Yeah, that diagram is generally how I would do it.
Make sure the AP 10.1.2.2 is configured with default forward turned off. If you have more than one AP, keep them in separate networks or use bridge filters or port horizon settings to keep traffic from coming in on one IP and going back out to a client on another AP.
There are a lot of ways to get public IPs to the customer. A lot of the options depend on how much public IP space you have. If you only have a /29 or /27 of public IPs, you may need to do a 1:1 NAT on the CCR which would do the translation between the static which lives on the CCR and the 10.1.2.x/26 which lives on the subscriber's device. If you have a /22 or even only a /24 you could divide it into smaller subnets and put the subnets on the tower routers on the same interface with the 10.1.2.x/26 type subnet. You would just return a different "Framed-Pool" or "Framed-IP-Address" from RADIUS which would assign the appropriate public IP address to the subscriber's device, via DHCP or PPPoE.
As small as you are now, it should be very simple to implement the ideas in this video which would give you maximum flexibility to grow in the future. http://www.tiktube.com/video/KHhE3aEKdD ... sDlIoFqoq=
Implementing it in my network is going to be a lot of nerve wracking work during the transition phase. Especially since what I have works pretty well.