99 lines
2.7 KiB
Django/Jinja
99 lines
2.7 KiB
Django/Jinja
# Giving configuration update rights to wpa_cli
|
|
ctrl_interface=/run/wpa_supplicant
|
|
ctrl_interface_group=wheel
|
|
update_config=1
|
|
|
|
# AP scanning
|
|
ap_scan=1
|
|
|
|
# ISO/IEC alpha2 country code in which the device is operating
|
|
country=NL
|
|
|
|
{% set password_store_path = lookup('env', 'PASSWORD_STORE_DIR') or ansible_user_dir + '/.password-store/' %}
|
|
{% set wifi_pass_paths = query('fileglob', password_store_path + 'wifi/*.gpg') %}
|
|
{% set names = wifi_pass_paths | map('regex_replace', '^.+/wifi/(.+).gpg$', '\\1') | sort%}
|
|
{% for name in names %}
|
|
{#
|
|
community.general.passwordstore doesn't support path with spaces in it,
|
|
so we're using a `ssid` attribute, which default to the names for SSIDs without space.
|
|
#}
|
|
{% set pass = lookup('community.general.passwordstore', 'wifi/' + name) %}
|
|
{% set suffixes = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=suffixes') or [''] %}
|
|
{% set ssid = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=ssid') or name %}
|
|
{% set type = lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=type') or ('wpa' if pass else 'open') %}
|
|
# {{ name }}
|
|
{% for suffix in suffixes %}
|
|
network={
|
|
ssid="{{ ssid }}{{ suffix }}"
|
|
{% if type == 'wpa' %}
|
|
psk="{{ pass }}"
|
|
{% elif type == 'wep' %}
|
|
key_mgmt=NONE
|
|
wep_key0={{ pass }}
|
|
{% elif type == 'wpa-eap' %}
|
|
key_mgmt=WPA-EAP
|
|
eap={{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=eap') }}
|
|
identity="{{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=identity') }}"
|
|
password="{{ pass }}"
|
|
ca_cert="{{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=ca_cert') }}"
|
|
altsubject_match="{{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=altsubject_match') }}"
|
|
phase2="{{ lookup('community.general.passwordstore', 'wifi/' + name + ' subkey=phase2') }}"
|
|
{% elif type == 'open' %}
|
|
key_mgmt=NONE
|
|
{% else %}
|
|
# Error, unknown type: {{ type }}
|
|
{% endif %}
|
|
}
|
|
{% endfor %}
|
|
|
|
{% endfor %}
|
|
{# REFERENCES
|
|
|
|
# WPA
|
|
network={
|
|
ssid="WPA_SSID"
|
|
psk="XXXXXXXXXXXXXXXXXXXXXXXXXX"
|
|
}
|
|
|
|
# WEP
|
|
network={
|
|
ssid="WEP_SSID"
|
|
key_mgmt=NONE
|
|
wep_key0=FFFFFFFFFFFFFFFFFFFFFFFFFF
|
|
}
|
|
|
|
# Open
|
|
network={
|
|
ssid="OPEN_SSID"
|
|
key_mgmt=NONE
|
|
}
|
|
|
|
# eduroam password
|
|
network={
|
|
ssid="eduroam"
|
|
key_mgmt=WPA-EAP
|
|
eap=PEAP
|
|
identity="id@univ.tld"
|
|
password="hunter2"
|
|
}
|
|
|
|
# eduroam certificate
|
|
network={
|
|
ssid="eduroam"
|
|
key_mgmt=WPA-EAP
|
|
# pairwise=CCMP
|
|
pairwise=CCMP TKIP
|
|
group=CCMP TKIP
|
|
eap=TLS
|
|
ca_cert="/path/to/ca.pem"
|
|
identity="id@univ.tld"
|
|
domain_suffix_match="wifi.univ.tld"
|
|
client_cert="/path/to/cert.pem"
|
|
private_key="/path/to/key.pem"
|
|
private_key_passwd="hunter2"
|
|
phase2="auth="
|
|
#anonymous_identity=""
|
|
}
|
|
|
|
#}
|