-
Notifications
You must be signed in to change notification settings - Fork 0
/
provision.yml
111 lines (93 loc) · 3.1 KB
/
provision.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
---
# This playbook installs and configures needed packages.
- hosts: all
become: true
become_method: sudo
tasks:
- name: Install hostapd & isc-dhcp-server package
apt: name={{item}} state=installed
with_items:
- hostapd
- isc-dhcp-server
- name: Comment domain-name in dhcpd.conf
lineinfile:
dest: /etc/dhcp/dhcpd.conf
regexp: '^(#?option domain-name )'
line: '#option domain-name '
- name: Comment domain-name-servers in dhcpd.conf
lineinfile:
dest: /etc/dhcp/dhcpd.conf
regexp: '^(#?option domain-name-servers )'
line: '#option domain-name-servers '
- name: Uncomment authoritative in dhcpd.conf
lineinfile:
dest: /etc/dhcp/dhcpd.conf
regexp: '^(#?authoritative;)'
line: 'authoritative;'
- name: Insert subnet block into dhcpd.conf
blockinfile:
path: /etc/dhcp/dhcpd.conf
block: |
subnet 192.168.10.0 netmask 255.255.255.0 {
range {{subnet_start}} {{subnet_end}};
option broadcast-address {{broadcast_address}};
option routers 192.168.10.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local-network";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
- name: Set interfaces to isc-dhcp-server configuration
lineinfile:
dest: /etc/default/isc-dhcp-server
regexp: '^(#?INTERFACES=")'
line: 'INTERFACES="{{interface_in}}"'
- name: Set used newtwork interface down
command: ifconfig {{interface_in}} down
- name: Set /etc/network/interfaces configuration
template:
src: templates/interfaces.j2
dest: /etc/network/interfaces
owner: root
group: root
mode: 0644
- name: Create hostapd.conf configuration
template:
src: templates/hostapd.conf.j2
dest: /etc/hostapd/hostapd.conf
owner: root
group: root
mode: 0644
- name: Set hostapd to use hostapd.conf configure
lineinfile:
dest: /etc/default/hostapd
regexp: '^(#?DAEMON_CONF=")'
line: 'DAEMON_CONF="/etc/hostapd/hostapd.conf"'
- name: Set NAT
lineinfile: path=/etc/sysctl.conf line='net.ipv4.ip_forward=1'
when: allow_connection
- name: Start the translation
command: sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
when: allow_connection
- name: Set used newtwork interface up
command: ifconfig {{interface_in}} up
- name: Iptable settings
command: iptables {{item}}
with_items:
- -t nat -A POSTROUTING -o {{interface_out}} -j MASQUERADE
- -A FORWARD -i {{interface_out}} -o {{interface_in}} -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A FORWARD -i {{interface_in}} -o {{interface_out}} -j ACCEPT
when: allow_connection
- name: Set hostapd and isc-dhcp-server to start in boot
command: update-rc.d {{item}} enable
with_items:
- hostapd
- isc-dhcp-server
- name: Backup the NAT configuration
command: sh -c "iptables-save > /etc/iptables.ipv4.nat"
when: allow_connection
- name: Reboot
command: /sbin/shutdown -r +1
async: 0
poll: 0
ignore_errors: True