From c7226cb73e3a94bb90a448e262d438a440d29e98 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 19:57:09 +0100 Subject: [PATCH 01/12] add template for wpa_supplicant.conf --- .../wireless-network/templates/wpa_supplicant.conf.j2 | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 shared-roles/wireless-network/templates/wpa_supplicant.conf.j2 diff --git a/shared-roles/wireless-network/templates/wpa_supplicant.conf.j2 b/shared-roles/wireless-network/templates/wpa_supplicant.conf.j2 new file mode 100644 index 0000000..73a9811 --- /dev/null +++ b/shared-roles/wireless-network/templates/wpa_supplicant.conf.j2 @@ -0,0 +1,11 @@ +# managed with ansible +ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev +update_config=1 +p2p_disabled=1 +country={{ wifi__country }} + +network={ + #scan_ssid=1 + ssid="{{ wifi_ssid }}" + psk="{{ wifi_psk }}" +} From d56811c37b1fe91fe431ce54659570bde5b11f59 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 19:59:43 +0100 Subject: [PATCH 02/12] add task to configure wireless networking --- shared-roles/wireless-network/tasks/main.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 shared-roles/wireless-network/tasks/main.yml diff --git a/shared-roles/wireless-network/tasks/main.yml b/shared-roles/wireless-network/tasks/main.yml new file mode 100644 index 0000000..9944ed6 --- /dev/null +++ b/shared-roles/wireless-network/tasks/main.yml @@ -0,0 +1,16 @@ +- name: configure wireless network + tags: wireless-network + block: + - name: Install system dependencies + apt: + name: + - wpasupplicant + - name: Configure wpa_supplicant + template: + src: wpa_supplicant.conf.j2 + dest: /etc/wpa_supplicant/wpa_supplicant.conf + backup: yes + - name: make wpa_supplicant re-read it's configuration file + become: yes + command: "wpa_cli -i wlan0 reconfigure" + notify: Restart Networking From 8f1ae1e26e0bbed65cf24064e3333cefd4193331 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 20:00:43 +0100 Subject: [PATCH 03/12] add a handler to restart networking --- shared-roles/wireless-network/handlers/main.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 shared-roles/wireless-network/handlers/main.yml diff --git a/shared-roles/wireless-network/handlers/main.yml b/shared-roles/wireless-network/handlers/main.yml new file mode 100644 index 0000000..4dd149c --- /dev/null +++ b/shared-roles/wireless-network/handlers/main.yml @@ -0,0 +1,5 @@ +- name: Restart Networking + become: yes + service: + name: networking + state: restarted \ No newline at end of file From f02f3d2904070e97fad1f7e02fa19921483418a3 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 20:02:04 +0100 Subject: [PATCH 04/12] set default value for country to 'NO' --- shared-roles/wireless-network/defaults/main.yml | 1 + 1 file changed, 1 insertion(+) create mode 100644 shared-roles/wireless-network/defaults/main.yml diff --git a/shared-roles/wireless-network/defaults/main.yml b/shared-roles/wireless-network/defaults/main.yml new file mode 100644 index 0000000..6015bdf --- /dev/null +++ b/shared-roles/wireless-network/defaults/main.yml @@ -0,0 +1 @@ +wifi__country: "NO" From 3e61d556eaf87227c88b49f38eba9e1969f396a4 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 20:07:34 +0100 Subject: [PATCH 05/12] document role wireless-network and usage --- shared-roles/wireless-network/README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 shared-roles/wireless-network/README.md diff --git a/shared-roles/wireless-network/README.md b/shared-roles/wireless-network/README.md new file mode 100644 index 0000000..ee79b45 --- /dev/null +++ b/shared-roles/wireless-network/README.md @@ -0,0 +1,10 @@ +A role to configure the wireless network on Raspberry Pi, running RaspiOS (Raspbian). + +You will need to define + + wifi_ssid: + wifi_psk: + +in a file ../../host_vars//wifi.yml + +and encrypt it with ansible-vault before this role will work. NOTE: remember to encrypt before the file leaves your machine! From fde10de40ebe6871b385cc7ba715c81a33ab572b Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 21:30:36 +0100 Subject: [PATCH 06/12] add user setup for host --- host_vars/bitraf-friskluft/users.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 host_vars/bitraf-friskluft/users.yml diff --git a/host_vars/bitraf-friskluft/users.yml b/host_vars/bitraf-friskluft/users.yml new file mode 100644 index 0000000..e1f6bd5 --- /dev/null +++ b/host_vars/bitraf-friskluft/users.yml @@ -0,0 +1,11 @@ +lusers: + - eliasbakken + - mastensg + - tingo + - trygvis + +superusers: + - eliasbakken + - mastensg + - tingo + - trygvis From 61791dfaf0e6c8baa25ad96790bcd9e150ad3165 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 21:30:59 +0100 Subject: [PATCH 07/12] add wireless setup for host --- host_vars/bitraf-friskluft/wifi.yml | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 host_vars/bitraf-friskluft/wifi.yml diff --git a/host_vars/bitraf-friskluft/wifi.yml b/host_vars/bitraf-friskluft/wifi.yml new file mode 100644 index 0000000..b1a5271 --- /dev/null +++ b/host_vars/bitraf-friskluft/wifi.yml @@ -0,0 +1,7 @@ +$ANSIBLE_VAULT;1.1;AES256 +36333065616336626539303533313337363665353636323264666636616638666164633437656435 +3932316134663334616635663565373836613338373632610a393838613064643432396537613539 +64333761393438313332343335343533646631616431643562653134366262666635626630353039 +3337393039353731340a663131616633313762343731373065376238343338656165616637373431 +37643266326430373734346234343235663236376236373264336530343431306535303138353538 +3665303064636263313563663035373766636430313836666434 From bbbdd9b1a76ca44256b85982ac218a53f12db549 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 21:33:00 +0100 Subject: [PATCH 08/12] become is needed to modify system files --- shared-roles/wireless-network/tasks/main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/shared-roles/wireless-network/tasks/main.yml b/shared-roles/wireless-network/tasks/main.yml index 9944ed6..c7e9f67 100644 --- a/shared-roles/wireless-network/tasks/main.yml +++ b/shared-roles/wireless-network/tasks/main.yml @@ -6,6 +6,7 @@ name: - wpasupplicant - name: Configure wpa_supplicant + become: yes template: src: wpa_supplicant.conf.j2 dest: /etc/wpa_supplicant/wpa_supplicant.conf From 6230332000b304fb496df82404431cac7b500fe4 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Sun, 9 Jan 2022 21:58:22 +0100 Subject: [PATCH 09/12] rfkill unblock wlan is needed, too --- shared-roles/wireless-network/tasks/main.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/shared-roles/wireless-network/tasks/main.yml b/shared-roles/wireless-network/tasks/main.yml index c7e9f67..7aa6140 100644 --- a/shared-roles/wireless-network/tasks/main.yml +++ b/shared-roles/wireless-network/tasks/main.yml @@ -11,6 +11,9 @@ src: wpa_supplicant.conf.j2 dest: /etc/wpa_supplicant/wpa_supplicant.conf backup: yes + - name: disable the rf kill switch + become: yes + command: "rfkill unblock wlan" - name: make wpa_supplicant re-read it's configuration file become: yes command: "wpa_cli -i wlan0 reconfigure" From 7998dc318c8968135fa38ef2c4fab86445e70fa1 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Mon, 10 Jan 2022 20:56:20 +0100 Subject: [PATCH 10/12] add more settings for lan network on host bitraf-friskluft --- group_vars/all/host_database.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/group_vars/all/host_database.yml b/group_vars/all/host_database.yml index a21563f..359c16d 100644 --- a/group_vars/all/host_database.yml +++ b/group_vars/all/host_database.yml @@ -115,3 +115,5 @@ host_database: dns: bitraf-friskluft.lan.bitraf.no ipv4: address: 10.13.37.229 + netmask: 24 + gateway: 10.13.37.1 From 819dacfa8fda9c798d0f1f2ece8a523e4c6957af Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Mon, 10 Jan 2022 20:59:19 +0100 Subject: [PATCH 11/12] add host bitraf-friskluft --- inventory | 1 + 1 file changed, 1 insertion(+) diff --git a/inventory b/inventory index fe6d15b..7b0dc35 100644 --- a/inventory +++ b/inventory @@ -3,6 +3,7 @@ aix ansible_host=aix.bitraf.no ansible_python_interpreter=/usr/local/bin/python3 ansible_become_method=doas bite ansible_host=bite.bitraf.no ansible_python_interpreter=/usr/bin/python3 bitnode ansible_host=bitnode.bitraf.no +bitraf-friskluft ansible_host=bitraf-friskluft.lan.bitraf.no ansible_python_interpreter=/usr/bin/python3 bomba ansible_host=bomba.bitraf.no boxy2 ansible_host=boxy2.local boxy2-eof ansible_host=boxy2-eof.local From 5df7b32fdc5c2fd8335560b2b298f0f4c43c4790 Mon Sep 17 00:00:00 2001 From: Torfinn Ingolfsen Date: Tue, 11 Jan 2022 22:34:53 +0100 Subject: [PATCH 12/12] playbook to configure the gateway server --- bitraf-friskluft.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 bitraf-friskluft.yml diff --git a/bitraf-friskluft.yml b/bitraf-friskluft.yml new file mode 100644 index 0000000..df6207c --- /dev/null +++ b/bitraf-friskluft.yml @@ -0,0 +1,23 @@ +- hosts: + - bitraf-friskluft + vars: + lan: "{{ host_database[ansible_hostname].interfaces.lan }}" + roles: + - lusers + - superusers + - wireless-network + + - role: systemd-networkd-interface + tags: network + vars: + priority: 10 + interface: wlan0 + network_content: | + [Match] + Name={{ interface }} + + [Network] + Address={{ lan.ipv4.address }}/{{ lan.ipv4.netmask }} + {% if lan.ipv4.gateway|default("")|length>0 %} + Gateway={{ lan.ipv4.gateway }} + {% endif %}