dotfiles/config/automatrop/roles/system/templates/wpa_supplicant.conf.j2

99 lines
2.7 KiB
Plaintext
Raw Permalink Normal View History

# Giving configuration update rights to wpa_cli
ctrl_interface=/run/wpa_supplicant
ctrl_interface_group=wheel
update_config=1
# AP scanning
ap_scan=1
# ISO/IEC alpha2 country code in which the device is operating
country=NL
{% set password_store_path = lookup('env', 'PASSWORD_STORE_DIR') or ansible_user_dir + '/.password-store/' %}
{% set wifi_pass_paths = query('fileglob', password_store_path + 'wifi/*.gpg') %}
{% set names = wifi_pass_paths | map('regex_replace', '^.+/wifi/(.+).gpg$', '\\1') | sort%}
{% for name in names %}
{#
community.general.passwordstore doesn't support path with spaces in it,
so we're using a `ssid` attribute, which default to the names for SSIDs without space.
#}
{% set pass = lookup('community.general.passwordstore', 'wifi/' + name) %}
{% set suffixes = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=suffixes') or [''] %}
{% set ssid = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=ssid') or name %}
{% set type = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=type') or ('wpa' if pass else 'open') %}
# {{ name }}
{% for suffix in suffixes %}
network={
ssid="{{ ssid }}{{ suffix }}"
{% if type == 'wpa' %}
psk="{{ pass }}"
{% elif type == 'wep' %}
key_mgmt=NONE
wep_key0={{ pass }}
2022-12-24 15:34:17 +01:00
{% elif type == 'wpa-eap' %}
key_mgmt=WPA-EAP
eap={{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=eap') }}
identity="{{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=identity') }}"
password="{{ pass }}"
ca_cert="{{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=ca_cert') }}"
altsubject_match="{{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=altsubject_match') }}"
phase2="{{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=phase2') }}"
{% elif type == 'open' %}
key_mgmt=NONE
{% else %}
# Error, unknown type: {{ type }}
{% endif %}
}
{% endfor %}
{% endfor %}
{# REFERENCES
# WPA
network={
ssid="WPA_SSID"
psk="XXXXXXXXXXXXXXXXXXXXXXXXXX"
}
# WEP
network={
ssid="WEP_SSID"
key_mgmt=NONE
wep_key0=FFFFFFFFFFFFFFFFFFFFFFFFFF
}
# Open
network={
ssid="OPEN_SSID"
key_mgmt=NONE
}
# eduroam password
network={
ssid="eduroam"
key_mgmt=WPA-EAP
eap=PEAP
identity="id@univ.tld"
password="hunter2"
}
# eduroam certificate
network={
ssid="eduroam"
key_mgmt=WPA-EAP
# pairwise=CCMP
pairwise=CCMP TKIP
group=CCMP TKIP
eap=TLS
ca_cert="/path/to/ca.pem"
identity="id@univ.tld"
domain_suffix_match="wifi.univ.tld"
client_cert="/path/to/cert.pem"
private_key="/path/to/key.pem"
private_key_passwd="hunter2"
phase2="auth="
#anonymous_identity=""
}
#}