rpi_wifi_ap

Ansible role: rpi_wifi_ap

Ansible role for setting up RaspberryPi as wireless Access Point.

Role accomplishes the following:

installs and configures isc-dchp-server
installs iptables-persistent and configures iptables to use NAT
installs and configures hostapd

It is assumed that the raspberry pi 3(with built in broadcom wifi adapter) is used with additional Ralink usb wifi dongle.

The one I use it with is Ralink USB WiFi RT5370:

 - 802.11 b/g/n 150Mbps;
 - 2.400-2.487 GHz channels 1-14;
 - Power: Voltage: 5V+5%, Amperage: 70mA Average)

NOTE: The role uses ansible replace module wich is currently broken: the module's before/after properties work other way around. The issue is still open, but may change in the future.

Requirements

NOTE: Role requires Fact Gathering by ansible!

One of the following distros (or derivatives) required:

Debian | Raspberry Pi OS | Raspbian | Minibian
- jessie
- stretch
- buster
- bullseye

Role Variables

Variable	Description	Default
`rpi_wifi_ap_WAN`	WAN (external) interface	`eth0`
`rpi_wifi_ap_WLAN`	WLAN (internal) wireless interface	`wlan0`
`rpi_wifi_ap_WLAN_subnet`	Network IP address for WLAN interface	`192.168.42.0`
`rpi_wifi_ap_WLAN_netmask`	Subnet mask for WLAN interface	`255.255.255.0`
`rpi_wifi_ap_WLAN_broadcast`	Broadcast IP address for WLAN interface	`192.168.42.255`
`rpi_wifi_ap_WLAN_ip`	IP address of WLAN interface	`192.168.42.1`
`rpi_wifi_ap_dhcp_range`	DHCP range of IP addresses	`[192.168.42.100, 192.168.42.199]`
`rpi_wifi_ap_domain`	Search domain to be adertised to all clients by DHCP server	`domain.lan`
`rpi_wifi_ap_domain`	List of DNS resolvers to be adertised to all clients by DHCP server	`[9.9.9.9, 9.9.9.10, 149.112.122.122]`
`rpi_wifi_ap_essid`	ESSID (name) of the wifi network	`MyAP`
`rpi_wifi_ap_passphrase`	WPA Passphrase for wifi network	`P@$$w0rd`
`rpi_wifi_ap_flush_iptables`	no - for fresh install; yes - removes idempotency (always yellow)	`no`
`rpi_wifi_ap__rpi_network_wifi_APs`	this overrides the rpi_network_wifi_APs var of rpi_network dependency role	see `defaults/main.yml`

ATTENTION!

make sure you override the rpi_wifi_ap__rpi_network_wifi_APs var as it contains a sensitive data for your wireless networks, such as WPA passphrase and network ESSID...

It is highly recommended to encrypt with ansible-vault.

Before running any playbook which uses this role, decrypt the file vars/main.yml with:

ansible-vault decrypt vars/main.yml --vault-password-file=.vault.key

OR set environment variable:

export ANSIBLE_VAULT_PASSWORD_FILE=.vault.key

OR (PREFERRED): add the following to ansible.cfg:

[defaults]
vault_password_file = .vault.key

Dependencies

drew1kun.rpi_network

Install it with galaxy:

ansible-galaxy install drew1kun.rpi_network

Example Playbook

As the role works with sensitive info like essid and wpa passphrase, the use of ansible-vault is recommended for use in playbook:

- hosts: raspberrypi
  gather_facts: yes

  vars_files:
  - vars/vault.yml

  roles:
  - role: drew1kun.rpi_wifi_ap
    rpi_wifi_ap_essid: "{{ vault_rpi_wifi_ap_essid }}"
    rpi_wifi_ap_passphrase: "{{ vault_rpi_wifi_ap_passphrase }}"
    rpi_wifi_ap_WAN: wlan0
    rpi_wifi_ap_WLAN: wlan1

    wif_ap__rpi_network_wifi_APs:
    - id_str: home
      hidden: no
      essid: "{{ vault_rpi_wifi_ap__rpi_network_wifi_APs[0].essid }}"
      passphrase: "{{ vault_rpi_wifi_ap__rpi_network_wifi_APs[0].passphrase }}"
      priority: 10

vars/vault.yml:

vault_rpi_wifi_ap__rpi_network_wifi_APs:
# only sensitive stuff goes here:
- essid: YourSensitiveESSID
  passphrase: YourSecureWPA_Passphrase

License

MIT

Author Information

Andrew Shagayev | e-mail

About

Ansible role that turns Debian based Raspberry Pi into wireless Access Point.

role bullseye buster debian jessie minibian networking raspberrypi raspbian stretch

Install

ansible-galaxy install drew1kun/ansible-role-rpi_wifi_ap

GitHub repository

0 stars

0 forks

0 open issues

License

mit

Downloads

Owner

drew1kun