.

salt/pillars/hostapd.sls

@@ -0,0 +1,5 @@
+hostapd:
+  country_code: SE
+  ssid: Transportable Lab Unit
+  channel: 6
+  wpa_passphrase: linux2linux

salt/pillars/network.sls

@@ -4,11 +4,10 @@ network:
   netaddress: 192.168.0.0
   netmask: 24
   ip: 192.168.0.1
-  ap: 192.168.0.2
-  wifipass: linux2linux
   
   interface:
     internal: eth0
+    bridge: br0
     external: eth1
     wireless: wlan0
 

salt/pillars/top.sls

@@ -8,6 +8,7 @@ base:
     - remote-desktop
     - ssh
     - wireguard
+    - hostapd
 {% if salt['pillar.file_exists']('local.sls') %}
     - local
 {% endif %}

salt/states/firewalld/init.sls

@@ -28,6 +28,7 @@ Configure firewalld for internal network:
     - interfaces:
       - {{ pillar['network']['interface']['internal'] }}
       - {{ pillar['wireguard']['iface'] }}
+      - {{ pillar['network']['interface']['wireless'] }}
     - sources:
       - {{ pillar['network']['netaddress'] }}/{{ pillar['network']['netmask'] }}
     - services:

salt/states/hostapd/files/hostapd.conf.jinja

@@ -0,0 +1,16 @@
+country_code={{ pillar['hostapd']['country_code'] }}
+interface={{ pillar['network']['interface']['wireless'] }}
+bridge={{ pillar['network']['interface']['bridge'] }}
+ssid={{ pillar['hostapd']['ssid'] }}
+hw_mode=g
+channel={{ pillar['hostapd']['channel'] }}
+macaddr_acl=0
+auth_algs=1
+ignore_broadcast_ssid=0
+wpa=2
+wpa_passphrase={{ pillar['hostapd']['wpa_passphrase'] }}
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=TKIP
+rsn_pairwise=CCMP
+own_ip_addr={{ pillar['network']['ip'] }}
+wpa_group_rekey=86400

salt/states/hostapd/init.sls

@@ -0,0 +1,46 @@
+Set {{ pillar['network']['interface']['wireless'] }} to not be managed by NetworkManager:
+  cmd.run:
+    - name: nmcli device set {{ pillar['network']['interface']['wireless'] }} managed no
+    - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['interface']['wireless'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 0; else exit 1; fi"
+
+Delete {{ pillar['network']['interface']['internal'] }} connection:
+  cmd.run:
+    - name: nmcli connection delete {{ pillar['network']['interface']['internal'] }}
+    - unless: nmcli connection show {{ pillar['network']['interface']['internal'] }} > /dev/null
+
+Install hostapd:
+  pkg.installed:
+    - name: hostapd
+
+Configure hostapd:
+  file.managed:
+    - name: /etc/hostapd.conf
+    - source: salt://hostapd/files/hostapd.conf.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: "0600"
+
+Start hostapd:
+  service.running:
+    - name: hostapd
+    - enable: True
+    - watch:
+      - file: Configure hostapd
+
+Set {{ pillar['network']['interface']['bridge'] }} to be managed by NetworkManager:
+  cmd.run:
+    - name: nmcli device set {{ pillar['network']['interface']['bridge'] }} managed yes
+    - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['interface']['bridge'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 1; else exit 0; fi"
+
+Configure {{ pillar['network']['interface']['bridge'] }} connection:
+  cmd.run:
+    - name: nmcli connection add con-name {{ pillar['network']['interface']['bridge'] }} type bridge ifname {{ pillar['network']['interface']['bridge'] }} ipv4.method manual ipv4.addresses {{ pillar['network']['ip'] }}/{{ pillar['network']['netmask'] }}   ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2" ipv6.method disabled connection.autoconnect yes stp no
+    - unless: nmcli connection show {{ pillar['network']['interface']['bridge'] }} > /dev/null
+
+Add {{ pillar['network']['interface']['internal'] }} to bridge {{ pillar['network']['interface']['bridge'] }}:
+  cmd.run:
+    - name: nmcli connection add con-name {{ pillar['network']['interface']['bridge'] }}-{{ pillar['network']['interface']['internal'] }} ifname {{ pillar['network']['interface']['internal'] }} type bridge-slave master {{ pillar['network']['interface']['bridge'] }} connection.autoconnect yes
+    - unless: nmcli connection show {{ pillar['network']['interface']['bridge'] }}-{{ pillar['network']['interface']['internal'] }} > /dev/null
+
+

update.sh

@@ -9,7 +9,7 @@ function printHelp(){
     cat << EOF
 Usage ${0##*/} [options..]
 -h,-?, --help           Show help and exit
--N, --network           configure network settings
+-N, --network-vlan      configure network settings
 -s, --salt              run a masterless salt-call
 -y, --yes               answer 'yes' on all questions
 -i, --image-load        pull images so they hits the local proxy
@@ -103,7 +103,7 @@ function do_salt_call(){
     $salt state.apply pillar="{username: $USER}"
 }
 
-function configure_network(){
+function configure_network_vlan(){
     new_log "Configure network"
     if asktobreak; then
         return
@@ -112,27 +112,6 @@ function configure_network(){
     if [[ -f salt/pillars/local.sls ]];then
         eval $(parse_yaml salt/pillars/local.sls "SALT_")
     fi
-    #configure internal interface
-    sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.addresses "${SALT_network_ip}/${SALT_network_netmask}"
-    sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2"
-    sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.method manual
-    sudo nmcli connection down "$SALT_network_interface_internal" 
-    sudo nmcli connection up "$SALT_network_interface_internal"
-
-    #configure wireless AP
-    sudo nmcli connection add type wifi ifname "$SALT_network_interface_wireless" mode ap con-name tlu-ap ssid "Transportable Lab Unit"
-    sudo nmcli connection modify tlu-ap 802-11-wireless.band bg
-    sudo nmcli connection modify tlu-ap 802-11-wireless.channel 6
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.key-mgmt wpa-psk
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.proto rsn
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.group ccmp
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.pairwise ccmp
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.psk "$SALT_network_wifipass"
-    sudo nmcli connection modify tlu-ap ipv4.addr "${SALT_network_ap}/${SALT_network_netmask}"
-    sudo nmcli connection modify tlu-ap ipv4.gateway "${SALT_network_ip}"
-    sudo nmcli connection modify tlu-ap ipv4.dns "${SALT_network_ip}"
-    sudo nmcli connection modify tlu-ap ipv4.method manual
-    sudo nmcli connection up tlu-ap
 
     #configure external interface
     sudo nmcli connection modify "$SALT_network_interface_external" ipv4.method auto
@@ -325,7 +304,7 @@ function airgap(){
 #initialize all options
 ALL=true
 SALT=false
-NETWORK=false
+NETWORK_VLAN=false
 ANSWER_YES=false
 RMT_SYNC=false
 RMT_MIRROR=false
@@ -344,8 +323,8 @@ while :; do
             SALT=true
             ALL=false
             ;;
-	-N|--network)
+	-N|--network-vlan)
-	    NETWORK=true
+	    NETWORK_VLAN=true
 	    ALL=false
 	    ;;
         -y|--yes)
@@ -393,7 +372,7 @@ for cmd in git salt-minion curl;do
 	check_prerequisites "$cmd"
 done
 
-[[ $ALL == true ]] || [[ $NETWORK == true ]] && configure_network
+[[ $ALL == true ]] || [[ $NETWORK_VLAN == true ]] && configure_network_vlan
 [[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call
 [[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync
 [[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products