From 9717dca6a202b324b98c39405a995b210adc55f2 Mon Sep 17 00:00:00 2001 From: Aleksandr Malyavin Date: Sun, 1 Sep 2024 20:56:12 +0300 Subject: [PATCH] init --- playbook.yaml | 25 +++++ roles/configure/defaults/main.yml | 3 + roles/configure/handlers/main.yml | 28 ++++++ roles/configure/tasks/main.yaml | 92 +++++++++++++++++++ .../templates/25-wireless.network.j2 | 7 ++ roles/configure/templates/dhcpd.conf.j2 | 8 ++ roles/configure/templates/hostapd.conf.j2 | 45 +++++++++ roles/configure/templates/unmanaged.conf.j2 | 2 + roles/install/tasks/main.yaml | 7 ++ 9 files changed, 217 insertions(+) create mode 100644 playbook.yaml create mode 100644 roles/configure/defaults/main.yml create mode 100644 roles/configure/handlers/main.yml create mode 100644 roles/configure/tasks/main.yaml create mode 100644 roles/configure/templates/25-wireless.network.j2 create mode 100644 roles/configure/templates/dhcpd.conf.j2 create mode 100644 roles/configure/templates/hostapd.conf.j2 create mode 100644 roles/configure/templates/unmanaged.conf.j2 create mode 100644 roles/install/tasks/main.yaml diff --git a/playbook.yaml b/playbook.yaml new file mode 100644 index 0000000..2cc91bf --- /dev/null +++ b/playbook.yaml @@ -0,0 +1,25 @@ +- hosts: localhost + connection: local + become: true + roles: +# - install + - configure + vars: + apps: + - networkmanager + - modemmanager + - iptables + # - hostapd + # - dhcpd + wifi_ssid: "test" + wifi_psk: "test12345" + wifi_int_ip: 10.1.10.1 + # dhcpd + subnet: 10.1.10.0 + netmask: 255.255.255.0 + range_start: 10.1.10.10 + range_end: 10.1.10.200 + default_lease_time: 600 + max_lease_time: 7200 + dns1: 77.88.8.8 + dns2: 77.88.8.1 diff --git a/roles/configure/defaults/main.yml b/roles/configure/defaults/main.yml new file mode 100644 index 0000000..9d071f7 --- /dev/null +++ b/roles/configure/defaults/main.yml @@ -0,0 +1,3 @@ +--- +# Whether or not to reload the sysctl configuration if changed +disable_ipv6_reload_sysctl_if_changed: true diff --git a/roles/configure/handlers/main.yml b/roles/configure/handlers/main.yml new file mode 100644 index 0000000..982b68c --- /dev/null +++ b/roles/configure/handlers/main.yml @@ -0,0 +1,28 @@ +--- +- name: Reload the sysctl configuration + # We have to use the command here because (to date) the + # ansible.posix.sysctl module does not allow to force a reload + ansible.builtin.command: + cmd: sysctl --system + changed_when: false + when: disable_ipv6_reload_sysctl_if_changed + +- name: Restart NetworkManager + service: + name: NetworkManager + state: restarted + +- name: Restart hostapd + service: + name: hostapd + state: restarted + +- name: Restart dhcpd + service: + name: dhcpd + state: restarted + +- name: Restart systemd-networkd + service: + name: systemd-networkd + state: restarted \ No newline at end of file diff --git a/roles/configure/tasks/main.yaml b/roles/configure/tasks/main.yaml new file mode 100644 index 0000000..01d1fe2 --- /dev/null +++ b/roles/configure/tasks/main.yaml @@ -0,0 +1,92 @@ +--- +- name: Set disable_ipv6 parameters in the sysctl configuration file + ansible.posix.sysctl: + name: "{{ item }}" + value: "1" + reload: false + loop: + - net.ipv6.conf.all.disable_ipv6 + - net.ipv6.conf.default.disable_ipv6 + - net.ipv6.conf.lo.disable_ipv6 + - net.ipv4.ip_forward + notify: Reload the sysctl configuration + +- name: Stop disable dnsmasq + service: + name: dnsmasq + state: stopped + enabled: false + +- name: Start enable iptables + service: + name: iptables + state: started + enabled: true + +- name: Get physical interfaces names + command: find /sys/class/net -type l -lname '*wlp*' -printf '%f\n' + register: wifi_int + changed_when: false + check_mode: false + +- name: Run nmcli to check if wifi access point connection has already been added + shell: /usr/bin/nmcli c | grep {{ wifi_ssid }} + register: nmcli_result + ignore_errors: True + +- name: Check result nmcli + set_fact: + nmcli_failed: "{{ nmcli_result.rc != 0 }}" + +- name: Run nmcli to add a connection with the specified parameters as a wifi access point if above check has failed + command: /usr/bin/nmcli c add autoconnect yes save yes con-name {{ wifi_ssid }} ifname {{ wifi_int.stdout }} type wifi ssid {{ wifi_ssid }} mode ap ip4 {{ wifi_int_ip }} + when: nmcli_failed + +- name: Run nmcli to add WPA-PSK security to the wifi connection + command: /usr/bin/nmcli c mod {{ wifi_ssid }} \ + 802-11-wireless.band bg \ + 802-11-wireless.channel 1 \ + 802-11-wireless-security.key-mgmt wpa-psk \ + 802-11-wireless-security.proto rsn \ + 802-11-wireless-security.group ccmp \ + 802-11-wireless-security.pairwise ccmp \ + 802-11-wireless-security.psk {{ wifi_psk }} \ + ipv4.method shared \ + ipv4.addr {{ wifi_int_ip }}/24 + +- name: Run nmcli to activate wifi access point connection + command: /usr/bin/nmcli c up {{ wifi_ssid }} + +# - name: Configure {{ wifi_int.stdout_lines | first }} interface +# template: +# src: 25-wireless.network.j2 +# dest: /etc/systemd/network/25-wireless.network +# notify: Restart systemd-networkd + +# - name: Configure NetworkManager +# template: +# src: unmanaged.conf.j2 +# dest: /etc/NetworkManager/conf.d/unmanaged.conf +# notify: Restart NetworkManager + +# - name: Configure hostapd +# template: +# src: hostapd.conf.j2 +# dest: /etc/hostapd/hostapd.conf +# notify: Restart hostapd + +# - name: Configure hostapd +# template: +# src: dhcpd.conf.j2 +# dest: /etc/dhcpd.conf +# # notify: Restart dhcpd + +# - name: Enable services +# service: "{{ app }}" +# enabled: yes +# loop: "{{ apps }}" +# loop_control: +# loop_var: "app" +# - name: Force all notified handlers to run at this point +# ansible.builtin.meta: flush_handlers + diff --git a/roles/configure/templates/25-wireless.network.j2 b/roles/configure/templates/25-wireless.network.j2 new file mode 100644 index 0000000..16e2162 --- /dev/null +++ b/roles/configure/templates/25-wireless.network.j2 @@ -0,0 +1,7 @@ +[Match] +Name={{ wifi_int.stdout_lines | first }} + +[Network] +Address={{ wifi_int_ip }}/24 +#Gateway= +#DNS= \ No newline at end of file diff --git a/roles/configure/templates/dhcpd.conf.j2 b/roles/configure/templates/dhcpd.conf.j2 new file mode 100644 index 0000000..7fadbb9 --- /dev/null +++ b/roles/configure/templates/dhcpd.conf.j2 @@ -0,0 +1,8 @@ +option domain-name-servers {{ dns1 }}, {{ dns2 }}; +option subnet-mask {{ netmask }}; +option routers {{ wifi_int_ip }}; +subnet {{ subnet }} netmask {{ netmask }} { + range {{ range_start }} {{ range_end }}; +} +default-lease-time {{ default_lease_time }}; +max-lease-time {{ max_lease_time }}; diff --git a/roles/configure/templates/hostapd.conf.j2 b/roles/configure/templates/hostapd.conf.j2 new file mode 100644 index 0000000..658db24 --- /dev/null +++ b/roles/configure/templates/hostapd.conf.j2 @@ -0,0 +1,45 @@ +# Set up some logging. VERY useful to see why things aren't working. +logger_syslog=-1 +logger_syslog_level=2 +logger_stdout=-1 +logger_stdout_level=2 + +# Which interface to use and which bridge to join +interface={{ wifi_int.stdout_lines | first }} +#bridge=br0 + + +# +wmm_enabled=1 +wme_enabled=1 +ieee80211n=1 +#ieee80211d=1 +#noscan=1 +# +# Use this driver for AP stuff. This corresponds to the mac80211 driver +# which most newer cards support. +driver=nl80211 + +# 802.11 mode and channel, pretty self-explanatory +hw_mode=g +country_code=RU +channel=9 + + +# Set and broadcast the SSID. Stupid double-negatives... +ssid={{ wifi_ssid }} +ignore_broadcast_ssid=0 + +# 802.11N stuff - Try 40 MHz channels, fall back to 20 MHz +#ieee80211n=1 +#ht_capab=[HT40+][SHORT-GI-40] +ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40] +#ht_capab=[HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40] +# WPA Authentication +auth_algs=1 +wpa=2 +wpa_passphrase={{ wifi_psk }} +wpa_key_mgmt=WPA-PSK +rsn_pairwise=CCMP + +macaddr_acl=0 diff --git a/roles/configure/templates/unmanaged.conf.j2 b/roles/configure/templates/unmanaged.conf.j2 new file mode 100644 index 0000000..2e769bb --- /dev/null +++ b/roles/configure/templates/unmanaged.conf.j2 @@ -0,0 +1,2 @@ +[keyfile] +unmanaged-devices=interface-name:{{ wifi_int.stdout_lines | first }} diff --git a/roles/install/tasks/main.yaml b/roles/install/tasks/main.yaml new file mode 100644 index 0000000..b62a6ee --- /dev/null +++ b/roles/install/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- name: install applications + pacman: + name: "{{ app }}" + loop: "{{ apps }}" + loop_control: + loop_var: "app"