diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-08-20 18:18:41 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-08-20 18:18:41 +0300 |
commit | 24575c898d276c1bb43a418b3fcf84701cddc634 (patch) | |
tree | 2ae5f1721a269695bf13c333fd2b57ea621d5a45 | |
parent | 703290795909c767344147970f6305ed5bf5d763 (diff) | |
download | puomi-24575c898d276c1bb43a418b3fcf84701cddc634.tar.gz |
feat: add a role "puomi"
This can be used more easily from custom playbooks. The old
"puomi-playbook.yml" had to be edited, and that would be hard to
maintain.
Sponsored-by: author
-rw-r--r-- | roles/puomi/defaults/main.yml | 11 | ||||
-rw-r--r-- | roles/puomi/tasks/main.yml | 109 |
2 files changed, 120 insertions, 0 deletions
diff --git a/roles/puomi/defaults/main.yml b/roles/puomi/defaults/main.yml new file mode 100644 index 0000000..a4e353e --- /dev/null +++ b/roles/puomi/defaults/main.yml @@ -0,0 +1,11 @@ +puomi_version: 1 + +puomi_lan_ip: 10.2.2.1 +puomi_dhcp_start: 10.2.2.10 +puomi_dhcp_end: 10.2.2.250 +puomi_dhcp_netmask: 255.255.255.0 +puomi_dhcp_lease: 1h +puomi_essid: Valkama3 +puomi_wifi_country_code: FI +puomi_wifi_passphrase: Oomam2ah + diff --git a/roles/puomi/tasks/main.yml b/roles/puomi/tasks/main.yml new file mode 100644 index 0000000..90356c5 --- /dev/null +++ b/roles/puomi/tasks/main.yml @@ -0,0 +1,109 @@ +# Ansible role for installing a Puomi router. + +- name: "check puomi role version" + shell: | + [ "{{ puomi_version }}" = "1" ] || \ + (echo "Unexpected version {{ puomi_version }}" 1>&2; exit 1) + +- name: "puomi: add contrib and non-free to APT sources, for firmware" + apt_repository: + repo: "deb http://deb.debian.org/debian bullseye contrib non-free" + +- name: "puomi: install necessary software" + apt: + name: + - bind9-dnsutils + - bridge-utils + - dnsmasq + - ferm + - firmware-iwlwifi + - haveged + - hostapd + - locales-all + - man + +- name: "puomi: configure dnsmasq for .d support" + lineinfile: + path: /etc/dnsmasq.conf + regexp: ^conf-dir + line: "conf-dir=/etc/dnsmasq.d/,*.conf" + +- name: "puomi: configure dnsmasq for router" + copy: + content: | + dhcp-range={{ puomi_dhcp_start }},{{ puomi_dhcp_end }},{{ puomi_dhcp_netmask }},{{ puomi_dhcp_lease }} + host-record={{ inventory_hostname }},{{ puomi_lan_ip }} + interface=br0 + interface=lo + max-cache-ttl=30 + neg-ttl=10 + dest: /etc/dnsmasq.d/router.conf + +- name: "puomi: configure hostapd" + copy: + content: | + interface=wlan0 + bridge=br0 + driver=nl80211 + ssid={{ puomi_essid }} + country_code={{ puomi_wifi_country_code }} + hw_mode=g + ieee80211n=1 + channel=2 + macaddr_acl=0 + auth_algs=1 + ignore_broadcast_ssid=0 + wmm_enabled=1 + wpa=2 + wpa_passphrase={{ puomi_wifi_passphrase }} + wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 + wpa_pairwise=TKIP + rsn_pairwise=CCMP + dest: /etc/hostapd/hostapd.conf + +- name: "puomi: configure ferm firewall" + copy: + content: | + table filter { + chain INPUT policy ACCEPT; + chain OUTPUT policy ACCEPT; + chain FORWARD { + policy ACCEPT; + } + } + + table nat { + chain POSTROUTING MASQUERADE; + } + dest: /etc/ferm/ferm.conf + +- name: "puomi: configure bridge device br0" + copy: + content: | + [NetDev] + Name=br0 + Kind=bridge + dest: /etc/systemd/network/br0.netdev + +- name: "puomi: add LAN devices to br0" + copy: + content: | + [Match] + Name=eth[^0]* + + [Network] + Bridge=br0 + dest: /etc/systemd/network/wired.network + +- name: "puomi: configure bridge to provide DHCP and NAT" + copy: + content: | + [Match] + Name=br0 + + [Network] + Address={{ puomi_lan_ip }}/24 + DHCPServer=false + IPMasquerade=true + ConfigureWithoutCarrier=true + dest: /etc/systemd/network/br0.network |