diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-07-31 07:05:50 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-07-31 07:05:50 +0300 |
commit | 1bda8fd4d04cd1b4b5f4ab8bba32e939ba2ec940 (patch) | |
tree | a4e0eb7c713763044d14a4e903ca8b46cd26b46c | |
parent | a7c1ffe70a8316f3e8990f25d438bf42478c6463 (diff) | |
download | puomi-1bda8fd4d04cd1b4b5f4ab8bba32e939ba2ec940.tar.gz |
add initial, generic puomi playbook
Sponsored-by: author
-rw-r--r-- | puomi-playbook.yml | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/puomi-playbook.yml b/puomi-playbook.yml new file mode 100644 index 0000000..5c0b31d --- /dev/null +++ b/puomi-playbook.yml @@ -0,0 +1,126 @@ +# Ansible playbook for installing a router. + +- hosts: puomi + tasks: + - name: "add contrib and non-free to APT sources, for firmware" + apt_repository: + repo: "deb http://deb.debian.org/debian bullseye contrib non-free" + + - name: "install software" + apt: + name: + - hostapd + - firmware-iwlwifi + - haveged + - bridge-utils + - man + - ferm + - dnsmasq + - bind9-dnsutils + - locales-all + + - name: "configure dnsmasq for .d support" + lineinfile: + path: /etc/dnsmasq.conf + regexp: ^conf-dir + line: "conf-dir=/etc/dnsmasq.d/,*.conf" + + - name: "configure dnsmasq for router" + copy: + content: | + dhcp-range=10.1.1.10,10.1.1.250,255.255.255.0,1h + host-record=puomi,10.1.1.1 + interface=br0 + interface=lo + max-cache-ttl=30 + neg-ttl=10 + dest: /etc/dnsmasq.d/router.conf + + - name: "configure hostapd" + copy: + content: | + interface=wlan0 + bridge=br0 + driver=nl80211 + ssid={{ wifi_essid }} + country_code={{ wifi_country_code }} + hw_mode=g + ieee80211n=1 + channel=2 + macaddr_acl=0 + auth_algs=1 + ignore_broadcast_ssid=0 + wmm_enabled=1 + wpa=2 + wpa_passphrase={{ wifi_passphrase }} + wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 + wpa_pairwise=TKIP + rsn_pairwise=CCMP + dest: /etc/hostapd/hostapd.conf + + - name: "configure ferm firewall" + copy: + content: | + table filter { + chain INPUT policy ACCEPT; + chain OUTPUT policy ACCEPT; + chain FORWARD { + policy ACCEPT; + + # Printer + saddr 10.0.0.73 proto tcp DROP; + saddr 10.0.0.73 proto udp DROP; + } + } + + table nat { + chain POSTROUTING MASQUERADE; + } + dest: /etc/ferm/ferm.conf + + - name: "configure bridge device br0" + copy: + content: | + [NetDev] + Name=br0 + Kind=bridge + dest: /etc/systemd/network/br0.netdev + + - name: "add wired devices to br0" + copy: + content: | + [Match] + Name=eth[^0]* + + [Network] + Bridge=br0 + dest: /etc/systemd/network/wired.network + + - name: "configure br0 to provide DHCP and NAT" + copy: + content: | + [Match] + Name=br0 + + [Network] + Address=10.1.1.1/24 + DHCPServer=false + IPMasquerade=true + ConfigureWithoutCarrier=true + dest: /etc/systemd/network/br0.network + + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_codename: bullseye + sane_debian_system_timezone: Europe/Helsinki + sane_debian_system_sources_lists: + - repo: | + deb http://deb.debian.org/debian bullseye contrib non-free + + unix_users_version: 2 + + wifi_essid: Valkama2 + wifi_country_code: FI + wifi_passphrase: Oomam2ah |