.

2021-10-14 11:12:33 +02:00
parent f116d87371
commit 5f7d7698e8
7 changed files with 76 additions and 29 deletions
--- a/salt/states/hostapd/files/hostapd.conf.jinja
+++ b/salt/states/hostapd/files/hostapd.conf.jinja
@@ -0,0 +1,16 @@
+country_code={{ pillar['hostapd']['country_code'] }}
+interface={{ pillar['network']['interface']['wireless'] }}
+bridge={{ pillar['network']['interface']['bridge'] }}
+ssid={{ pillar['hostapd']['ssid'] }}
+hw_mode=g
+channel={{ pillar['hostapd']['channel'] }}
+macaddr_acl=0
+auth_algs=1
+ignore_broadcast_ssid=0
+wpa=2
+wpa_passphrase={{ pillar['hostapd']['wpa_passphrase'] }}
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=TKIP
+rsn_pairwise=CCMP
+own_ip_addr={{ pillar['network']['ip'] }}
+wpa_group_rekey=86400
--- a/salt/states/hostapd/init.sls
+++ b/salt/states/hostapd/init.sls
@@ -0,0 +1,46 @@
+Set {{ pillar['network']['interface']['wireless'] }} to not be managed by NetworkManager:
+  cmd.run:
+    - name: nmcli device set {{ pillar['network']['interface']['wireless'] }} managed no
+    - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['interface']['wireless'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 0; else exit 1; fi"
+
+Delete {{ pillar['network']['interface']['internal'] }} connection:
+  cmd.run:
+    - name: nmcli connection delete {{ pillar['network']['interface']['internal'] }}
+    - unless: nmcli connection show {{ pillar['network']['interface']['internal'] }} > /dev/null
+
+Install hostapd:
+  pkg.installed:
+    - name: hostapd
+
+Configure hostapd:
+  file.managed:
+    - name: /etc/hostapd.conf
+    - source: salt://hostapd/files/hostapd.conf.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: "0600"
+
+Start hostapd:
+  service.running:
+    - name: hostapd
+    - enable: True
+    - watch:
+      - file: Configure hostapd
+
+Set {{ pillar['network']['interface']['bridge'] }} to be managed by NetworkManager:
+  cmd.run:
+    - name: nmcli device set {{ pillar['network']['interface']['bridge'] }} managed yes
+    - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['interface']['bridge'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 1; else exit 0; fi"
+
+Configure {{ pillar['network']['interface']['bridge'] }} connection:
+  cmd.run:
+    - name: nmcli connection add con-name {{ pillar['network']['interface']['bridge'] }} type bridge ifname {{ pillar['network']['interface']['bridge'] }} ipv4.method manual ipv4.addresses {{ pillar['network']['ip'] }}/{{ pillar['network']['netmask'] }}   ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2" ipv6.method disabled connection.autoconnect yes stp no
+    - unless: nmcli connection show {{ pillar['network']['interface']['bridge'] }} > /dev/null
+
+Add {{ pillar['network']['interface']['internal'] }} to bridge {{ pillar['network']['interface']['bridge'] }}:
+  cmd.run:
+    - name: nmcli connection add con-name {{ pillar['network']['interface']['bridge'] }}-{{ pillar['network']['interface']['internal'] }} ifname {{ pillar['network']['interface']['internal'] }} type bridge-slave master {{ pillar['network']['interface']['bridge'] }} connection.autoconnect yes
+    - unless: nmcli connection show {{ pillar['network']['interface']['bridge'] }}-{{ pillar['network']['interface']['internal'] }} > /dev/null
+
+