summaryrefslogtreecommitdiff
path: root/ansible
diff options
context:
space:
mode:
Diffstat (limited to 'ansible')
-rw-r--r--ansible/minipc-router.yml3
-rw-r--r--ansible/roles/dhcp-client/files/interfaces-dhcp (renamed from ansible/roles/lan1-dhcp-client/files/lan1-dhcp)0
-rw-r--r--ansible/roles/dhcp-client/tasks/main.yml5
-rw-r--r--ansible/roles/hotspot/defaults/main.yml17
-rw-r--r--ansible/roles/hotspot/files/hostapd1
-rw-r--r--ansible/roles/hotspot/handlers/main.yml5
-rw-r--r--ansible/roles/hotspot/tasks/main.yml15
-rw-r--r--ansible/roles/hotspot/templates/hostapd.conf.j220
-rw-r--r--ansible/roles/lan1-dhcp-client/tasks/main.yml7
-rw-r--r--ansible/roles/router/files/dnsmasq-router2
-rw-r--r--ansible/roles/router/files/ferm.conf2
-rw-r--r--ansible/roles/router/files/interfaces-eth1-eth211
-rw-r--r--ansible/roles/router/files/setup-firewall3
-rw-r--r--ansible/roles/router/files/switch15
-rw-r--r--ansible/roles/router/files/sysctl-routing.conf (renamed from ansible/roles/router/files/enable-routing.conf)0
-rw-r--r--ansible/roles/router/handlers/main.yml11
-rw-r--r--ansible/roles/router/tasks/main.yml39
-rw-r--r--ansible/roles/router/templates/ifupdown-switch14
18 files changed, 124 insertions, 46 deletions
diff --git a/ansible/minipc-router.yml b/ansible/minipc-router.yml
index f9086d0..e99f49a 100644
--- a/ansible/minipc-router.yml
+++ b/ansible/minipc-router.yml
@@ -6,6 +6,7 @@
hostname: router
distro: jessie
roles:
- - lan1-dhcp-client
+ - dhcp-client
- sane-debian-system
- router
+ - hotspot
diff --git a/ansible/roles/lan1-dhcp-client/files/lan1-dhcp b/ansible/roles/dhcp-client/files/interfaces-dhcp
index 81922ce..81922ce 100644
--- a/ansible/roles/lan1-dhcp-client/files/lan1-dhcp
+++ b/ansible/roles/dhcp-client/files/interfaces-dhcp
diff --git a/ansible/roles/dhcp-client/tasks/main.yml b/ansible/roles/dhcp-client/tasks/main.yml
new file mode 100644
index 0000000..513c841
--- /dev/null
+++ b/ansible/roles/dhcp-client/tasks/main.yml
@@ -0,0 +1,5 @@
+- name: configure eth0 to be a DHCP client
+ copy: src=interfaces-dhcp dest=/etc/network/interfaces.d/dhcp
+
+- name: bring up eth0
+ shell: ifup eth0
diff --git a/ansible/roles/hotspot/defaults/main.yml b/ansible/roles/hotspot/defaults/main.yml
new file mode 100644
index 0000000..a413af9
--- /dev/null
+++ b/ansible/roles/hotspot/defaults/main.yml
@@ -0,0 +1,17 @@
+# Your network SSID
+ssid: Caprica
+# Your country code
+country: FI
+# Your passphrase
+passphrase: "{{ lookup('pipe', 'pass show office_network/wifi') }}"
+# Wireless device, check `iwconfig`
+interface: wlan0
+# Set if interface is a bridge, leave empty otherwise
+bridge: br0
+# IEEE 802.11 operation mode
+# Supported modes: a, b, g, ad
+mode: g
+# Enable 802.11n, if supported by chipset
+ieee80211n: 1
+# Channel to use, check `iw list`
+channel: 2
diff --git a/ansible/roles/hotspot/files/hostapd b/ansible/roles/hotspot/files/hostapd
new file mode 100644
index 0000000..b63c3ae
--- /dev/null
+++ b/ansible/roles/hotspot/files/hostapd
@@ -0,0 +1 @@
+DAEMON_CONF="/etc/hostapd/hostapd.conf"
diff --git a/ansible/roles/hotspot/handlers/main.yml b/ansible/roles/hotspot/handlers/main.yml
new file mode 100644
index 0000000..05dfcd6
--- /dev/null
+++ b/ansible/roles/hotspot/handlers/main.yml
@@ -0,0 +1,5 @@
+- name: restart hostapd
+ service: name=hostapd state=restarted enabled=yes
+
+- name: restart dnsmasq
+ service: name=dnsmasq state=restarted
diff --git a/ansible/roles/hotspot/tasks/main.yml b/ansible/roles/hotspot/tasks/main.yml
new file mode 100644
index 0000000..b2be8ee
--- /dev/null
+++ b/ansible/roles/hotspot/tasks/main.yml
@@ -0,0 +1,15 @@
+- name: install hotspot dependencies
+ apt: name={{ item }} state=present
+ with_items:
+ - firmware-ralink
+ - iw
+ - wireless-tools
+ - hostapd
+
+- name: copy hostapd conf
+ template: src=hostapd.conf.j2 dest=/etc/hostapd/hostapd.conf
+ notify: restart hostapd
+
+- name: copy default hostapd conf
+ copy: src=hostapd dest=/etc/default/hostapd
+ notify: restart hostapd
diff --git a/ansible/roles/hotspot/templates/hostapd.conf.j2 b/ansible/roles/hotspot/templates/hostapd.conf.j2
new file mode 100644
index 0000000..83ff514
--- /dev/null
+++ b/ansible/roles/hotspot/templates/hostapd.conf.j2
@@ -0,0 +1,20 @@
+# hostapd sample config with documentation:
+# http://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
+interface={{ interface }}
+bridge={{ bridge }}
+driver=nl80211
+ssid={{ ssid }}
+country_code={{ country }}
+hw_mode={{ mode }}
+ieee80211n={{ ieee80211n }}
+channel={{ channel }}
+macaddr_acl=0
+auth_algs=1
+ignore_broadcast_ssid=0
+wmm_enabled=1
+# bit1: WPA2 only
+wpa=1
+wpa_passphrase={{ passphrase }}
+wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
+wpa_pairwise=TKIP
+rsn_pairwise=CCMP
diff --git a/ansible/roles/lan1-dhcp-client/tasks/main.yml b/ansible/roles/lan1-dhcp-client/tasks/main.yml
deleted file mode 100644
index fb5d06e..0000000
--- a/ansible/roles/lan1-dhcp-client/tasks/main.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-- name: "configure LAN1 (eth0) to be a DHCP client"
- copy:
- src: lan1-dhcp
- dest: /etc/network/interfaces.d/lan1-dhcp
-
-- name: bring up LAN1 (eth0)
- shell: ifup eth0
diff --git a/ansible/roles/router/files/dnsmasq-router b/ansible/roles/router/files/dnsmasq-router
new file mode 100644
index 0000000..7e48964
--- /dev/null
+++ b/ansible/roles/router/files/dnsmasq-router
@@ -0,0 +1,2 @@
+interface=br0
+dhcp-range=10.0.0.10,10.0.0.250,255.255.255.0,720h
diff --git a/ansible/roles/router/files/ferm.conf b/ansible/roles/router/files/ferm.conf
index 1867e84..4cc1a24 100644
--- a/ansible/roles/router/files/ferm.conf
+++ b/ansible/roles/router/files/ferm.conf
@@ -7,7 +7,7 @@
@def $DEV_WORLD = eth0;
# Interfaces towards LAN.
-@def $DEV_PRIVATE = (eth1 eth2 eth3);
+@def $DEV_PRIVATE = (br0);
# Address range for LAN.
@def $NET_PRIVATE = 10.0.0.0/16;
diff --git a/ansible/roles/router/files/interfaces-eth1-eth2 b/ansible/roles/router/files/interfaces-eth1-eth2
deleted file mode 100644
index 721f2ed..0000000
--- a/ansible/roles/router/files/interfaces-eth1-eth2
+++ /dev/null
@@ -1,11 +0,0 @@
-auto eth1
-iface eth1 inet static
- address 10.0.2.1
- netmask 255.255.255.0
- gateway 10.0.0.255
-
-auto eth2
-iface eth2 inet static
- address 10.0.3.1
- netmask 255.255.255.0
- gateway 10.0.0.255
diff --git a/ansible/roles/router/files/setup-firewall b/ansible/roles/router/files/setup-firewall
deleted file mode 100644
index 77f80d8..0000000
--- a/ansible/roles/router/files/setup-firewall
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/sh
-
-exec iptables -t nat -A POSTROUTING -j MASQUERADE
diff --git a/ansible/roles/router/files/switch b/ansible/roles/router/files/switch
new file mode 100644
index 0000000..ebf9da1
--- /dev/null
+++ b/ansible/roles/router/files/switch
@@ -0,0 +1,15 @@
+auto eth1
+iface eth1 inet manual
+
+auto eth2
+iface eth2 inet manual
+
+auto eth3
+iface eth3 inet manual
+
+auto br0
+iface br0 inet static
+ address 10.0.0.4
+ netmask 255.255.255.0
+ gateway 10.0.0.255
+ bridge_ports eth1 eth2 eth3
diff --git a/ansible/roles/router/files/enable-routing.conf b/ansible/roles/router/files/sysctl-routing.conf
index 6ab7319..6ab7319 100644
--- a/ansible/roles/router/files/enable-routing.conf
+++ b/ansible/roles/router/files/sysctl-routing.conf
diff --git a/ansible/roles/router/handlers/main.yml b/ansible/roles/router/handlers/main.yml
new file mode 100644
index 0000000..9bfdccb
--- /dev/null
+++ b/ansible/roles/router/handlers/main.yml
@@ -0,0 +1,11 @@
+- name: restart ferm
+ service: name=ferm state=restarted enabled=yes
+
+- name: reload interfaces
+ service: name=networking state=restarted enabled=yes
+
+- name: restart dnsmasq
+ service: name=dnsmasq state=restarted enabled=yes
+
+- name: load sysctl config
+ shell: sysctl -p /etc/sysctl.d/routing.conf
diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml
index 2bfaa99..bd28a11 100644
--- a/ansible/roles/router/tasks/main.yml
+++ b/ansible/roles/router/tasks/main.yml
@@ -1,31 +1,24 @@
- name: install ferm
apt: name=ferm
-- name: install ferm.conf
- copy:
- src: ferm.conf
- dest: /etc/ferm/ferm.conf
- owner: root
- group: root
- mode: 0640
+- name: copy ferm.conf
+ copy: >
+ src=ferm.conf dest=/etc/ferm/ferm.conf
+ owner=root group=root mode=0640
+ notify: restart ferm
-- name: restart ferm
- service:
- name: ferm
- state: restarted
+- name: remove installer eth3 configuration
+ file: path=/etc/network/interfaces.d/router state=absent
+ notify: reload interfaces
-- name: configure eth1 and eth2
- copy:
- src: interfaces-eth1-eth2
- dest: /etc/network/interfaces.d
+- name: configure switch interfaces
+ template: src=ifupdown-switch dest=/etc/network/interfaces.d/switch
+ notify: reload interfaces
-- name: bring up eth1 and eth2
- shell: ifup eth1 eth2
+- name: reconfigure dnsmasq
+ copy: src=dnsmasq-router dest=/etc/dnsmasq.d/router
+ notify: restart dnsmasq
- name: set up packet forwarding sysctl config
- copy:
- src: enable-routing.conf
- dest: /etc/sysctl.d
-
-- name: load sysctl config change
- shell: sysctl -p /etc/sysctl.d/enable-routing.conf
+ copy: src=sysctl-routing.conf dest=/etc/sysctl.d/routing.conf
+ notify: load sysctl config
diff --git a/ansible/roles/router/templates/ifupdown-switch b/ansible/roles/router/templates/ifupdown-switch
new file mode 100644
index 0000000..d8d4ec5
--- /dev/null
+++ b/ansible/roles/router/templates/ifupdown-switch
@@ -0,0 +1,14 @@
+auto br0
+iface br0 inet static
+ address 10.0.0.4
+ netmask 255.255.255.0
+ gateway 10.0.0.255
+ pre-up ip link add name $IFACE type bridge
+{% for i in range(1, 4) %}
+
+auto eth{{i}}
+iface eth{{i}} inet manual
+ up ip link set $IFACE up
+ post-up ip addr flush dev $IFACE
+ post-up ip link set $IFACE master br0
+{% endfor %}