.

2021-10-14 11:12:33 +02:00 · 2021-10-14 11:12:33 +02:00 · 5f7d7698e8
commit 5f7d7698e8
parent f116d87371
7 changed files with 76 additions and 29 deletions
--- a/salt/pillars/hostapd.sls
+++ b/salt/pillars/hostapd.sls
@ -0,0 +1,5 @@
+hostapd:
+  country_code: SE
+  ssid: Transportable Lab Unit
+  channel: 6
+  wpa_passphrase: linux2linux
--- a/salt/pillars/network.sls
+++ b/salt/pillars/network.sls
@ -4,11 +4,10 @@ network:
  netaddress: 192.168.0.0
  netmask: 24
  ip: 192.168.0.1
-  ap: 192.168.0.2
-  wifipass: linux2linux
  
  interface:
    internal: eth0
+    bridge: br0
    external: eth1
    wireless: wlan0

--- a/salt/pillars/top.sls
+++ b/salt/pillars/top.sls
@ -8,6 +8,7 @@ base:
    - remote-desktop
    - ssh
    - wireguard
+    - hostapd
 {% if salt['pillar.file_exists']('local.sls') %}
    - local
 {% endif %}
--- a/salt/states/firewalld/init.sls
+++ b/salt/states/firewalld/init.sls
@ -28,6 +28,7 @@ Configure firewalld for internal network:
    - interfaces:
      - {{ pillar['network']['interface']['internal'] }}
      - {{ pillar['wireguard']['iface'] }}
+      - {{ pillar['network']['interface']['wireless'] }}
    - sources:
      - {{ pillar['network']['netaddress'] }}/{{ pillar['network']['netmask'] }}
    - services:
--- a/salt/states/hostapd/files/hostapd.conf.jinja
+++ b/salt/states/hostapd/files/hostapd.conf.jinja
@ -0,0 +1,16 @@
+country_code={{ pillar['hostapd']['country_code'] }}
+interface={{ pillar['network']['interface']['wireless'] }}
+bridge={{ pillar['network']['interface']['bridge'] }}
+ssid={{ pillar['hostapd']['ssid'] }}
+hw_mode=g
+channel={{ pillar['hostapd']['channel'] }}
+macaddr_acl=0
+auth_algs=1
+ignore_broadcast_ssid=0
+wpa=2
+wpa_passphrase={{ pillar['hostapd']['wpa_passphrase'] }}
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=TKIP
+rsn_pairwise=CCMP
+own_ip_addr={{ pillar['network']['ip'] }}
+wpa_group_rekey=86400
--- a/salt/states/hostapd/init.sls
+++ b/salt/states/hostapd/init.sls
@ -0,0 +1,46 @@
+Set {{ pillar['network']['interface']['wireless'] }} to not be managed by NetworkManager:
+  cmd.run:
+    - name: nmcli device set {{ pillar['network']['interface']['wireless'] }} managed no
+    - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['interface']['wireless'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 0; else exit 1; fi"
+
+Delete {{ pillar['network']['interface']['internal'] }} connection:
+  cmd.run:
+    - name: nmcli connection delete {{ pillar['network']['interface']['internal'] }}
+    - unless: nmcli connection show {{ pillar['network']['interface']['internal'] }} > /dev/null
+
+Install hostapd:
+  pkg.installed:
+    - name: hostapd
+
+Configure hostapd:
+  file.managed:
+    - name: /etc/hostapd.conf
+    - source: salt://hostapd/files/hostapd.conf.jinja
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: "0600"
+
+Start hostapd:
+  service.running:
+    - name: hostapd
+    - enable: True
+    - watch:
+      - file: Configure hostapd
+
+Set {{ pillar['network']['interface']['bridge'] }} to be managed by NetworkManager:
+  cmd.run:
+    - name: nmcli device set {{ pillar['network']['interface']['bridge'] }} managed yes
+    - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['interface']['bridge'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 1; else exit 0; fi"
+
+Configure {{ pillar['network']['interface']['bridge'] }} connection:
+  cmd.run:
+    - name: nmcli connection add con-name {{ pillar['network']['interface']['bridge'] }} type bridge ifname {{ pillar['network']['interface']['bridge'] }} ipv4.method manual ipv4.addresses {{ pillar['network']['ip'] }}/{{ pillar['network']['netmask'] }}   ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2" ipv6.method disabled connection.autoconnect yes stp no
+    - unless: nmcli connection show {{ pillar['network']['interface']['bridge'] }} > /dev/null
+
+Add {{ pillar['network']['interface']['internal'] }} to bridge {{ pillar['network']['interface']['bridge'] }}:
+  cmd.run:
+    - name: nmcli connection add con-name {{ pillar['network']['interface']['bridge'] }}-{{ pillar['network']['interface']['internal'] }} ifname {{ pillar['network']['interface']['internal'] }} type bridge-slave master {{ pillar['network']['interface']['bridge'] }} connection.autoconnect yes
+    - unless: nmcli connection show {{ pillar['network']['interface']['bridge'] }}-{{ pillar['network']['interface']['internal'] }} > /dev/null
+
+
--- a/update.sh
+++ b/update.sh
@ -9,7 +9,7 @@ function printHelp(){
    cat << EOF
 Usage ${0##*/} [options..]
 -h,-?, --help           Show help and exit
-N, --network           configure network settings
+-N, --network-vlan      configure network settings
 -s, --salt              run a masterless salt-call
 -y, --yes               answer 'yes' on all questions
 -i, --image-load        pull images so they hits the local proxy
@ -103,7 +103,7 @@ function do_salt_call(){
    $salt state.apply pillar="{username: $USER}"
 }

-function configure_network(){
+function configure_network_vlan(){
    new_log "Configure network"
    if asktobreak; then
        return
@ -112,27 +112,6 @@ function configure_network(){
    if [[ -f salt/pillars/local.sls ]];then
        eval $(parse_yaml salt/pillars/local.sls "SALT_")
    fi
-    #configure internal interface
-    sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.addresses "${SALT_network_ip}/${SALT_network_netmask}"
-    sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2"
-    sudo nmcli connection modify "$SALT_network_interface_internal" ipv4.method manual
-    sudo nmcli connection down "$SALT_network_interface_internal" 
-    sudo nmcli connection up "$SALT_network_interface_internal"
-
-    #configure wireless AP
-    sudo nmcli connection add type wifi ifname "$SALT_network_interface_wireless" mode ap con-name tlu-ap ssid "Transportable Lab Unit"
-    sudo nmcli connection modify tlu-ap 802-11-wireless.band bg
-    sudo nmcli connection modify tlu-ap 802-11-wireless.channel 6
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.key-mgmt wpa-psk
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.proto rsn
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.group ccmp
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.pairwise ccmp
-    sudo nmcli connection modify tlu-ap 802-11-wireless-security.psk "$SALT_network_wifipass"
-    sudo nmcli connection modify tlu-ap ipv4.addr "${SALT_network_ap}/${SALT_network_netmask}"
-    sudo nmcli connection modify tlu-ap ipv4.gateway "${SALT_network_ip}"
-    sudo nmcli connection modify tlu-ap ipv4.dns "${SALT_network_ip}"
-    sudo nmcli connection modify tlu-ap ipv4.method manual
-    sudo nmcli connection up tlu-ap

    #configure external interface
    sudo nmcli connection modify "$SALT_network_interface_external" ipv4.method auto
@ -325,7 +304,7 @@ function airgap(){
 #initialize all options
 ALL=true
 SALT=false
-NETWORK=false
+NETWORK_VLAN=false
 ANSWER_YES=false
 RMT_SYNC=false
 RMT_MIRROR=false
@ -344,8 +323,8 @@ while :; do
            SALT=true
            ALL=false
            ;;
-	-N|--network)
-	    NETWORK=true
+	-N|--network-vlan)
+	    NETWORK_VLAN=true
 	    ALL=false
 	    ;;
        -y|--yes)
@ -393,7 +372,7 @@ for cmd in git salt-minion curl;do
 	check_prerequisites "$cmd"
 done

-[[ $ALL == true ]] || [[ $NETWORK == true ]] && configure_network
+[[ $ALL == true ]] || [[ $NETWORK_VLAN == true ]] && configure_network_vlan
 [[ $ALL == true ]] || [[ $SALT == true ]] && do_salt_call
 [[ $ALL == true ]] || [[ $RMT_SYNC == true ]] && rmt_sync
 [[ $ALL == true ]] || [[ $RMT_ENABLE_PRODUCTS == true ]] && rmt_enable_products