Commit 15990bfe authored by Lars Beckers's avatar Lars Beckers
Browse files

add radius-client role

parent 8961c3ff
---
radius_certs_dir: "{{ inventory_dir }}/files/radius-certs/"
---
- name: reload systemd service files
command: systemctl daemon-reload
- name: restart wpasupplicant@eth0
service: name=wpa_supplicant-wired@eth0 state=restarted
- name: restart wpasupplicant@eth1
service: name=wpa_supplicant-wired@eth1 state=restarted
- name: restart wpasupplicant@enp0s25
service: name=wpa_supplicant-wired@enp0s25 state=restarted
---
- name: ensure wpasupplicant is installed
apt:
name: wpasupplicant
state: present
tags:
- 8021x
- name: copy host certificate
copy:
src: "{{ radius_certs_dir }}/{{ inventory_hostname }}.{{ item }}"
dest: "/etc/wpa_supplicant/{{ inventory_hostname }}.{{ item }}"
owner: root
group: root
mode: 0400
with_items:
- pem
- key
tags:
- 8021x
- name: configure wpasupplicant
template:
src: wpa_supplicant.j2
dest: "/etc/wpa_supplicant/wpa_supplicant-wired-{{ ansible_default_ipv4.interface }}.conf"
owner: root
group: root
mode: 0640
notify:
- "restart wpasupplicant@{{ ansible_default_ipv4.interface }}"
tags:
- 8021x
- name: ensure a wired wpasupplicant service is available
template:
src: wpa_supplicant-wired@.service.j2
dest: /etc/systemd/system/wpa_supplicant-wired@.service
notify:
- reload systemd service files
- "restart wpasupplicant@{{ ansible_default_ipv4.interface }}"
tags:
- 8021x
- meta: flush_handlers
- name: ensure wpasupplicant is enabled and running
service:
name: "wpa_supplicant-wired@{{ ansible_default_ipv4.interface }}"
state: started
enabled: yes
tags:
- 8021x
[Unit]
Description=WPA supplicant daemon (interface- and wired driver-specific version)
Requires=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device
Before=network.target
Wants=network.target
[Service]
Type=simple
ExecStart=/usr/bin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wired-%I.conf -Dwired -i%I
[Install]
Alias=multi-user.target.wants/wpa_supplicant-wired@%i.service
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=2
ap_scan=0
network={
key_mgmt=IEEE8021X
eap=TLS
identity="{{ inventory_hostname }}@ssl.asta.rwth-aachen.de"
ca_cert="/etc/ssl/certs/asta_ca.pem"
client_cert="/etc/wpa_supplicant/{{ inventory_hostname }}.pem"
private_key="/etc/wpa_supplicant/{{ inventory_hostname }}.key"
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment