Set {{ pillar['network']['wireless'] }} to not be managed by NetworkManager: cmd.run: - name: nmcli device set {{ pillar['network']['wireless'] }} managed no - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['wireless'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 0; else exit 1; fi" Delete {{ pillar['network']['interface'] }} connection: cmd.run: - name: nmcli connection delete {{ pillar['network']['interface'] }} - onlyif: nmcli connection show {{ pillar['network']['interface'] }} > /dev/null Install hostapd: pkg.installed: - name: hostapd Configure hostapd: file.managed: - name: /etc/hostapd.conf - source: salt://hostapd/files/hostapd.conf.jinja - template: jinja - user: root - group: root - mode: "0600" Start hostapd: service.running: - name: hostapd - enable: True - watch: - file: Configure hostapd Set {{ pillar['network']['bridge'] }} to be managed by NetworkManager: cmd.run: - name: nmcli device set {{ pillar['network']['bridge'] }} managed yes - unless: bash -c "if [[ \"$(nmcli device show {{ pillar['network']['bridge'] }} | sed -n 's/^GENERAL.STATE.*(\(.*\)).*$/\1/p')\" == \"unmanaged\" ]]; then exit 1; else exit 0; fi" Configure {{ pillar['network']['bridge'] }} connection: cmd.run: - name: nmcli connection add con-name {{ pillar['network']['bridge'] }} type bridge ifname {{ pillar['network']['bridge'] }} ipv4.method manual ipv4.addresses {{ pillar['network']['ip'] }}/24 ipv4.dns "127.0.0.1, 1.1.1.1, 1.1.1.2" ipv6.method disabled connection.autoconnect yes stp no - unless: nmcli connection show {{ pillar['network']['bridge'] }} > /dev/null Add {{ pillar['network']['interface'] }} to bridge {{ pillar['network']['bridge'] }}: cmd.run: - name: nmcli connection add con-name {{ pillar['network']['bridge'] }}-{{ pillar['network']['interface'] }} ifname {{ pillar['network']['interface'] }} type bridge-slave master {{ pillar['network']['bridge'] }} connection.autoconnect yes - unless: nmcli connection show {{ pillar['network']['bridge'] }}-{{ pillar['network']['interface'] }} > /dev/null