init

playbook.yaml

@@ -0,0 +1,25 @@
+- hosts: localhost
+  connection: local
+  become: true
+  roles:
+#    - install
+    - configure
+  vars:
+    apps:
+    - networkmanager
+    - modemmanager
+    - iptables
+    # - hostapd
+    # - dhcpd
+    wifi_ssid: "test"
+    wifi_psk: "test12345"
+    wifi_int_ip: 10.1.10.1
+    # dhcpd
+    subnet: 10.1.10.0
+    netmask: 255.255.255.0
+    range_start: 10.1.10.10
+    range_end: 10.1.10.200
+    default_lease_time: 600
+    max_lease_time: 7200
+    dns1: 77.88.8.8
+    dns2: 77.88.8.1

roles/configure/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+# Whether or not to reload the sysctl configuration if changed
+disable_ipv6_reload_sysctl_if_changed: true

roles/configure/handlers/main.yml

@@ -0,0 +1,28 @@
+---
+- name: Reload the sysctl configuration
+  # We have to use the command here because (to date) the
+  # ansible.posix.sysctl module does not allow to force a reload
+  ansible.builtin.command:
+    cmd: sysctl --system
+  changed_when: false
+  when: disable_ipv6_reload_sysctl_if_changed
+
+- name: Restart NetworkManager
+  service:
+    name: NetworkManager
+    state: restarted
+
+- name: Restart hostapd
+  service:
+    name: hostapd
+    state: restarted
+
+- name: Restart dhcpd
+  service:
+    name: dhcpd
+    state: restarted
+
+- name: Restart systemd-networkd
+  service:
+    name: systemd-networkd
+    state: restarted

roles/configure/tasks/main.yaml

@@ -0,0 +1,92 @@
+---
+- name: Set disable_ipv6 parameters in the sysctl configuration file
+  ansible.posix.sysctl:
+    name: "{{ item }}"
+    value: "1"
+    reload: false
+  loop:
+    - net.ipv6.conf.all.disable_ipv6
+    - net.ipv6.conf.default.disable_ipv6
+    - net.ipv6.conf.lo.disable_ipv6
+    - net.ipv4.ip_forward
+  notify: Reload the sysctl configuration
+  
+- name: Stop disable dnsmasq
+  service: 
+    name: dnsmasq
+    state: stopped
+    enabled: false
+
+- name: Start enable iptables
+  service: 
+    name: iptables
+    state: started
+    enabled: true
+
+- name: Get physical interfaces names
+  command: find /sys/class/net -type l -lname '*wlp*' -printf '%f\n' 
+  register: wifi_int
+  changed_when: false
+  check_mode: false
+
+- name: Run nmcli to check if wifi access point connection has already been added
+  shell: /usr/bin/nmcli c | grep {{ wifi_ssid }}
+  register: nmcli_result
+  ignore_errors: True
+
+- name: Check result nmcli
+  set_fact:
+    nmcli_failed: "{{ nmcli_result.rc != 0 }}"
+
+- name: Run nmcli to add a connection with the specified parameters as a wifi access point if above check has failed
+  command: /usr/bin/nmcli c add autoconnect yes save yes con-name {{ wifi_ssid }} ifname {{ wifi_int.stdout }} type wifi ssid {{ wifi_ssid }} mode ap ip4 {{ wifi_int_ip }}
+  when: nmcli_failed
+
+- name: Run nmcli to add WPA-PSK security to the wifi connection
+  command: /usr/bin/nmcli c mod {{ wifi_ssid }} \
+    802-11-wireless.band bg \
+    802-11-wireless.channel 1 \
+    802-11-wireless-security.key-mgmt wpa-psk \
+    802-11-wireless-security.proto rsn \
+    802-11-wireless-security.group ccmp \
+    802-11-wireless-security.pairwise ccmp \
+    802-11-wireless-security.psk {{ wifi_psk }} \
+    ipv4.method shared \
+    ipv4.addr {{ wifi_int_ip }}/24
+
+- name: Run nmcli to activate wifi access point connection
+  command: /usr/bin/nmcli c up {{ wifi_ssid }}
+
+# - name: Configure {{ wifi_int.stdout_lines | first }} interface
+#   template:
+#     src: 25-wireless.network.j2
+#     dest: /etc/systemd/network/25-wireless.network
+#   notify: Restart systemd-networkd
+
+# - name: Configure NetworkManager
+#   template:
+#     src: unmanaged.conf.j2
+#     dest: /etc/NetworkManager/conf.d/unmanaged.conf
+#   notify: Restart NetworkManager
+
+# - name: Configure hostapd
+#   template:
+#     src: hostapd.conf.j2
+#     dest: /etc/hostapd/hostapd.conf
+#   notify: Restart hostapd
+
+# - name: Configure hostapd
+#   template:
+#     src: dhcpd.conf.j2
+#     dest: /etc/dhcpd.conf
+# #  notify: Restart dhcpd
+
+# - name: Enable services
+#   service: "{{ app }}"
+#   enabled: yes
+#   loop: "{{ apps }}"
+#   loop_control:
+#     loop_var: "app"
+# - name: Force all notified handlers to run at this point
+#   ansible.builtin.meta: flush_handlers
+

roles/configure/templates/25-wireless.network.j2

@@ -0,0 +1,7 @@
+[Match]
+Name={{ wifi_int.stdout_lines | first }}
+
+[Network]
+Address={{ wifi_int_ip }}/24
+#Gateway=
+#DNS=

roles/configure/templates/dhcpd.conf.j2

@@ -0,0 +1,8 @@
+option domain-name-servers {{ dns1 }}, {{ dns2 }};
+option subnet-mask {{ netmask }};
+option routers {{ wifi_int_ip }};
+subnet {{ subnet }} netmask {{ netmask }} {
+  range {{ range_start }} {{ range_end }};
+}
+default-lease-time {{ default_lease_time }};
+max-lease-time {{ max_lease_time }};

roles/configure/templates/hostapd.conf.j2

@@ -0,0 +1,45 @@
+# Set up some logging. VERY useful to see why things aren't working.
+logger_syslog=-1
+logger_syslog_level=2
+logger_stdout=-1
+logger_stdout_level=2
+
+# Which interface to use and which bridge to join
+interface={{ wifi_int.stdout_lines | first }}
+#bridge=br0
+
+
+#
+wmm_enabled=1
+wme_enabled=1
+ieee80211n=1
+#ieee80211d=1
+#noscan=1
+#
+# Use this driver for AP stuff. This corresponds to the mac80211 driver
+# which most newer cards support.
+driver=nl80211
+
+# 802.11 mode and channel, pretty self-explanatory
+hw_mode=g
+country_code=RU
+channel=9
+
+
+# Set and broadcast the SSID. Stupid double-negatives...
+ssid={{ wifi_ssid }}
+ignore_broadcast_ssid=0
+
+# 802.11N stuff - Try 40 MHz channels, fall back to 20 MHz
+#ieee80211n=1
+#ht_capab=[HT40+][SHORT-GI-40]
+ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40]
+#ht_capab=[HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
+# WPA Authentication
+auth_algs=1
+wpa=2
+wpa_passphrase={{ wifi_psk }}
+wpa_key_mgmt=WPA-PSK
+rsn_pairwise=CCMP
+
+macaddr_acl=0

roles/configure/templates/unmanaged.conf.j2

@@ -0,0 +1,2 @@
+[keyfile]
+unmanaged-devices=interface-name:{{ wifi_int.stdout_lines | first }}

roles/install/tasks/main.yaml

@@ -0,0 +1,7 @@
+---
+- name: install applications
+  pacman:
+    name: "{{ app }}"
+  loop: "{{ apps }}"
+  loop_control:
+    loop_var: "app"