Initial commit

tasks/main.yml

@@ -0,0 +1,57 @@
+- name: install dependencies
+  ansible.builtin.apt:
+    pkg:
+    - python3-pyroute2
+    - python3-nftables
+    - python3-flask
+    - gunicorn
+
+- name: copy nftables config
+  ansible.builtin.template:
+    src: captive-portal-rules.nft.j2
+    dest: /etc/nftables.d/captive-portal-rules.nft
+  notify: reload nftables
+
+- name: create captive-portal group
+  ansible.builtin.group:
+    name: captive-portal
+    system: true
+
+- name: create directory /usr/local/lib/captive-portal
+  ansible.builtin.file:
+    path: /usr/local/lib/captive-portal
+    state: directory
+
+- name: create captive-portal user
+  ansible.builtin.user:
+    name: captive-portal
+    group: captive-portal
+    home: /usr/local/lib/captive-portal
+    create_home: false
+    system: true
+
+- name: copy captive-portal config
+  ansible.builtin.template:
+    src: captive-portal.conf.j2
+    dest: /etc/captive-portal.conf
+    group: captive-portal
+    mode: '0640'
+  notify: restart captive-portal
+
+- name: copy captive-portal script
+  ansible.builtin.copy:
+    src: captive-portal.py
+    dest: /usr/local/lib/captive-portal/captive_portal.py
+  notify: restart captive-portal
+
+- name: copy captive-portal service
+  ansible.builtin.copy:
+    src: captive-portal.service
+    dest: /etc/systemd/system/captive-portal.service
+  notify: restart captive-portal
+
+- name: add cronjob to persist captive-portal allowed_macs set
+  ansible.builtin.cron:
+    name: persist captive-portal allowed_macs set
+    # captive-portal-sets.nft is loaded after captive-portal-rules.nft so it can overwrite the set
+    job: '/sbin/nft list set inet captive_portal allowed_macs > /etc/nftables.d/.captive-portal-sets.nft.tmp && mv /etc/nftables.d/.captive-portal-sets.nft.tmp /etc/nftables.d/captive-portal-sets.nft'