diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-08-20 15:37:19 +0000 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-08-20 15:37:19 +0000 |
commit | 5865db8c2a0da062bd82b271e4e41b892913686a (patch) | |
tree | 2ae5f1721a269695bf13c333fd2b57ea621d5a45 | |
parent | a7c1ffe70a8316f3e8990f25d438bf42478c6463 (diff) | |
parent | 24575c898d276c1bb43a418b3fcf84701cddc634 (diff) | |
download | puomi-5865db8c2a0da062bd82b271e4e41b892913686a.tar.gz |
Merge branch 'role' into 'main'
add playbook / role to install Puomi
See merge request larswirzenius/puomi!9
-rw-r--r-- | hosts | 2 | ||||
-rwxr-xr-x | leases.sh | 13 | ||||
-rw-r--r-- | puomi-playbook.yml | 118 | ||||
-rw-r--r-- | puomi-qotom.yaml | 10 | ||||
-rw-r--r-- | puomi-x220.yaml | 2 | ||||
-rw-r--r-- | roles/puomi/defaults/main.yml | 11 | ||||
-rw-r--r-- | roles/puomi/tasks/main.yml | 109 |
7 files changed, 263 insertions, 2 deletions
@@ -0,0 +1,2 @@ +[all] +puomi diff --git a/leases.sh b/leases.sh new file mode 100755 index 0000000..513998a --- /dev/null +++ b/leases.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +set -euo pipefail + +awk ' +$4 == "*" { name=$2 } +$4 != "*" { name=$4 } +{ print name, $1, $3 } +' /var/lib/misc/dnsmasq.leases | + sort | + while read name timestamp ip; do + printf '%s %-15s %s\n' "$(date -Imin --date "@$timestamp")" "$ip" "$name" + done diff --git a/puomi-playbook.yml b/puomi-playbook.yml new file mode 100644 index 0000000..3a06be7 --- /dev/null +++ b/puomi-playbook.yml @@ -0,0 +1,118 @@ +# Ansible playbook for installing a router. + +- hosts: puomi + remote_user: root + tasks: + - name: "add contrib and non-free to APT sources, for firmware" + apt_repository: + repo: "deb http://deb.debian.org/debian bullseye contrib non-free" + + - name: "install software" + apt: + name: + - bind9-dnsutils + - bridge-utils + - dnsmasq + - ferm + - firmware-iwlwifi + - haveged + - hostapd + - locales-all + - man + + - name: "configure dnsmasq for .d support" + lineinfile: + path: /etc/dnsmasq.conf + regexp: ^conf-dir + line: "conf-dir=/etc/dnsmasq.d/,*.conf" + + - name: "configure dnsmasq for router" + copy: + content: | + dhcp-range=10.1.1.10,10.1.1.250,255.255.255.0,1h + host-record={{ inventory_hostname }},10.1.1.1 + interface=br0 + interface=lo + max-cache-ttl=30 + neg-ttl=10 + dest: /etc/dnsmasq.d/router.conf + + - name: "configure hostapd" + copy: + content: | + interface=wlan0 + bridge=br0 + driver=nl80211 + ssid={{ wifi_essid }} + country_code={{ wifi_country_code }} + hw_mode=g + ieee80211n=1 + channel=2 + macaddr_acl=0 + auth_algs=1 + ignore_broadcast_ssid=0 + wmm_enabled=1 + wpa=2 + wpa_passphrase={{ wifi_passphrase }} + wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 + wpa_pairwise=TKIP + rsn_pairwise=CCMP + dest: /etc/hostapd/hostapd.conf + + - name: "configure ferm firewall" + copy: + content: | + table filter { + chain INPUT policy ACCEPT; + chain OUTPUT policy ACCEPT; + chain FORWARD { + policy ACCEPT; + + # Printer + saddr 10.0.0.73 proto tcp DROP; + saddr 10.0.0.73 proto udp DROP; + } + } + + table nat { + chain POSTROUTING MASQUERADE; + } + dest: /etc/ferm/ferm.conf + + - name: "configure bridge device br0" + copy: + content: | + [NetDev] + Name=br0 + Kind=bridge + dest: /etc/systemd/network/br0.netdev + + - name: "add LAN devices to br0" + copy: + content: | + [Match] + Name=eth[^0]* + + [Network] + Bridge=br0 + dest: /etc/systemd/network/wired.network + + - name: "configure br0 to provide DHCP and NAT" + copy: + content: | + [Match] + Name=br0 + + [Network] + Address=10.1.1.1/24 + DHCPServer=false + IPMasquerade=true + ConfigureWithoutCarrier=true + dest: /etc/systemd/network/br0.network + + vars: + ansible_python_interpreter: /usr/bin/python3 + + wifi_essid: Valkama2 + wifi_country_code: FI + wifi_passphrase: Oomam2ah diff --git a/puomi-qotom.yaml b/puomi-qotom.yaml new file mode 100644 index 0000000..d770e21 --- /dev/null +++ b/puomi-qotom.yaml @@ -0,0 +1,10 @@ +# A target specification file for v-i for Puomi on a Lenovo Thinkpad +# X220 laptop. + +drive: /dev/sda +hostname: puomi +extra_playbooks: + - puomi-installer-playbook.yml +ansible_vars: + user_pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems diff --git a/puomi-x220.yaml b/puomi-x220.yaml index ac4a77d..4d11bef 100644 --- a/puomi-x220.yaml +++ b/puomi-x220.yaml @@ -3,8 +3,6 @@ drive: /dev/sda hostname: puomi-x220 -extra_playbooks: - - puomi-installer-playbook.yml ansible_vars: user_pub: | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems diff --git a/roles/puomi/defaults/main.yml b/roles/puomi/defaults/main.yml new file mode 100644 index 0000000..a4e353e --- /dev/null +++ b/roles/puomi/defaults/main.yml @@ -0,0 +1,11 @@ +puomi_version: 1 + +puomi_lan_ip: 10.2.2.1 +puomi_dhcp_start: 10.2.2.10 +puomi_dhcp_end: 10.2.2.250 +puomi_dhcp_netmask: 255.255.255.0 +puomi_dhcp_lease: 1h +puomi_essid: Valkama3 +puomi_wifi_country_code: FI +puomi_wifi_passphrase: Oomam2ah + diff --git a/roles/puomi/tasks/main.yml b/roles/puomi/tasks/main.yml new file mode 100644 index 0000000..90356c5 --- /dev/null +++ b/roles/puomi/tasks/main.yml @@ -0,0 +1,109 @@ +# Ansible role for installing a Puomi router. + +- name: "check puomi role version" + shell: | + [ "{{ puomi_version }}" = "1" ] || \ + (echo "Unexpected version {{ puomi_version }}" 1>&2; exit 1) + +- name: "puomi: add contrib and non-free to APT sources, for firmware" + apt_repository: + repo: "deb http://deb.debian.org/debian bullseye contrib non-free" + +- name: "puomi: install necessary software" + apt: + name: + - bind9-dnsutils + - bridge-utils + - dnsmasq + - ferm + - firmware-iwlwifi + - haveged + - hostapd + - locales-all + - man + +- name: "puomi: configure dnsmasq for .d support" + lineinfile: + path: /etc/dnsmasq.conf + regexp: ^conf-dir + line: "conf-dir=/etc/dnsmasq.d/,*.conf" + +- name: "puomi: configure dnsmasq for router" + copy: + content: | + dhcp-range={{ puomi_dhcp_start }},{{ puomi_dhcp_end }},{{ puomi_dhcp_netmask }},{{ puomi_dhcp_lease }} + host-record={{ inventory_hostname }},{{ puomi_lan_ip }} + interface=br0 + interface=lo + max-cache-ttl=30 + neg-ttl=10 + dest: /etc/dnsmasq.d/router.conf + +- name: "puomi: configure hostapd" + copy: + content: | + interface=wlan0 + bridge=br0 + driver=nl80211 + ssid={{ puomi_essid }} + country_code={{ puomi_wifi_country_code }} + hw_mode=g + ieee80211n=1 + channel=2 + macaddr_acl=0 + auth_algs=1 + ignore_broadcast_ssid=0 + wmm_enabled=1 + wpa=2 + wpa_passphrase={{ puomi_wifi_passphrase }} + wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 + wpa_pairwise=TKIP + rsn_pairwise=CCMP + dest: /etc/hostapd/hostapd.conf + +- name: "puomi: configure ferm firewall" + copy: + content: | + table filter { + chain INPUT policy ACCEPT; + chain OUTPUT policy ACCEPT; + chain FORWARD { + policy ACCEPT; + } + } + + table nat { + chain POSTROUTING MASQUERADE; + } + dest: /etc/ferm/ferm.conf + +- name: "puomi: configure bridge device br0" + copy: + content: | + [NetDev] + Name=br0 + Kind=bridge + dest: /etc/systemd/network/br0.netdev + +- name: "puomi: add LAN devices to br0" + copy: + content: | + [Match] + Name=eth[^0]* + + [Network] + Bridge=br0 + dest: /etc/systemd/network/wired.network + +- name: "puomi: configure bridge to provide DHCP and NAT" + copy: + content: | + [Match] + Name=br0 + + [Network] + Address={{ puomi_lan_ip }}/24 + DHCPServer=false + IPMasquerade=true + ConfigureWithoutCarrier=true + dest: /etc/systemd/network/br0.network |