From eaa7827202ff33c0b2e5581ddd56d9cc156c1ac3 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Thu, 13 Jul 2023 08:10:05 +0300
Subject: feat: configure networkd to use wifi if available

Sponsored-by: author
---
 installer-ansible.yml | 42 ++++++++++++++++++++++++++++++++----------
 1 file changed, 32 insertions(+), 10 deletions(-)

diff --git a/installer-ansible.yml b/installer-ansible.yml
index b545e55..e8fddf7 100644
--- a/installer-ansible.yml
+++ b/installer-ansible.yml
@@ -54,16 +54,6 @@
       apt_repository:
         repo: "deb http://deb.debian.org/debian bookworm contrib non-free non-free-firmware"
 
-    - name: "install wifi firmware"
-      apt:
-        name:
-          - firmware-brcm80211
-          - firmware-iwlwifi
-          - firmware-libertas
-          - firmware-misc-nonfree
-          - firmware-realtek
-          - firmware-ti-connectivity
-
     # Install vmdb2, which actually does the installation to the
     # target system.
 
@@ -134,6 +124,17 @@
 
     # Network configuration.
 
+    - name: "install wifi firmware and iwd"
+      apt:
+        name:
+          - firmware-brcm80211
+          - firmware-iwlwifi
+          - firmware-libertas
+          - firmware-misc-nonfree
+          - firmware-realtek
+          - firmware-ti-connectivity
+          - iwd
+
     - name: "remove ifupdown in favor of systemd-networkd"
       apt:
         name: ifupdown
@@ -152,6 +153,9 @@
 
           [Network]
           DHCP=ipv4
+
+          [DHCPv4]
+          RouteMetric=20
         dest: /etc/systemd/network/eth0.network
 
     - name: "configure bridge device br0 for local network ports"
@@ -186,6 +190,24 @@
           ConfigureWithoutCarrier=true
         dest: /etc/systemd/network/br0.network
 
+    - name: "configure wifi"
+      copy:
+        content: |
+          [Match]
+          Name=wlan0
+
+          [Network]
+          DHCP=yes
+
+          [DHCPv4]
+          RouteMetric=20
+        dest: /etc/systemd/network/wireless.network
+
+    - name: "enable iwd"
+      systemd:
+        name: iwd
+        enabled: yes
+
     - name: "install dnsmasq"
       apt:
         name: dnsmasq
-- 
cgit v1.2.1


From e8e737603e44d4077f81798d16010210114aa468 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Thu, 13 Jul 2023 08:40:46 +0300
Subject: fix: progress message

Sponsored-by: author
---
 write-and-config.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/write-and-config.sh b/write-and-config.sh
index 308065e..fca1b5e 100755
--- a/write-and-config.sh
+++ b/write-and-config.sh
@@ -23,5 +23,5 @@ for fs in "$dev"?; do
 done
 
 echo
-echo "Configure user CA"
+echo "Configure installer"
 ./configure-installer "$config" "$dev"
-- 
cgit v1.2.1


From c2cffd5635379a49c3451c08c5d0f545281c61e8 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Thu, 13 Jul 2023 08:40:59 +0300
Subject: feat(configure-installer): allow user to pre-configure a wifi

Sponsored-by: author
---
 configure-installer | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/configure-installer b/configure-installer
index fce3695..b11cc6e 100755
--- a/configure-installer
+++ b/configure-installer
@@ -29,6 +29,8 @@ class Config:
         "user_ca_pub_file": None,
         "user_ca_pub_cmd": None,
         "cmd_as_user": None,
+        "wifi_name": None,
+        "wifi_password": None,
     }
 
     exandable = [
@@ -65,6 +67,9 @@ class Config:
     def host_cert(self, hostname):
         return self._get_from_file_or_cmd("host_cert", "host certificate", hostname)
 
+    def wifi(self):
+        return self.config.get("wifi_name"), self.config.get("wifi_password")
+
     def _get_from_file_or_cmd(self, prefix, msg, hostname):
         log("_get: A")
         filename = self.config.get(f"{prefix}_file")
@@ -206,6 +211,16 @@ def user_ca(config, mp):
     write(cakeys, ca_key, 0, 0, 0o644)
 
 
+def wifi(config, mp):
+    (name, password) = config.wifi()
+    if name and password:
+        data = f"[Security]\nPassphrase={password}\n"
+        filename = f"{mp}/var/lib/iwd/{name}.psk"
+        dirname = os.path.dirname(filename)
+        os.makedirs(dirname, exist_ok=True)
+        write(filename, data, 0, 0, 0o600)
+
+
 def main():
     log("configure-image starting")
 
@@ -236,6 +251,7 @@ def main():
         host_id(config, mp, args.hostname)
         authorized_keys(config, mp)
         user_ca(config, mp)
+        wifi(config, mp)
     finally:
         unmount(mp)
         os.rmdir(mp)
-- 
cgit v1.2.1


From a5becebde70a108e82b36f19a955d8b4c7c4b825 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Thu, 13 Jul 2023 08:42:10 +0300
Subject: chore: add .gitignore

Sponsored-by: author
---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..ff73ae5
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+*.img
+config-*.yaml
-- 
cgit v1.2.1