32axyg6AZqweuNfncDITRMDX8QyFsOcSwK2CRhkIPACfAY/g9RIBv2EgboUBmYxnGUhvsq0I93O+SnFZiXJPGxOuwpjqp33XsbxAEefS/ioX+GQbqlb8Fei8D/gcLNlt0ZaLTn2WODKeCw9YL4WALp9zf6KonjNP/2/LpCEUEew0t+3eeG3uLBErRLZS5w7N/sf23saPH564/7ryvwLbzbL4BOn+6nF73QV6aPm74xHCTxyy5AZBrtRl8et2GKHveeT3qPmOoYtk2fI9wC+CudDiUpem18UlC8P2YcFD+jNHnDQ9gFNn0oyjOQtY8nCkBGgW0J+wXQo1TfFHOfEIO/UNycgyfoqo8n4EjiyR0OTc47QJMmiSZnMDQBCW5Cu+ATUWC4tYt3GLgMvMM2wxuo4ojAH7w0Rckug0BNx9BDmsR/F0oL42dZRXx+QxRw+q8TryW8idDGYAmKvDT8WZ1ehEt6h4c4xDcuyLbQG7QAm+IQvyQ+oleVFV9tItfomCj1kg1KuYky0havfQm1JYRipnaDLruU2txEg1Pbnql9NrW1vqhdn2hwaps9G7ynMIpWcRQn2bX6kxfYnl+QvNSzNixTM/oxkYZuilVkiR3w7Xh+GNDjAtbgmHUDU4RZDxlAhz1h1oAVzOqWwPlgBqKMWWAMh1ljWMyuPd8JdBFmoW4YZnAhZlt4FFgCnTUkj76H1dP03i4clt8CzUcIivjNtExgo57w6tg1SQYcYkUqckhBBgMLsoZ0ZIkQqyFHc5x+EAst+9asoZbn2ZFR63YgMk7SbbyJd170exzvKfr+Qmn6RmNY3ksaV5GLXsP0P+TyW2jS5n9LXXevdOqs8cYanKeIIZ9D8jZ5P/bxHulDnp7p/gSV9gXxy2ZOVwtWmJeQO1UtAy0xwc/zGvF7e2+lAXvixB1KM9d8QWgZVS4yawGx+niotY3HX/In6NVhLKKBgzDWR+croPfBWBwn6FrNZDrurVv+Z1RnbFid9MYjYEgesT88k9jDMAmw+2CSc7WarltnaTXdNtvGD6PVLIfj2G7eGEjvae0sjRsPKAnxG6OkYHP89qWJSLMQDtI4TZW1ZMWjT+aXNbzmhbx/kdekd7ujh79R6m8pgijv4w5zif+0W42EU1bF542JL1llPa7T1UM/Sz1sNr4H5oAqUASzeSDI5oSmACiC2fV7ZwAguHcdBgVA4ZSCe2u1h8R/+pJ46aGPBcxbo+ghPoRpGJOo4jpO0/i5Klts7Kco3JAxKZHJpXfY50nWp/CVSO7So90+5mgiTzlJUXL/E+WUJXMdtt6ekP/5dUOSxLd+ePBj4N4m2VzLffLFz54jgj8OxzBjj/pK5PMn8l+4EtFMzdZ7WonUdCcUZIraoqK9C5REoGYWqFmglBUosyZPggT1qPIkE6/bYL9k3/jutM7EW7Ph2rk4AW51sWHogmCHACn1rGVvSJGIs/N6Rc/kgfimFREjkWyxHrjVjRrYgYKxri2aOJd8y+YGU33E6QSR+GuwYXRtcjnRrujdkeX8GGJ/Dh0OPzzfJx/ZtbyMF5JclXHqq0qJd4sUNQv9tDIuKq2wIoKeNf6yIV+8/WJtIcTg+DZFF8f6GDtplcJCbJZRT0Ecieus8RwGQbYSEkVlRQndPon1ViVDh/KBg2lkidzA0BoZ2oppZEOiPOhypLTQo7UuYFRUAIk15WydZutUFx5VrZMw9y4wT2bwdBXmqYlaqpgnCed4aPOkG9VV1OTmSabCbdbJs06ui5GyOllUnytaMvjrq9DJTdRSRCezRGAbuZ6eooW3OywOx0UQYuyH6xcijhr4aATsWNmwbSssACegHWAViuMQT2J5XiJerq6ujWy1TLMuMPgAWiNSjbHIRPndm1J2t8j1NpUsiHO5p+xtUy4Xt/jEcEf9gyCZnCNq1KSvIWamcXK+hjEla4CZNVpZY9JyAGZsJs22KBbaMyVKdue107x2qkuRqmsnUxS/F62d4HXEs5qopcjayZQIpw+tklXLf5sSVTYDZVvMhnrmyVAhsZtxtk6zdaoLj7LWSRS+F1knMvAarFMDtRSxTuxm864rUcise7HXYHcv3PhgVe21LnkOx7kbHWo7+UfZt2AOus3v3e60kWa4S8MLYk4A2jgcB6bYAGhJJE8HL3jSqwHmYh97V4B5uJRyN1LaC92bysolnEHhOGDkDiL9LLuqptnSlfWwIYL5nFPPuyghx5yYTzJQ/XiLjDQXRDjTepUWv0piKavNceHHCdL4HZxquI5P8S5ldgT0T6BmP3LcfJXNO5KT7UfsMvwjJiV69BEsWR/hUp/0Ij5wJOzK0MbWqDm2k8e7HFHIdg7yzEGeDjFSNcjjiGLaoiAPSVVfQZCniVqKBHmcUcLtHRwLVdPJEoH3gXIQTkNMcDJUzPsRZ/N0nsJrCEMpYp5EAR+hefpwVY5nUUsV8yRxWPPg5slVbMeHI7EhcdbJs06ui5GqOpmVoAh0chD+PKlekZoObLGaLmCVGT6a8m4gqyLK21Ug3mOxQ05UUd7uHO+ZlfdZUu4qHe9xZeM9vn8VDnUTtVTRyQrEe2xLNZ08XbzHVSze487xntk8nafwlI73uLLxHv060hFN1FLFPCkQ73F0xeI97hzvmXXyeVKudLynqCjtVMoOvA6lrHYcB2gqBHI0WNHKotNrx62SlVg0zMdBz8dBT3gcdJs0K1vPa0gYB/5MmuswFI20U6XUF2g6h/TLK3klTvfgT6aBHeePiH56ZMx9PdR8dJbs5gWiU9XsAo0/UWYign4Uek7yc2wmUw1sd5Vm1nhjgN1VgN5kGuY5a4vpmJzCLFw3qzQcxzosq1hsfTjmRjyg2ROwSifVf2n76BSs4l5qJRp4oXYYe3H4Xc+bP+3ayVAj8Rz/Q2mjqaezzkp7L7bNncS22e4ktm2I3eq/xDwfxdN1LzV3F/72hWjhWaMwT6DAO2wzkoMqKQn8wUsxyncZBGqnOO+fdHkGG5aG3VhvTRi3LdcvtAcLvSpqZn0l2WAPuIlco2OinFu4iXoTX0bcErVX377fcxRXI2SQxKlH41ekXPJXtg53JL1qRc4AUn+sI+hc9wd6FEe+sOjuy+Mf378s//3Hl2//nAmVt6HgtIiRCcWXFH1are4fH2cSUdQLUhUjk4jPVSy/fb+7/z6TKG8bfNB7ZApJ1F3NzkfVZ+jL9xjb9dB514Oj9diHDskeaj9YNlUCJ/OZQ1dz5hCVEWWTlOzAlRK7bsKN57+skaImtaezhhoJM3wGEjeTOE7Lypgw7tc4QGTE/wE=</diagram></mxfile>

documentation/OVERVIEW.md

@@ -9,35 +9,19 @@ Diagram:
 IPAM / Device Overview:
 -----------------------
 
-| Name                | Location     | MGMT IPv4     | MAC                 | Device               | Notes                                             |
-| ------------------- | ------------ | ------------- | ------------------- | -------------------- | ------------------------------------------------- |
-| `gigacube-2001`     | Büro         | `192.168.0.1` | `c8:ea:f8:b6:e9:50` | ZTE MF289F/Gigacube  | property of Saxonia Catering/rental from Vodafone |
-| `gw-core01`         | Büro         | `10.84.1.1`   | `00:1a:8c:48:b3:98` | Sophos SG125r2       |                                                   |
-| `sw-access01`       | Büro         | `10.84.1.11`  | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP     |                                                   |
-| `sw-access02`       | Zelt 5       | `10.84.1.12`  | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP     |                                                   |
-| `sw-access03`       | Sozialarbeit | /             | /                   | KTI KGS-510F         | manageable but used as a dumb switch              |
-| `hyper01`           | Büro         | `10.84.1.21`  | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? |                                                   |
-| `monitoring01`      | `hyper01`    | `10.84.1.51`  | `16:b9:13:c3:10:5e` | Proxmox Container    |                                                   |
-| `mon-e2e-clients01` | `hyper01`    | `10.84.7.30`  | `ca:ac:5a:d0:b6:02` | Proxmox Container    | used for end to end monitoring of the public net  |
-| `ap-2bbf`           | Zelt 4       | `10.84.1.30`  | `24:de:c6:cc:2b:bf` | Aruba AP-105         |                                                   |
-| `ap-1a38`           | Zelt 5       | `10.84.1.35`  | `18:64:72:cf:1a:38` | Aruba AP-105         |                                                   |
-| `ap-ac7c`           | Sozialarbeit | `10.84.1.31`  | `24:de:c6:c3:ac:7c` | Aruba AP-105         |                                                   |
-| `ap-0b99`           | Zelt 2       | `10.84.1.32`  | `6c:f3:7f:c9:0b:99` | Aruba AP-105         |                                                   |
-| `ap-c5d1`           | Büro         | `10.84.1.33`  | `ac:a3:1e:cf:c5:d1` | Aruba AP-105         |                                                   |
-| `ap-c495`           | Zelt 3       | `10.84.1.34`  | `ac:a3:1e:cf:c4:95` | Aruba AP-105         |                                                   |
-| `ap-8f42`           | Zelt 1       | `10.84.1.36`  | `d8:c7:c8:c2:8f:42` | Aruba AP-105         |                                                   |
-| `ap-8f39`           | Zelt 5       | `10.84.1.37`  | `??:??:??:??:??:??` | Aruba AP-105         |                                                   |
-
-
-Upstream Connectivity:
-----------------------
-
-The gigacube itself only get's an RFC1918 address from Vodafone (CGNAT - no IPv6).
-Our gateway (`gw-core01`) itself also nats, because there is no way to configure additional networks on the gigacube.
-
-Currently the generated traffic is directly routed into the internet - without an vpn tunnel.
-
-Therefore v4 streams get masqueraded 3 times.
+| Name           | Location  | MGMT IPv4    | MAC                 | Device               | Notes |
+| -------------- | --------- | ------------ | ------------------- | -------------------- | ----- |
+| `gw-core01`    | Büro      | `10.84.1.1`  | `78:8a:20:bd:b6:ae` | Ubiquiti EdgeRouterX |       |
+| `sw-access01`  | Büro      | `10.84.1.10` | `bc:cf:4f:e3:bb:8d` | Zyxel GS1800-8HP     |       |
+| `sw-access02`  | Zelt 5    | `10.84.1.11` | `bc:cf:4f:e3:ac:39` | Zyxel GS1800-8HP     |       |
+| `hyper01`      | Büro      | `10.84.1.21` | `00:23:24:54:f0:fe` | Lenovo ThinkCentre ? |       |
+| `monitoring01` | `hyper01` | `10.84.1.51` | `16:b9:13:c3:10:5e` | Proxmox VM           |       |
+| `ap-2bbf`      | Zelt 4    | `10.84.1.30` | `24:de:c6:cc:2b:bf` | Aruba AP-105         |       |
+| `ap-1a38`      | Zelt 5    | `10.84.1.35` | `24:de:c6:c3:ac:7c` | Aruba AP-105         |       |
+| `ap-0b99`      | Zelt 2    | `10.84.1.32` | `6c:f3:7f:c9:0b:99` | Aruba AP-105         |       |
+| `ap-c5d1`      | Büro      | `10.84.1.33` | `ac:a3:1e:cf:c5:d1` | Aruba AP-105         |       |
+| `ap-c495`      | Zelt 3    | `10.84.1.34` | `ac:a3:1e:cf:c4:95` | Aruba AP-105         |       |
+| `ap-8f42`      | Zelt 1    | `10.84.1.36` | `d8:c7:c8:c2:8f:42` | Aruba AP-105         |       |
 
 Cloud VMs:
 ----------
@@ -50,21 +34,19 @@ Cloud VMs:
 Networks:
 ---------
 
-| Name         | VLAN | v4 Space          | v6 Space | Description                                                           |
-| ------------ | ---- | ----------------- | -------- | --------------------------------------------------------------------- |
-| `mgmt`       |   1  | `10.84.1.0/24`    | /        | default network which is used for administrative and monitoring tasks |
-| `clients`    |   2  | `10.84.4.0/22`    | /        | this is where the wifi clients live                                   |
-| `wan`        |   3  | `192.168.0.0/24`  | /        | created by the gigacube. wan for our gateway                          |
-| `backbone`   |   /  | `10.84.254.0/30`  | /        | tunnel network between `gw-core01` and `eae-adp-jump01`               |
-| `backoffice` |   8  | `10.84.8.0/24`    | /        | backoffice network for the orga                                       |
+| Name       | VLAN | v4 Space          | v6 Space | Description                                                           |
+| ---------- | ---- | ----------------- | -------- | --------------------------------------------------------------------- |
+| `mgmt`     |   1  | `10.84.1.0/24`    | /        | default network which is used for administrative and monitoring tasks |
+| `clients`  |   2  | `10.84.2.0/22`    | /        | this is where the wifi clients live                                   |
+| `gigacube` |   /  | `192.168.8.0/24`  | /        | created by the gigacube. wan for our gateway                          |
+| `backbone` |   /  | `10.84.254.0/30`  | /        | tunnel network between `gw-core01` and `eae-adp-jump01`               |
 
 WiFi Networks:
 --------------
 
-| SSID                            | Encryption | VLAN | Description |
-| ------------------------------- | ---------- | ---- | ----------- |
-| `GU Deutscher Platz`            | /          | 2    |             |
-| `GU Deutscher Platz Backoffice` | wpa2 psk   | 8    |             |
+| SSID                 | Encryption | VLAN | Description |
+| -------------------- | ---------- | ---- | ----------- |
+| `GU Deutscher Platz` | /          | 2    |             |
 
 Remote Access / VPN:
 --------------------

documentation/TODO.md

@@ -2,13 +2,11 @@
 
 ## Software
 
-* [x] add monitoring vm
+* [ ] add monitoring vm
   * replace `prometheus-node-exporter-lua-hostapd_stations` with an exporter that does not collect mac addresses!
-* [x] put aps on non overlapping wifi channels
-* [x] document configuration of `gw-core01`
-* [x] provision config of `gw-core01` via ansible (network, firewall, ...)
-* [ ] bootstrap an additional prometheus instance on `eae-adp-jump01` that alarms on a missing connection to `gw-core01`
-* [ ] move openwrt device to 22.03 - track fw version in ansible ?
+* [ ] put aps on non overlapping wifi channels
+* [ ] document configuration of `gw-core01`
+* [ ] provision config of `gw-core01` via ansible (network, firewall, ...)
 * [ ] add wireguard profiles for admins on `eae-adp-jump01`
 
 ## Hardware
@@ -17,16 +15,5 @@
 
 ## Documentation
 
-* [x] publish `incident 21 - replace gw-core01, reorg cabling`
-* [x] publish `incident 22 - installation of directional LTE antenna`
 * [ ] document backbone between `gw-core01` and `eap-adp-jump01`
-* [x] move config/installation stuff into other file (keep OS versions in `README.MD`)
-
-## Wifi Experience
-
-* [ ] increase airtime by only broadcasting `GU Deutscher Platz Backoffice` in the office containers
-* [ ] improve wifi experience for residents
-	- put at least two aps into every tent
-	- put the aps into more central locations into the tents
-	- measure and decrease tx signal power of aps
-	- maybe replace aps with something more modern (> 2012, > 802.11a/n)
+* [ ] move config/installation stuff into other file (keep OS versions in `README.MD`)

files/alerting_rules.yml

@@ -1,90 +0,0 @@
-groups:
-  - name: Basic
-    rules:
-        # from https://awesome-prometheus-alerts.grep.to/rules.html#rule-prometheus-self-monitoring-1-2
-        - alert: PrometheusTargetMissing
-          expr: up == 0
-          for: 1m
-          labels:
-            severity: critical
-          annotations:
-            summary: Prometheus target missing (instance {{ $labels.instance }})
-            description: "A Prometheus target has disappeared. An exporter might be crashed.\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
-
-        - alert: NodeRebooted
-          expr: changes(node_boot_time_seconds[2h]) > 0
-          for: 0m
-          labels:
-            severity: critical
-          annotations:
-            summary: A node rebooted in the last 2 hours (instance {{ $labels.instance }})
-            description: "The uptime of a node changed in the last two hours. VALUE = {{ $value }}\n LABELS = {{ $labels }}"
-
-        - alert: PublicWifiUpstreamLost
-          expr: sum(probe_success{job="e2e_adp_clients_v4"}) == 0
-          for: 0m
-          labels:
-            severity: critical
-          annotations:
-            summary: The public wifi lost its ability to route into the internet
-            description: "check the vpn connection"
-
-  - name: ServerSpecific
-    rules:
-        # https://awesome-prometheus-alerts.grep.to/rules#rule-host-and-hardware-1-7
-        #
-        # Please add ignored mountpoints in node_exporter parameters like
-        # "--collector.filesystem.ignored-mount-points=^/(sys|proc|dev|run)($|/)".
-        # Same rule using "node_filesystem_free_bytes" will fire when disk fills for non-root users.
-        - alert: HostOutOfDiskSpace
-          expr: (node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0
-          for: 2m
-          labels:
-            severity: warning
-          annotations:
-            summary: Host out of disk space (instance {{ $labels.instance }})
-            description: "Disk is almost full (< 10% left)\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
-
-        # https://awesome-prometheus-alerts.grep.to/rules#rule-host-and-hardware-1-9
-        - alert: HostOutOfInodes
-          expr: node_filesystem_files_free / node_filesystem_files * 100 < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0
-          for: 2m
-          labels:
-            severity: warning
-          annotations:
-            summary: Host out of inodes (instance {{ $labels.instance }})
-            description: "Disk is almost running out of available inodes (< 10% left)\n  VALUE = {{ $value }}\n  LABELS = {{ $labels }}"
-
-  - name: Network
-    rules:
-      - alert: PortChangedState
-        expr: changes(ifLastChange[2h]) != 0
-        labels:
-          severity: warning
-        annotations:
-          summary: "{{ $labels.ifName }} on {{ $labels.instance }} changed it's state {{ $value }}x time(s) in the last 2 hours"
-          description: "This alarm will clear in 2 hours"
-
-      - alert: PortIfInErrors
-        expr: increase(ifInErrors[2h]) > 0 or increase(node_network_receive_errs_total[2h]) > 0
-        labels:
-          severity: critical
-        annotations:
-          summary: "{{ if $labels.ifName }} {{ $labels.ifName }} {{ else }} {{ $labels.device }} {{ end }} on {{ $labels.instance }} has {{ $value }} ifInErrors in the last 2 hours. This alarm will clear automatically in 2 hours"
-          description: "For some reason the port is throwing ifInErrors"
-
-      - alert: PortIfOutErrors
-        expr: increase(ifOutErrors[2h]) > 0 or increase(node_network_transmit_errs_total[2h]) > 0
-        labels:
-          severity: critical
-        annotations:
-          summary: "{{ if $labels.ifName }} {{ $labels.ifName }} {{ else }} {{ $labels.device }} {{ end }} on {{ $labels.instance }} has {{ $value }} ifOutErrors in the last 2 hours"
-          description: "For some reason the port is throwing ifOutErrors. This alarm will clear automatically in 2 hours"
-
-      - alert: SNMPNodeRebooted
-        expr: (sysUpTime / 100) <= (60 * 60 * 2)
-        labels:
-          severity: critical
-        annotations:
-          summary: "{{ $labels.instance }} rebooted at least one time in the last two hours"
-          description: "This alarm will clear in 2 hours"

files/authorized_keys

@@ -3,5 +3,3 @@ ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAykqqvlk2XTSa5xxAtWUA7RpEcI0rPBIAmFmT+zzU2VdU
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTFLWYfL9LhAj1tTfjdy2b9ncT3IqxDSXrVyG0Anci7H37GbkVGxiQw86HPR5CL2TzIX9jhrWnK8T3f/CQmhEiYhjE6p3kRkZN+krTTfm77sarb3wdg1OHtmlCNm6EmkIOuK7ewIzHgNsHW5jeNg4wl/klmXK4XKMIiJsr7s1gTZ6F7jz3av2p0aaHF6ntAyMmSPJTVhCbvUQaM27tSaPjGUOya2sxXajgIVbVBSMsaSwSGfOCty/Bef4WTM14NNMiSpdYs3uW1BMM39bYy2vgONFPeQLjmWr/X940wZZvYCcEaYSyTAbIXdaVyilxyC69ZDEg/rf3jvyemO0pWQn3 chaosox@molly (Linux)
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDaUUOwqS03cgJmvA5ryagZXKxmU03gLfoYZVQ8zJIDeHzgNyfFX8orXCxL6vZYeMuM5KRFsqXQPXFc5ILjoen5qhkTI+qc70nHr2Zvy3+Zq4zVqcE8Vpcgfy4VbzJPrrcxwxmdeGzf8LlfrWPlX5OG8rZx8kpSqUpDadG3ma1guykyq4FN8oEEuzlo6gBjgSuse9qrC94JwRUbd+jHN/RbaKnbXKwslO73zVNkdbq3BVCHLjLNq40NkxQv49vYVyWIozugFoNTul3hI/M0OPxNfkx+kzkG+2cgE8nxLdjkojqAkVKNM+SC70UCuEVofEYbyyzXDWwZ3JwDO9mUpsH2XKPLsdKCwlIc9dwnKu5Pu2Q9rsvpbgmcTNhsV8EXXglsROO3YXspKwg9oAXAFjmeAzYylrMRjFv/q0RL5d8+YnN6xoRZad7/fcj5OHpaxFTDeyTQ50TSc1uIlWJmnFCE0PzWmuTz/BkR0X52fh7Tu2vE90nOn24lrZxokiLVwDo7WBbBtT7MXTnr0wKf3jMPSk7Mp2e4TaLoole4NyNHa7RwHWhwu4o/y29qwW4SvKoSOiKFnpa7HiRCkEvxpuYgVA/KsmGWySRXNndMn4TOFfRJcMHx1B67XgGLTDTtGMrP+eN2mIerAxdv/4uAIwnQUaWnycPex90BN1uyc6/itw== chaosox@wintermute
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILWktkX613ZL6iXrSXXFykgXj3XHTGhHAUMXLypKV5Qw chaosox@molly (WSL)
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCVJAFhvSqCggIxCjxl8ybLUGP/WJJJ67AzipkIVpVsfYUwNGvMUFu13meHBaf34c2sVVSn7dV0qw51Xj3h570KFFuijFwsQbRb7xtyPY6c+Vw7Ehhu9EPcopxGltSk8VmxNdyO5X4DxVrnGN2xZOQq/4aDNnl1aegVtsMEXfy/wUvkMp89gJmn9u2yXhjnbgdYB4VE/Zxtwi1h0JqL6WbGf/wrvwjD6xJBmUe+G/+2tdcyYcEPmyObpNq4RYtu3JhNYD8xXRxEFVy+dNXm2P3/8JspW6N7VHYpLQTvDf3PzxoTlfENap+pgihag1URJzhqhJ4g+OHGAcpk3rKcnJbF rsa-key-20221112
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCzA1vg4hukp41JZYW7I/TG02s4pBEiuUgfUqmQskbjoKpvcHxhZv82S3QqJQnqBANtOL+QTCrVyMEn6pjQ61BVTgaYNldUnedWorHXS93r32Eqz+NWW7zTqPgylEdWzznY3Sx8mimaHNnGjBjcgAgyVekk+vx4LOaTw8pqu85Da5eKAp97XQTxdJtEsxG1etp7LZrvKCL2+1KGz5J/AoyMHMdEWgMRHZPFzOJJ81uxBwvEt+1dIcO72bl+rNK1AgwEnqyrJav5mA0Z1Dj85cCb6QccUZI2J3c9RDSLMIrab359rdMj7mOVgm5GGaHS2VZb2Zjsxux9JBY7yv/wh5katkSXlpsW9LS5SGN4TPsALVEmDPLkaA0LXDsXyvWs12Sdamw5igdpJhWfnmsqvkiD3eNb0uTf/uhO8qyNx8fzn1WhxkDEphSfmH/0rP3mCvkyTWqBS1Dr15Iq4dHyVc1IfhijErbk0RUF3aedmvj7Jbpg/NfZ3dGrHUWEbRhZXngKgS9WJ3KayF7T6CsH/P2iPufYaa9PcOAp01Ezdk/wvdq1O1hRb5H76+5ilKg1HjtJ/kMgX7U39jchNZ94KGIDDiWKKvq3D+Q9Cxe6qndiGmPAyCszQ8dzEs/p11QxhDlIJHLaUF/nMRuVsFaJljIe5SA2r4tYzWQ5O7BL09e6qQ== mowoe@decima

files/blackbox.yml

@@ -1,36 +0,0 @@
-modules:
-  http_2xx:
-    prober: http
-  http_post_2xx:
-    prober: http
-    http:
-      method: POST
-  tcp_connect:
-    prober: tcp
-  pop3s_banner:
-    prober: tcp
-    tcp:
-      query_response:
-      - expect: "^+OK"
-      tls: true
-      tls_config:
-        insecure_skip_verify: false
-  ssh_banner:
-    prober: tcp
-    tcp:
-      query_response:
-      - expect: "^SSH-2.0-"
-  irc_banner:
-    prober: tcp
-    tcp:
-      query_response:
-      - send: "NICK prober"
-      - send: "USER prober prober prober :prober"
-      - expect: "PING :([^ ]+)"
-        send: "PONG ${1}"
-      - expect: "^:[^ ]+ 001"
-  icmp_v4:
-    prober: icmp
-    icmp:
-      preferred_ip_protocol: ip4
-      ip_protocol_fallback: false

files/gpg/lodrich.asc.pub

@@ -1,13 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mDMEY2/88hYJKwYBBAHaRw8BAQdAV9QF5wXsizMDUD2w2GTUurA04t+z3n7SAq4V
-blntKKu0Fk1heCA8YWRtaW5AbG9kcmljaC5kZT6ImQQTFgoAQRYhBCLp8m6zG1Mb
-22CRck/7U9n7BCTMBQJjb/zyAhsDBQkDwzg+BQsJCAcCAiICBhUKCQgLAgQWAgMB
-Ah4HAheAAAoJEE/7U9n7BCTMkIMBAKHQMDe8Rb1bi2mF+caQyYP5sklMVbOTlSY4
-f1tbqzG3AQDCZoClNCVF7ppCYjPsEpuhayRmS+mI9YR4JuF73owsDbg4BGNv/PIS
-CisGAQQBl1UBBQEBB0CbniuHfjUu/nd6uBDYVkW4MSJo3lpg/Mdt5s64NY4jQwMB
-CAeIfgQYFgoAJhYhBCLp8m6zG1Mb22CRck/7U9n7BCTMBQJjb/zyAhsMBQkDwzg+
-AAoJEE/7U9n7BCTM/CwBAO+rrWsyE4x0Owx4bggh144JIu5J5DGij1KboGsoxFW0
-AP9Xe4aoaYfKNEouckI2G0cmDE/9FtA9v73SkzeXTKQfDw==
-=0vzZ
------END PGP PUBLIC KEY BLOCK-----

files/gpg/mowoe.asc.pub

@@ -1,51 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGOvMSsBEACf1T6IuReSSg+qo/qZCPvOKAiZhVc230/iM0sPaxhtCOD7mpNA
-NX59dLNGfGF3jlA4+cL1pI48klLB98VttVQwxGBTN1RtIjN/WXk5OoNXfGMbj63V
-/sn/4vhgWcW1r1sJBE5I5/E5GU7RJfW44IRNbMoGjNoMiAHAX/RS7Sk2JsYM4fd/
-RcSIFTicCUuMoyIVUw7PYUPertOf1l/+vS4VI/J9X7ykk+jdWqu5LmdKbFY+1CSf
-cmqn5/5oG00wByTEGelzW9f3tAr+WGIclD0VKZeIEwnifxrucI3EWPb/p2yatSLS
-1OZj4Ub0N3bHSUwOuBuzwKD9zK4PpDUCD8we9uN8SdvhDNh/zVoQh3RrqaQJBixb
-hpTEPwZt17Mxop3KNruBiGHutnOO3OAr8U1iOeIwLjiG/BnuGMm97tniLAZi/7d5
-4/AgmF2yYdDvl1TfYAMD80ZA97hWR50anjPQGaCgp7lOruffMPK4kEOv1t2+Tn0P
-Msf04xYa+8kn/ck9TUxFcEkhtJ9nhqX8JY+a/HPI3wFY0FOveatWAg2y17FR3yv2
-laOEIztRoFmj8foxWv8bUZKAkmXlkSbbQwJyBNQKYFEpag4VR7bCZNyOo9pgLTza
-r5pVFuejTKnYfWful+fiHlfyYtaIQEzAKDiJFY/N9vMRBsOO3PPZZ/tXFwARAQAB
-tCFtb3dvZS1pbmZyYS1kcGwgPG1vd29lQG1vd29lLmNvbT6JAk4EEwEIADgWIQQx
-eV+4PFvI2a2yPLoBNQ7MK4nlcgUCY68xKwIbAwULCQgHAgYVCgkICwIEFgIDAQIe
-AQIXgAAKCRABNQ7MK4nlchfID/9XzAxH0CFa0v3skLBcAWbFvy2vWvJ9rPALGnO4
-IYznzUy9lt8LT4lK1fqcGMWpe1Ore1e1rdtHLNZuII2VkTJqImsWT4B4JMO2vkfy
-rDlOc0cO+/hS1jchs4165YiCvnhoGO9kCGvFNzvoDY7xFHccPO8STRSiRpC7YMXH
-JNSAONUHe25zlfRORauAa58QAaxRhhb8E7zcnad2jIbYEBqBh2rFgMmVk99L1SBt
-IhrLYX5iRKKwSEiuhjBeTlUbhXPMr2WGE1PFfGKT0HFmDBC1Z8csz4mZSa/wQoH8
-40lx+c3wBS/CE2JKRM3LCJX0Tm9pjhPKg5ykV9WT5QHxy4Tbv7FUbA9Fs9VuT1r7
-cGprH+aXFWKK3DQJ3CsvhOx9zRSOGk1/RqteJ8LeaFxwocjOfQtjFv3uJ/Mc5A8V
-lM8OfB6hLdTX+HP7U9glaT4A7Dmu/q6CGvKN1+kDGf8Ansn2yGrOG1kD9Fd2htEH
-xqZK34PZALOZzG644adnHS6yYBCXjEQdKWfg3wOMWDITVFeirFvJ654r7WgrUJ6F
-jE4CNNu7R8e1Nm6Z4iVP0yjJjnZBZHSTW3nY2hz8fXEpxjBB8GCSDjVS7fkA5gBe
-A9TVT3EWXl+zImRoWqjLGXbFMrM0aAjO+ralQzExATxqXH75l4i2FDX78sXGfsmE
-DLVjerkCDQRjrzErARAA9ikeaDPeCGPeFsxSkxTNMtVdguY3WOo/dG/HOIE+DAgK
-A0ZrDr6IhrnKPu4tsAjpxY7qgaT1crkXKFkc/eRWFUS5+3x2JkbLD0Qzhm+S76HE
-NL+UtiXXNOTGt3yFLZrq6PF8LN00e0ottzcEr52R8UShvKyH3GotQuULdOmOxa7V
-0HAdPAkI6waFgZ6c5Oje4R6aCTK5VuVBgZXuh5TRkF/fcvtP5lI94dKVHAIE+OGX
-Rh1aKuzxwrVlwgbFKKqySnUdc/RO6xD6Cw2KNjs2HYSNw5oM0oEYJo5IQWTpw2zF
-Ut7pOx4Htbtv7DXr1OiPOFjKl/9MgbErmdmw6Ovjw4IT++jVrUWOJy16fiDsulk0
-9Z5Lv6PQLB814mXyCCWK9Juhymv4Ii1d8u7f55Di7vVJoyT2dG23OloYitWSfldA
-Cp3jVtv6YHxjOR3/LzI6Qdg23vOxFYYesDb8REnGpood0ProNdesfd8TJIuPTJGo
-fanWAmk+10mIgm0DuBv9ZAbxFPa/PJBlARCapr3uMmtJ+RwXW8k/MPzoLEsM7VWv
-rSvGAjACVLV+FjV+nHzITOOX7xHoT3xl81cXx4NdyCGsHlpoE8Us07g8qMGJX45+
-4N6YZi/x0/5M0qwdJTQoMIPqystBCGfijLLFP/+vpjm21WRc9gMrQVlORsJbuLkA
-EQEAAYkCNgQYAQgAIBYhBDF5X7g8W8jZrbI8ugE1DswrieVyBQJjrzErAhsMAAoJ
-EAE1DswrieVyQCMP/0d9bXYs9yYq1PkopIOOc8BnfNSTMkl8qjZR7Cx5IBH6wHWx
-Q4RuETNsMJhAgZyjCKP2A/SS8BmFsc2OcnGVjdYDDovrfZW53Cz0kM0KS1NY0t+S
-IdGw64twNoxQxtSvySTC7kofBMJxbjdEAyxnft0qPWDKrWxRiGVepcnIGnxjHOGU
-L6GyJfw/0X5lF8yVIsio8A0cvlhgpL5p7blgrYrmyCPV2HIfUgCDAqDnm8Kfsr6e
-FqARo3P5SrGCKDXBSG9NSjsbKRATdpg9ZwMqoKNMCNzUl1DbzJ+BzY9PWn31FeNL
-BBd7DDp92gH+hgu1O23m/S6GX/ZehnyF8jucwMlY1S5giOOehmvLd1YZKlDTkpV2
-9ucFM77IVyQryiix/vC31s0g/4aeKxFmkilKlEXqY2A7zfjhIy08xl9nr2BKd9aL
-ZTZLydkDuPWeYrk6yTJS8tSQyN5U4ivAdXVhi2/Da2+OEEsL3CgMp4HLiZDljHco
-m0wJkU6O9psJGMuewgStPUhY0TkYOsR5vRu27HAy/c/YPFHYGTj7chSpR8zkBSYc
-LZaotTEQWm+RYOtyDumuLXAuZzhYd9fbY3bpRNC1673+Bm9y0uNRtfxBC1j/K/bs
-nTTsaduddyYg2mV8VlVt/hTTAreMwfDpejWq7W7xhcwP5MCovdGD+d/hCLk6
-=OJvy
------END PGP PUBLIC KEY BLOCK-----

files/ospfd.conf

@@ -28,10 +28,4 @@ area 0.0.0.0 {
 	interface wg0 {
 		type p2p
 	}
-	interface wg2 {
-		type p2p
-	}
-	interface wg3 {
-		type p2p
-	}
 }

files/pf.wg2.conf

@@ -1,11 +0,0 @@
-# allow incoming udp packets for wg2
-pass in proto udp from any to self port 51822
-
-# allow ospf on wg2
-pass on wg2 proto ospf
-
-# allow prometheus on wg2
-pass on wg2 proto tcp from any to self port 9100
-
-# allow outgoing snmp on wg2
-pass out on wg2 proto udp from self to any port snmp

files/pf.wg3.conf

@@ -1,11 +0,0 @@
-# allow incoming udp packets for wg3
-pass in proto udp from any to self port 51823
-
-# allow ospf on wg3
-pass on wg3 proto ospf
-
-# allow prometheus on wg3
-pass on wg3 proto tcp from any to self port 9100
-
-# allow outgoing snmp on wg3
-pass out on wg3 proto udp from self to any port snmp

files/wifi.lua

@@ -1,58 +0,0 @@
-local ubus = require "ubus"
-local iwinfo = require "iwinfo"
-
-local function scrape()
-  local metric_wifi_network_quality = metric("wifi_network_quality","gauge")
-  local metric_wifi_network_bitrate = metric("wifi_network_bitrate","gauge")
-  local metric_wifi_network_noise = metric("wifi_network_noise_dbm","gauge")
-  local metric_wifi_network_signal = metric("wifi_network_signal_dbm","gauge")
-  local metric_wifi_clients = metric("wifi_network_clients", "gauge")
-  local metric_wifi_airtime_total       = metric("wifi_network_airtime_total", "gauge")
-  local metric_wifi_airtime_busy        = metric("wifi_network_airtime_busy", "gauge")
-  local metric_wifi_airtime_utilization = metric("wifi_network_airtime_utilization", "gauge")
-
-  local u = ubus.connect()
-  local status = u:call("network.wireless", "status", {})
-
-  for dev, dev_table in pairs(status) do
-    for _, intf in ipairs(dev_table['interfaces']) do
-      local ifname = intf['ifname']
-      if ifname ~= nil then
-        local iw = iwinfo[iwinfo.type(ifname)]
-        local labels = {
-          channel = iw.channel(ifname),
-          ssid = iw.ssid(ifname),
-          bssid = string.lower(iw.bssid(ifname)),
-          mode = iw.mode(ifname),
-          ifname = ifname,
-          country = iw.country(ifname),
-          frequency = iw.frequency(ifname),
-          device = dev,
-        }
-
-        local qc = iw.quality(ifname) or 0
-        local qm = iw.quality_max(ifname) or 0
-        local quality = 0
-        if qc > 0 and qm > 0 then
-          quality = math.floor((100 / qm) * qc)
-        end
-
-        local wifi_clients = 0
-        for _ in pairs(iw.assoclist(ifname)) do wifi_clients = wifi_clients +1 end
-
-        local hostapd_status = u:call("hostapd." .. ifname, "get_status", {})
-
-        metric_wifi_network_quality(labels, quality)
-        metric_wifi_network_noise(labels, iw.noise(ifname) or 0)
-        metric_wifi_network_bitrate(labels, iw.bitrate(ifname) or 0)
-        metric_wifi_network_signal(labels, iw.signal(ifname) or -255)
-        metric_wifi_clients(labels, wifi_clients)
-        metric_wifi_airtime_total(labels, hostapd_status.airtime.time)
-        metric_wifi_airtime_busy(labels, hostapd_status.airtime.time_busy)
-        metric_wifi_airtime_utilization(labels, hostapd_status.airtime.utilization)
-      end
-    end
-  end
-end
-
-return { scrape = scrape }

firmware/.gitignore

@@ -1,2 +0,0 @@
-*
-!.gitignore

group_vars/aptype_aruba_ap_105.yml

@@ -1,12 +0,0 @@
----
-radios:
-  radio0:
-    type:   "mac80211"
-    path:   "pci0000:00/0000:00:11.0"
-    band:   "2g"
-    htmode: "HT20"
-  radio1:
-    type:   "mac80211"
-    path:   "pci0000:00/0000:00:12.0"
-    band:   "5g"
-    htmode: "HT20"

group_vars/aptype_aruba_ap_303.yml

@@ -1,12 +0,0 @@
----
-radios:
-  radio0:
-    type:   "mac80211"
-    path:   "platform/soc/a000000.wifi"
-    band:   "2g"
-    htmode: "HT20"
-  radio1:
-    type:   "mac80211"
-    path:   "platform/soc/a800000.wifi"
-    band:   "5g"
-    htmode: "VHT20"

password-store/.gpg-id

@@ -1,4 +1,2 @@
 EB0D409FD8884BBECC04532AF937CB4882C16136
 C2AA3A4266D111B27C3774EB2438B8ADFDF45447
-22E9F26EB31B531BDB6091724FFB53D9FB0424CC
-31795FB83C5BC8D9ADB23CBA01350ECC2B89E572