From ef137489a2af825da682169ed3a532c452e4f68c Mon Sep 17 00:00:00 2001 From: Ivan Dolgov Date: Tue, 13 Sep 2016 11:51:32 +0300 Subject: Add hotspot --- ansible/minipc-router.yml | 3 +- ansible/roles/dhcp-client/files/interfaces-dhcp | 2 ++ ansible/roles/dhcp-client/tasks/main.yml | 5 ++++ ansible/roles/hotspot/defaults/main.yml | 17 +++++++++++ ansible/roles/hotspot/files/hostapd | 1 + ansible/roles/hotspot/handlers/main.yml | 5 ++++ ansible/roles/hotspot/tasks/main.yml | 15 ++++++++++ ansible/roles/hotspot/templates/hostapd.conf.j2 | 20 +++++++++++++ ansible/roles/lan1-dhcp-client/files/lan1-dhcp | 2 -- ansible/roles/lan1-dhcp-client/tasks/main.yml | 7 ----- ansible/roles/router/files/dnsmasq-router | 2 ++ ansible/roles/router/files/enable-routing.conf | 2 -- ansible/roles/router/files/ferm.conf | 2 +- ansible/roles/router/files/interfaces-eth1-eth2 | 11 ------- ansible/roles/router/files/setup-firewall | 3 -- ansible/roles/router/files/switch | 15 ++++++++++ ansible/roles/router/files/sysctl-routing.conf | 2 ++ ansible/roles/router/handlers/main.yml | 11 +++++++ ansible/roles/router/tasks/main.yml | 39 ++++++++++--------------- ansible/roles/router/templates/ifupdown-switch | 14 +++++++++ 20 files changed, 128 insertions(+), 50 deletions(-) create mode 100644 ansible/roles/dhcp-client/files/interfaces-dhcp create mode 100644 ansible/roles/dhcp-client/tasks/main.yml create mode 100644 ansible/roles/hotspot/defaults/main.yml create mode 100644 ansible/roles/hotspot/files/hostapd create mode 100644 ansible/roles/hotspot/handlers/main.yml create mode 100644 ansible/roles/hotspot/tasks/main.yml create mode 100644 ansible/roles/hotspot/templates/hostapd.conf.j2 delete mode 100644 ansible/roles/lan1-dhcp-client/files/lan1-dhcp delete mode 100644 ansible/roles/lan1-dhcp-client/tasks/main.yml create mode 100644 ansible/roles/router/files/dnsmasq-router delete mode 100644 ansible/roles/router/files/enable-routing.conf delete mode 100644 ansible/roles/router/files/interfaces-eth1-eth2 delete mode 100644 ansible/roles/router/files/setup-firewall create mode 100644 ansible/roles/router/files/switch create mode 100644 ansible/roles/router/files/sysctl-routing.conf create mode 100644 ansible/roles/router/handlers/main.yml create mode 100644 ansible/roles/router/templates/ifupdown-switch (limited to 'ansible') diff --git a/ansible/minipc-router.yml b/ansible/minipc-router.yml index f9086d0..e99f49a 100644 --- a/ansible/minipc-router.yml +++ b/ansible/minipc-router.yml @@ -6,6 +6,7 @@ hostname: router distro: jessie roles: - - lan1-dhcp-client + - dhcp-client - sane-debian-system - router + - hotspot diff --git a/ansible/roles/dhcp-client/files/interfaces-dhcp b/ansible/roles/dhcp-client/files/interfaces-dhcp new file mode 100644 index 0000000..81922ce --- /dev/null +++ b/ansible/roles/dhcp-client/files/interfaces-dhcp @@ -0,0 +1,2 @@ +auto eth0 +iface eth0 inet dhcp diff --git a/ansible/roles/dhcp-client/tasks/main.yml b/ansible/roles/dhcp-client/tasks/main.yml new file mode 100644 index 0000000..513c841 --- /dev/null +++ b/ansible/roles/dhcp-client/tasks/main.yml @@ -0,0 +1,5 @@ +- name: configure eth0 to be a DHCP client + copy: src=interfaces-dhcp dest=/etc/network/interfaces.d/dhcp + +- name: bring up eth0 + shell: ifup eth0 diff --git a/ansible/roles/hotspot/defaults/main.yml b/ansible/roles/hotspot/defaults/main.yml new file mode 100644 index 0000000..a413af9 --- /dev/null +++ b/ansible/roles/hotspot/defaults/main.yml @@ -0,0 +1,17 @@ +# Your network SSID +ssid: Caprica +# Your country code +country: FI +# Your passphrase +passphrase: "{{ lookup('pipe', 'pass show office_network/wifi') }}" +# Wireless device, check `iwconfig` +interface: wlan0 +# Set if interface is a bridge, leave empty otherwise +bridge: br0 +# IEEE 802.11 operation mode +# Supported modes: a, b, g, ad +mode: g +# Enable 802.11n, if supported by chipset +ieee80211n: 1 +# Channel to use, check `iw list` +channel: 2 diff --git a/ansible/roles/hotspot/files/hostapd b/ansible/roles/hotspot/files/hostapd new file mode 100644 index 0000000..b63c3ae --- /dev/null +++ b/ansible/roles/hotspot/files/hostapd @@ -0,0 +1 @@ +DAEMON_CONF="/etc/hostapd/hostapd.conf" diff --git a/ansible/roles/hotspot/handlers/main.yml b/ansible/roles/hotspot/handlers/main.yml new file mode 100644 index 0000000..05dfcd6 --- /dev/null +++ b/ansible/roles/hotspot/handlers/main.yml @@ -0,0 +1,5 @@ +- name: restart hostapd + service: name=hostapd state=restarted enabled=yes + +- name: restart dnsmasq + service: name=dnsmasq state=restarted diff --git a/ansible/roles/hotspot/tasks/main.yml b/ansible/roles/hotspot/tasks/main.yml new file mode 100644 index 0000000..b2be8ee --- /dev/null +++ b/ansible/roles/hotspot/tasks/main.yml @@ -0,0 +1,15 @@ +- name: install hotspot dependencies + apt: name={{ item }} state=present + with_items: + - firmware-ralink + - iw + - wireless-tools + - hostapd + +- name: copy hostapd conf + template: src=hostapd.conf.j2 dest=/etc/hostapd/hostapd.conf + notify: restart hostapd + +- name: copy default hostapd conf + copy: src=hostapd dest=/etc/default/hostapd + notify: restart hostapd diff --git a/ansible/roles/hotspot/templates/hostapd.conf.j2 b/ansible/roles/hotspot/templates/hostapd.conf.j2 new file mode 100644 index 0000000..83ff514 --- /dev/null +++ b/ansible/roles/hotspot/templates/hostapd.conf.j2 @@ -0,0 +1,20 @@ +# hostapd sample config with documentation: +# http://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf +interface={{ interface }} +bridge={{ bridge }} +driver=nl80211 +ssid={{ ssid }} +country_code={{ country }} +hw_mode={{ mode }} +ieee80211n={{ ieee80211n }} +channel={{ channel }} +macaddr_acl=0 +auth_algs=1 +ignore_broadcast_ssid=0 +wmm_enabled=1 +# bit1: WPA2 only +wpa=1 +wpa_passphrase={{ passphrase }} +wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 +wpa_pairwise=TKIP +rsn_pairwise=CCMP diff --git a/ansible/roles/lan1-dhcp-client/files/lan1-dhcp b/ansible/roles/lan1-dhcp-client/files/lan1-dhcp deleted file mode 100644 index 81922ce..0000000 --- a/ansible/roles/lan1-dhcp-client/files/lan1-dhcp +++ /dev/null @@ -1,2 +0,0 @@ -auto eth0 -iface eth0 inet dhcp diff --git a/ansible/roles/lan1-dhcp-client/tasks/main.yml b/ansible/roles/lan1-dhcp-client/tasks/main.yml deleted file mode 100644 index fb5d06e..0000000 --- a/ansible/roles/lan1-dhcp-client/tasks/main.yml +++ /dev/null @@ -1,7 +0,0 @@ -- name: "configure LAN1 (eth0) to be a DHCP client" - copy: - src: lan1-dhcp - dest: /etc/network/interfaces.d/lan1-dhcp - -- name: bring up LAN1 (eth0) - shell: ifup eth0 diff --git a/ansible/roles/router/files/dnsmasq-router b/ansible/roles/router/files/dnsmasq-router new file mode 100644 index 0000000..7e48964 --- /dev/null +++ b/ansible/roles/router/files/dnsmasq-router @@ -0,0 +1,2 @@ +interface=br0 +dhcp-range=10.0.0.10,10.0.0.250,255.255.255.0,720h diff --git a/ansible/roles/router/files/enable-routing.conf b/ansible/roles/router/files/enable-routing.conf deleted file mode 100644 index 6ab7319..0000000 --- a/ansible/roles/router/files/enable-routing.conf +++ /dev/null @@ -1,2 +0,0 @@ -net.ipv4.ip_forward=1 -net.ipv6.conf.all.forwarding=0 diff --git a/ansible/roles/router/files/ferm.conf b/ansible/roles/router/files/ferm.conf index 1867e84..4cc1a24 100644 --- a/ansible/roles/router/files/ferm.conf +++ b/ansible/roles/router/files/ferm.conf @@ -7,7 +7,7 @@ @def $DEV_WORLD = eth0; # Interfaces towards LAN. -@def $DEV_PRIVATE = (eth1 eth2 eth3); +@def $DEV_PRIVATE = (br0); # Address range for LAN. @def $NET_PRIVATE = 10.0.0.0/16; diff --git a/ansible/roles/router/files/interfaces-eth1-eth2 b/ansible/roles/router/files/interfaces-eth1-eth2 deleted file mode 100644 index 721f2ed..0000000 --- a/ansible/roles/router/files/interfaces-eth1-eth2 +++ /dev/null @@ -1,11 +0,0 @@ -auto eth1 -iface eth1 inet static - address 10.0.2.1 - netmask 255.255.255.0 - gateway 10.0.0.255 - -auto eth2 -iface eth2 inet static - address 10.0.3.1 - netmask 255.255.255.0 - gateway 10.0.0.255 diff --git a/ansible/roles/router/files/setup-firewall b/ansible/roles/router/files/setup-firewall deleted file mode 100644 index 77f80d8..0000000 --- a/ansible/roles/router/files/setup-firewall +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -exec iptables -t nat -A POSTROUTING -j MASQUERADE diff --git a/ansible/roles/router/files/switch b/ansible/roles/router/files/switch new file mode 100644 index 0000000..ebf9da1 --- /dev/null +++ b/ansible/roles/router/files/switch @@ -0,0 +1,15 @@ +auto eth1 +iface eth1 inet manual + +auto eth2 +iface eth2 inet manual + +auto eth3 +iface eth3 inet manual + +auto br0 +iface br0 inet static + address 10.0.0.4 + netmask 255.255.255.0 + gateway 10.0.0.255 + bridge_ports eth1 eth2 eth3 diff --git a/ansible/roles/router/files/sysctl-routing.conf b/ansible/roles/router/files/sysctl-routing.conf new file mode 100644 index 0000000..6ab7319 --- /dev/null +++ b/ansible/roles/router/files/sysctl-routing.conf @@ -0,0 +1,2 @@ +net.ipv4.ip_forward=1 +net.ipv6.conf.all.forwarding=0 diff --git a/ansible/roles/router/handlers/main.yml b/ansible/roles/router/handlers/main.yml new file mode 100644 index 0000000..9bfdccb --- /dev/null +++ b/ansible/roles/router/handlers/main.yml @@ -0,0 +1,11 @@ +- name: restart ferm + service: name=ferm state=restarted enabled=yes + +- name: reload interfaces + service: name=networking state=restarted enabled=yes + +- name: restart dnsmasq + service: name=dnsmasq state=restarted enabled=yes + +- name: load sysctl config + shell: sysctl -p /etc/sysctl.d/routing.conf diff --git a/ansible/roles/router/tasks/main.yml b/ansible/roles/router/tasks/main.yml index 2bfaa99..bd28a11 100644 --- a/ansible/roles/router/tasks/main.yml +++ b/ansible/roles/router/tasks/main.yml @@ -1,31 +1,24 @@ - name: install ferm apt: name=ferm -- name: install ferm.conf - copy: - src: ferm.conf - dest: /etc/ferm/ferm.conf - owner: root - group: root - mode: 0640 +- name: copy ferm.conf + copy: > + src=ferm.conf dest=/etc/ferm/ferm.conf + owner=root group=root mode=0640 + notify: restart ferm -- name: restart ferm - service: - name: ferm - state: restarted +- name: remove installer eth3 configuration + file: path=/etc/network/interfaces.d/router state=absent + notify: reload interfaces -- name: configure eth1 and eth2 - copy: - src: interfaces-eth1-eth2 - dest: /etc/network/interfaces.d +- name: configure switch interfaces + template: src=ifupdown-switch dest=/etc/network/interfaces.d/switch + notify: reload interfaces -- name: bring up eth1 and eth2 - shell: ifup eth1 eth2 +- name: reconfigure dnsmasq + copy: src=dnsmasq-router dest=/etc/dnsmasq.d/router + notify: restart dnsmasq - name: set up packet forwarding sysctl config - copy: - src: enable-routing.conf - dest: /etc/sysctl.d - -- name: load sysctl config change - shell: sysctl -p /etc/sysctl.d/enable-routing.conf + copy: src=sysctl-routing.conf dest=/etc/sysctl.d/routing.conf + notify: load sysctl config diff --git a/ansible/roles/router/templates/ifupdown-switch b/ansible/roles/router/templates/ifupdown-switch new file mode 100644 index 0000000..d8d4ec5 --- /dev/null +++ b/ansible/roles/router/templates/ifupdown-switch @@ -0,0 +1,14 @@ +auto br0 +iface br0 inet static + address 10.0.0.4 + netmask 255.255.255.0 + gateway 10.0.0.255 + pre-up ip link add name $IFACE type bridge +{% for i in range(1, 4) %} + +auto eth{{i}} +iface eth{{i}} inet manual + up ip link set $IFACE up + post-up ip addr flush dev $IFACE + post-up ip link set $IFACE master br0 +{% endfor %} -- cgit v1.2.1