nuc7ear/nm
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Aleksandr Malyavin
2024-09-01 20:56:12 +03:00
commit 9717dca6a2
9 changed files with 217 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
playbook.yaml Normal file
View File

@@ -0,0 +1,25 @@
- hosts: localhost
connection: local
become: true
roles:
# - install
- configure
vars:
apps:
- networkmanager
- modemmanager
- iptables
# - hostapd
# - dhcpd
wifi_ssid: "test"
wifi_psk: "test12345"
wifi_int_ip: 10.1.10.1
# dhcpd
subnet: 10.1.10.0
netmask: 255.255.255.0
range_start: 10.1.10.10
range_end: 10.1.10.200
default_lease_time: 600
max_lease_time: 7200
dns1: 77.88.8.8
dns2: 77.88.8.1

3
roles/configure/defaults/main.yml Normal file
View File

@@ -0,0 +1,3 @@
---
# Whether or not to reload the sysctl configuration if changed
disable_ipv6_reload_sysctl_if_changed: true

28
roles/configure/handlers/main.yml Normal file
View File

@@ -0,0 +1,28 @@
---
- name: Reload the sysctl configuration
# We have to use the command here because (to date) the
# ansible.posix.sysctl module does not allow to force a reload
ansible.builtin.command:
cmd: sysctl --system
changed_when: false
when: disable_ipv6_reload_sysctl_if_changed
- name: Restart NetworkManager
service:
name: NetworkManager
state: restarted
- name: Restart hostapd
service:
name: hostapd
state: restarted
- name: Restart dhcpd
service:
name: dhcpd
state: restarted
- name: Restart systemd-networkd
service:
name: systemd-networkd
state: restarted

92
roles/configure/tasks/main.yaml Normal file
View File

@@ -0,0 +1,92 @@
---
- name: Set disable_ipv6 parameters in the sysctl configuration file
ansible.posix.sysctl:
name: "{{ item }}"
value: "1"
reload: false
loop:
- net.ipv6.conf.all.disable_ipv6
- net.ipv6.conf.default.disable_ipv6
- net.ipv6.conf.lo.disable_ipv6
- net.ipv4.ip_forward
notify: Reload the sysctl configuration
- name: Stop disable dnsmasq
service:
name: dnsmasq
state: stopped
enabled: false
- name: Start enable iptables
service:
name: iptables
state: started
enabled: true
- name: Get physical interfaces names
command: find /sys/class/net -type l -lname '*wlp*' -printf '%f\n'
register: wifi_int
changed_when: false
check_mode: false
- name: Run nmcli to check if wifi access point connection has already been added
shell: /usr/bin/nmcli c | grep {{ wifi_ssid }}
register: nmcli_result
ignore_errors: True
- name: Check result nmcli
set_fact:
nmcli_failed: "{{ nmcli_result.rc != 0 }}"
- name: Run nmcli to add a connection with the specified parameters as a wifi access point if above check has failed
command: /usr/bin/nmcli c add autoconnect yes save yes con-name {{ wifi_ssid }} ifname {{ wifi_int.stdout }} type wifi ssid {{ wifi_ssid }} mode ap ip4 {{ wifi_int_ip }}
when: nmcli_failed
- name: Run nmcli to add WPA-PSK security to the wifi connection
command: /usr/bin/nmcli c mod {{ wifi_ssid }} \
802-11-wireless.band bg \
802-11-wireless.channel 1 \
802-11-wireless-security.key-mgmt wpa-psk \
802-11-wireless-security.proto rsn \
802-11-wireless-security.group ccmp \
802-11-wireless-security.pairwise ccmp \
802-11-wireless-security.psk {{ wifi_psk }} \
ipv4.method shared \
ipv4.addr {{ wifi_int_ip }}/24
- name: Run nmcli to activate wifi access point connection
command: /usr/bin/nmcli c up {{ wifi_ssid }}
# - name: Configure {{ wifi_int.stdout_lines | first }} interface
# template:
# src: 25-wireless.network.j2
# dest: /etc/systemd/network/25-wireless.network
# notify: Restart systemd-networkd
# - name: Configure NetworkManager
# template:
# src: unmanaged.conf.j2
# dest: /etc/NetworkManager/conf.d/unmanaged.conf
# notify: Restart NetworkManager
# - name: Configure hostapd
# template:
# src: hostapd.conf.j2
# dest: /etc/hostapd/hostapd.conf
# notify: Restart hostapd
# - name: Configure hostapd
# template:
# src: dhcpd.conf.j2
# dest: /etc/dhcpd.conf
# # notify: Restart dhcpd
# - name: Enable services
# service: "{{ app }}"
# enabled: yes
# loop: "{{ apps }}"
# loop_control:
# loop_var: "app"
# - name: Force all notified handlers to run at this point
# ansible.builtin.meta: flush_handlers

7
roles/configure/templates/25-wireless.network.j2 Normal file
View File

@@ -0,0 +1,7 @@
[Match]
Name={{ wifi_int.stdout_lines | first }}
[Network]
Address={{ wifi_int_ip }}/24
#Gateway=
#DNS=

8
roles/configure/templates/dhcpd.conf.j2 Normal file
View File

@@ -0,0 +1,8 @@
option domain-name-servers {{ dns1 }}, {{ dns2 }};
option subnet-mask {{ netmask }};
option routers {{ wifi_int_ip }};
subnet {{ subnet }} netmask {{ netmask }} {
range {{ range_start }} {{ range_end }};
}
default-lease-time {{ default_lease_time }};
max-lease-time {{ max_lease_time }};

45
roles/configure/templates/hostapd.conf.j2 Normal file
View File

@@ -0,0 +1,45 @@
# Set up some logging. VERY useful to see why things aren't working.
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
# Which interface to use and which bridge to join
interface={{ wifi_int.stdout_lines | first }}
#bridge=br0
#
wmm_enabled=1
wme_enabled=1
ieee80211n=1
#ieee80211d=1
#noscan=1
#
# Use this driver for AP stuff. This corresponds to the mac80211 driver
# which most newer cards support.
driver=nl80211
# 802.11 mode and channel, pretty self-explanatory
hw_mode=g
country_code=RU
channel=9
# Set and broadcast the SSID. Stupid double-negatives...
ssid={{ wifi_ssid }}
ignore_broadcast_ssid=0
# 802.11N stuff - Try 40 MHz channels, fall back to 20 MHz
#ieee80211n=1
#ht_capab=[HT40+][SHORT-GI-40]
ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40]
#ht_capab=[HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]
# WPA Authentication
auth_algs=1
wpa=2
wpa_passphrase={{ wifi_psk }}
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
macaddr_acl=0

2
roles/configure/templates/unmanaged.conf.j2 Normal file
View File

@@ -0,0 +1,2 @@
[keyfile]
unmanaged-devices=interface-name:{{ wifi_int.stdout_lines | first }}

7
roles/install/tasks/main.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
- name: install applications
pacman:
name: "{{ app }}"
loop: "{{ apps }}"
loop_control:
loop_var: "app"