rpi_wifi_ap

Ansible role: rpi_wifi_ap

MIT licensed Galaxy Role

Ansible role for setting up RaspberryPi as wireless Access Point.

Role accomplishes the following:

  • installs and configures isc-dchp-server
  • installs iptables-persistent and configures iptables to use NAT
  • installs and configures hostapd

It is assumed that the raspberry pi 3(with built in broadcom wifi adapter) is used with additional Ralink usb wifi dongle.

The one I use it with is Ralink USB WiFi RT5370:

 - 802.11 b/g/n 150Mbps;
 - 2.400-2.487 GHz channels 1-14;
 - Power: Voltage: 5V+5%, Amperage: 70mA Average)

NOTE: The role uses ansible replace module wich is currently broken: the module's before/after properties work other way around. The issue is still open, but may change in the future.

Requirements

NOTE: Role requires Fact Gathering by ansible!

One of the following distros (or derivatives) required:

Role Variables

Variable Description Default
rpi_wifi_ap_WAN WAN (external) interface eth0
rpi_wifi_ap_WLAN WLAN (internal) wireless interface wlan0
rpi_wifi_ap_WLAN_subnet Network IP address for WLAN interface 192.168.42.0
rpi_wifi_ap_WLAN_netmask Subnet mask for WLAN interface 255.255.255.0
rpi_wifi_ap_WLAN_broadcast Broadcast IP address for WLAN interface 192.168.42.255
rpi_wifi_ap_WLAN_ip IP address of WLAN interface 192.168.42.1
rpi_wifi_ap_dhcp_range DHCP range of IP addresses [192.168.42.100, 192.168.42.199]
rpi_wifi_ap_domain Search domain to be adertised to all clients by DHCP server domain.lan
rpi_wifi_ap_domain List of DNS resolvers to be adertised to all clients by DHCP server [9.9.9.9, 9.9.9.10, 149.112.122.122]
rpi_wifi_ap_essid ESSID (name) of the wifi network MyAP
rpi_wifi_ap_passphrase WPA Passphrase for wifi network P@$$w0rd
rpi_wifi_ap_flush_iptables no - for fresh install; yes - removes idempotency (always yellow) no
rpi_wifi_ap__rpi_network_wifi_APs this overrides the rpi_network_wifi_APs var of rpi_network dependency role see defaults/main.yml

ATTENTION!

make sure you override the rpi_wifi_ap__rpi_network_wifi_APs var as it contains a sensitive data for your wireless networks, such as WPA passphrase and network ESSID...

It is highly recommended to encrypt with ansible-vault.

Before running any playbook which uses this role, decrypt the file vars/main.yml with:

ansible-vault decrypt vars/main.yml --vault-password-file=.vault.key

OR set environment variable:

export ANSIBLE_VAULT_PASSWORD_FILE=.vault.key

OR (PREFERRED): add the following to ansible.cfg:

[defaults]
vault_password_file = .vault.key

Dependencies

Install it with galaxy:

ansible-galaxy install drew1kun.rpi_network

Example Playbook

As the role works with sensitive info like essid and wpa passphrase, the use of ansible-vault is recommended for use in playbook:

- hosts: raspberrypi
  gather_facts: yes

  vars_files:
  - vars/vault.yml

  roles:
  - role: drew1kun.rpi_wifi_ap
    rpi_wifi_ap_essid: "{{ vault_rpi_wifi_ap_essid }}"
    rpi_wifi_ap_passphrase: "{{ vault_rpi_wifi_ap_passphrase }}"
    rpi_wifi_ap_WAN: wlan0
    rpi_wifi_ap_WLAN: wlan1

    wif_ap__rpi_network_wifi_APs:
    - id_str: home
      hidden: no
      essid: "{{ vault_rpi_wifi_ap__rpi_network_wifi_APs[0].essid }}"
      passphrase: "{{ vault_rpi_wifi_ap__rpi_network_wifi_APs[0].passphrase }}"
      priority: 10

vars/vault.yml:

vault_rpi_wifi_ap__rpi_network_wifi_APs:
# only sensitive stuff goes here:
- essid: YourSensitiveESSID
  passphrase: YourSecureWPA_Passphrase

License

MIT

Author Information

Andrew Shagayev | e-mail

About

Ansible role that turns Debian based Raspberry Pi into wireless Access Point.

Install
ansible-galaxy install drew1kun/ansible-role-rpi_wifi_ap
GitHub repository
License
mit
Downloads
29
Owner