diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-09-04 14:16:37 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-09-04 16:08:17 +0300 |
commit | 2b9afe51878f129b46f16434402cd88f867246f9 (patch) | |
tree | bf6cd260741d5753b6297af264acc0ddda8db016 | |
parent | b76a5c173fdf28c19b7a4881087a4d2c3475896f (diff) | |
download | puomi-2b9afe51878f129b46f16434402cd88f867246f9.tar.gz |
add extra playbook to run by v-i when installing Puomi
The playbook tries to set up dnsmasq for local network and provide
DHCP and DNS, but fails to actually work. I don't know why, yet.
Sponsored-by: author
-rw-r--r-- | puomi-playbook.yml | 113 | ||||
-rw-r--r-- | puomi-x220.yaml | 19 | ||||
-rw-r--r-- | roles/puomi/tasks/main.yml | 98 |
3 files changed, 56 insertions, 174 deletions
diff --git a/puomi-playbook.yml b/puomi-playbook.yml index 3a06be7..7e6e0ba 100644 --- a/puomi-playbook.yml +++ b/puomi-playbook.yml @@ -1,8 +1,14 @@ -# Ansible playbook for installing a router. +# Ansible playbook for installing a Puomi Internet router. -- hosts: puomi - remote_user: root +- hosts: image tasks: + + - name: "unset root password so that virtual console logins work" + shell: | + sed -i '/^root:[^:]*:/s//root::/' /etc/passwd /etc/shadow + + # Install software we'll need for router functionality. + - name: "add contrib and non-free to APT sources, for firmware" apt_repository: repo: "deb http://deb.debian.org/debian bullseye contrib non-free" @@ -13,73 +19,10 @@ - bind9-dnsutils - bridge-utils - dnsmasq - - ferm - - firmware-iwlwifi - - haveged - - hostapd - - locales-all - - man - - - name: "configure dnsmasq for .d support" - lineinfile: - path: /etc/dnsmasq.conf - regexp: ^conf-dir - line: "conf-dir=/etc/dnsmasq.d/,*.conf" - - name: "configure dnsmasq for router" - copy: - content: | - dhcp-range=10.1.1.10,10.1.1.250,255.255.255.0,1h - host-record={{ inventory_hostname }},10.1.1.1 - interface=br0 - interface=lo - max-cache-ttl=30 - neg-ttl=10 - dest: /etc/dnsmasq.d/router.conf + # Network configuration. - - name: "configure hostapd" - copy: - content: | - interface=wlan0 - bridge=br0 - driver=nl80211 - ssid={{ wifi_essid }} - country_code={{ wifi_country_code }} - hw_mode=g - ieee80211n=1 - channel=2 - macaddr_acl=0 - auth_algs=1 - ignore_broadcast_ssid=0 - wmm_enabled=1 - wpa=2 - wpa_passphrase={{ wifi_passphrase }} - wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 - wpa_pairwise=TKIP - rsn_pairwise=CCMP - dest: /etc/hostapd/hostapd.conf - - - name: "configure ferm firewall" - copy: - content: | - table filter { - chain INPUT policy ACCEPT; - chain OUTPUT policy ACCEPT; - chain FORWARD { - policy ACCEPT; - - # Printer - saddr 10.0.0.73 proto tcp DROP; - saddr 10.0.0.73 proto udp DROP; - } - } - - table nat { - chain POSTROUTING MASQUERADE; - } - dest: /etc/ferm/ferm.conf - - - name: "configure bridge device br0" + - name: "configure bridge device br0 for local network ports" copy: content: | [NetDev] @@ -87,7 +30,7 @@ Kind=bridge dest: /etc/systemd/network/br0.netdev - - name: "add LAN devices to br0" + - name: "add local network ports to br0" copy: content: | [Match] @@ -95,24 +38,44 @@ [Network] Bridge=br0 - dest: /etc/systemd/network/wired.network + dest: /etc/systemd/network/local.network - - name: "configure br0 to provide DHCP and NAT" + - name: "configure bridge br0" copy: content: | [Match] Name=br0 [Network] - Address=10.1.1.1/24 + Address={{ puomi_lan_ip }}/24 DHCPServer=false + IPForward=true IPMasquerade=true ConfigureWithoutCarrier=true dest: /etc/systemd/network/br0.network + - name: "configure dnsmasq for configuration .d directory support" + lineinfile: + path: /etc/dnsmasq.conf + regexp: ^conf-dir + line: "conf-dir=/etc/dnsmasq.d/,*.conf" + + - name: "configure dnsmasq for local bridge br0" + copy: + content: | + dhcp-range={{ puomi_dhcp_start }},{{ puomi_dhcp_end }},{{ puomi_dhcp_netmask }},{{ puomi_dhcp_lease }} + host-record={{ hostname }},{{ puomi_lan_ip }} + interface=br0 + max-cache-ttl=30 + neg-ttl=10 + dest: /etc/dnsmasq.d/router.conf + vars: ansible_python_interpreter: /usr/bin/python3 - wifi_essid: Valkama2 - wifi_country_code: FI - wifi_passphrase: Oomam2ah + puomi_lan_ip: 10.1.1.1 + puomi_dhcp_start: 10.1.1.10 + puomi_dhcp_end: 10.1.1.250 + puomi_dhcp_netmask: 255.255.255.0 + puomi_dhcp_lease: 1h + diff --git a/puomi-x220.yaml b/puomi-x220.yaml index 4d11bef..8c5c01f 100644 --- a/puomi-x220.yaml +++ b/puomi-x220.yaml @@ -2,7 +2,20 @@ # X220 laptop. drive: /dev/sda -hostname: puomi-x220 +hostname: x220 +extra_playbooks: + - puomi-playbook.yml ansible_vars: - user_pub: | - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems + user_ca_pubkey: | + sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAnrswi6ZNElxSgt6ak5hjSNIkVte11ht7BG3qpBJU4hAAAABHNzaDo= + host_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACDgceidrQ/lwB1Qv6fAG6w72wDUuP+gPxdzPtUp77YmkwAAAIhrsL33a7C9 + 9wAAAAtzc2gtZWQyNTUxOQAAACDgceidrQ/lwB1Qv6fAG6w72wDUuP+gPxdzPtUp77Ymkw + AAAEC7xtew61U18uYzwB4NxB1HSmmzhGxyy8Sc8s3/PwX+seBx6J2tD+XAHVC/p8AbrDvb + ANS4/6A/F3M+1SnvtiaTAAAAAAECAwQF + -----END OPENSSH PRIVATE KEY----- + host_cert: | + ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIH2RrP85+uGyhdxIE6vABe8/Skiphfk5TkgwV0pnBMYCAAAAIOBx6J2tD+XAHVC/p8AbrDvbANS4/6A/F3M+1SnvtiaTAAAAAAAAAAAAAAACAAAAGWNlcnRpZmljYXRlIGZvciBob3N0IHgyMjAAAAAIAAAABHgyMjAAAAAAYxRDzAAAAABjius5AAAAAAAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACD7tWzrRUC8C8aZNM0tWvEBW/VJQ2zjjh9THBOYQ07ZxAAAAFMAAAALc3NoLWVkMjU1MTkAAABALO0Sz383jbwsEMWgGWYmMGbAjSQHaEZgVtxx+NDCqK1xgPJ9PVWyxQGGVPz/ibrLCjsLlHEu/tLWdNmxmzqjCA== /tmp/.tmphE2hGI/sub.pub + diff --git a/roles/puomi/tasks/main.yml b/roles/puomi/tasks/main.yml index 1114288..ff151bf 100644 --- a/roles/puomi/tasks/main.yml +++ b/roles/puomi/tasks/main.yml @@ -1,6 +1,6 @@ # Ansible role for installing a Puomi router. -- name: "check puomi role version" +- name: "puomi: check role version" shell: | [ "{{ puomi_version }}" = "1" ] || \ (echo "Unexpected version {{ puomi_version }}" 1>&2; exit 1) @@ -9,107 +9,13 @@ apt_repository: repo: "deb http://deb.debian.org/debian bullseye contrib non-free" -- name: "puomi: install necessary software" +- name: "puomi: install necessary or useful software for a router" apt: name: - - bind9-dnsutils - - bridge-utils - - dnsmasq - - ferm - - firmware-iwlwifi - - haveged - - hostapd - - locales-all - man - lshw - pciutils -- name: "puomi: configure dnsmasq for .d support" - lineinfile: - path: /etc/dnsmasq.conf - regexp: ^conf-dir - line: "conf-dir=/etc/dnsmasq.d/,*.conf" - -- name: "puomi: configure dnsmasq for router" - copy: - content: | - dhcp-range={{ puomi_dhcp_start }},{{ puomi_dhcp_end }},{{ puomi_dhcp_netmask }},{{ puomi_dhcp_lease }} - host-record={{ inventory_hostname }},{{ puomi_lan_ip }} - interface=br0 - interface=lo - max-cache-ttl=30 - neg-ttl=10 - dest: /etc/dnsmasq.d/router.conf - -- name: "puomi: configure hostapd" - copy: - content: | - interface=wlan0 - bridge=br0 - driver=nl80211 - ssid={{ puomi_essid }} - country_code={{ puomi_wifi_country_code }} - hw_mode=g - ieee80211n=1 - channel=2 - macaddr_acl=0 - auth_algs=1 - ignore_broadcast_ssid=0 - wmm_enabled=1 - wpa=2 - wpa_passphrase={{ puomi_wifi_passphrase }} - wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 - wpa_pairwise=TKIP - rsn_pairwise=CCMP - dest: /etc/hostapd/hostapd.conf - -- name: "puomi: configure ferm firewall" - copy: - content: | - table filter { - chain INPUT policy ACCEPT; - chain OUTPUT policy ACCEPT; - chain FORWARD { - policy ACCEPT; - } - } - - table nat { - chain POSTROUTING MASQUERADE; - } - dest: /etc/ferm/ferm.conf - -- name: "puomi: configure bridge device br0" - copy: - content: | - [NetDev] - Name=br0 - Kind=bridge - dest: /etc/systemd/network/br0.netdev - -- name: "puomi: add LAN devices to br0" - copy: - content: | - [Match] - Name=eth[^0]* - - [Network] - Bridge=br0 - dest: /etc/systemd/network/wired.network - -- name: "puomi: configure bridge to provide DHCP and NAT" - copy: - content: | - [Match] - Name=br0 - - [Network] - Address={{ puomi_lan_ip }}/24 - DHCPServer=false - IPMasquerade=true - ConfigureWithoutCarrier=true - dest: /etc/systemd/network/br0.network - - name: "puomi: install script to show current DHCP leases" copy: src: leases |