ADDED: states for setting up a mullvad-hotspot on a raspberrypi

diff --git a/salt/pillar/services.sls b/salt/pillar/services.sls
index c4c51c995d97912415fd3ec1c854a413dbd909a3..77488b3cfe5f3733df8fc832f1cf261181ff0463 100644 (file)
--- a/salt/pillar/services.sls
+++ b/salt/pillar/services.sls
@@ -41,3 +41,24 @@ services:
       fQ==
       =YMy2
       -----END PGP MESSAGE-----
+  mullvad:
+    account: |
+      -----BEGIN PGP MESSAGE-----
+      
+      hF4D+CZXdqKq9X4SAQdAvvEzFn/npfXBkWr9SI3wyPwU1NjMIIbn7ukYm41AUXIw
+      BN+TEIeo0QLnzTJGTpHzWKdksUu5BA7MOkYw8UkxR9Fgzce89zw1vJ0cm+tAIPAO
+      0kwB5wvQSbkRKDSz1cwf4lb7LuVmzDjaWnwq+DbgVwJWXi8KTIRo+z2ESax3Kp+A
+      6aFUzcmyVVaKFQOkFl0+2xtt/MTPjoNo7uhLKnIf
+      =QCjK
+      -----END PGP MESSAGE-----
+
+  hotspot:
+    password: |
+      -----BEGIN PGP MESSAGE-----
+      
+      hF4D+CZXdqKq9X4SAQdAWzoLl8U+ljDJyqurZ+gCAD5hvXZQF4hEakjtYuX7Bzgw
+      kCIhFnWJELtoZnbvFop+ef9Ac1TClsE8ZgYrzSAkTmnhcfdKIFU2mW1yyglDrNUJ
+      0kQBjh34q7YvatspRvROBGW0NVbNM1XweTxkGBJ2fq6JlLj1/RejrPqBIdLzew4C
+      AOAI6Eq5wJWinPwsmdobSoPWEbzNMQ==
+      =CXiE
+      -----END PGP MESSAGE-----

diff --git a/salt/states/hotspot/files/NetworkManager.conf b/salt/states/hotspot/files/NetworkManager.conf
new file mode 100644 (file)
index 0000000..06c5d59
--- /dev/null
+++ b/salt/states/hotspot/files/NetworkManager.conf
@@ -0,0 +1,8 @@
+[main]
+plugins=ifupdown,keyfile
+
+[ifupdown]
+managed=true
+
+[device]
+wifi.scan-rand-mac-address=no

diff --git a/salt/states/hotspot/files/hotspot.nmconnection b/salt/states/hotspot/files/hotspot.nmconnection
new file mode 100644 (file)
index 0000000..9f75903
--- /dev/null
+++ b/salt/states/hotspot/files/hotspot.nmconnection
@@ -0,0 +1,28 @@
+[connection]
+id=hotspot
+uuid=3d9094d9-e09f-4cf2-87d5-72f67f93b9dd
+type=wifi
+interface-name=wlan0
+timestamp=1738389031
+
+[wifi]
+band=bg
+mode=ap
+ssid=ag - Hotspot
+
+[wifi-security]
+group=ccmp;
+key-mgmt=wpa-psk
+pairwise=ccmp;
+pmf=2
+proto=rsn;
+psk={{ pillar['services']['hotspot']['password'] }}
+
+[ipv4]
+method=shared
+
+[ipv6]
+addr-gen-mode=default
+method=disabled
+
+[proxy]

diff --git a/salt/states/hotspot/files/sysctl.conf b/salt/states/hotspot/files/sysctl.conf
new file mode 100644 (file)
index 0000000..119d730
--- /dev/null
+++ b/salt/states/hotspot/files/sysctl.conf
@@ -0,0 +1 @@
+net.ipv4.ip_forward=1

diff --git a/salt/states/hotspot/hotspot--configure.sls b/salt/states/hotspot/hotspot--configure.sls
new file mode 100644 (file)
index 0000000..d24ecb4
--- /dev/null
+++ b/salt/states/hotspot/hotspot--configure.sls
@@ -0,0 +1,38 @@
+hotspot--configure:
+  file.managed:
+    - name: /etc/NetworkManager/system-connections/hotspot.nmconnection
+    - source: salt://hotspot/files/hotspot.nmconnection
+    - template: jinja
+    - user: root
+    - group: root
+    - mode: 600
+
+hotspot--configure-networkmanager:
+  file.managed:
+    - name: /etc/NetworkManager/NetworkManager.conf
+    - source: salt://hotspot/files/NetworkManager.conf
+    - user: root
+    - group: root
+    - mode: 644
+
+hotspot--configure-ipforwarding:
+  file.append:
+    - name: /etc/sysctl.conf
+    - source: salt://hotspot/files/sysctl.conf
+
+hotspot--configure-iptables:
+  cmd.run:
+    - name: iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
+    - require:
+      - pkg: hotspot--install-packages
+
+hotspot--configure-persistent-iptables:
+  cmd.run:
+    - name: iptables-save > /etc/iptables/rules.v4
+    - watch:
+      - cmd: hotspot--configure-iptables
+    - require:
+      - pkg: hotspot--install-packages
+      - file: hotspot--configure
+      - file: hotspot--configure-ipforwarding
+      - cmd: hotspot--configure-iptables

diff --git a/salt/states/hotspot/hotspot--install-packages.sls b/salt/states/hotspot/hotspot--install-packages.sls
new file mode 100644 (file)
index 0000000..ea2d13a
--- /dev/null
+++ b/salt/states/hotspot/hotspot--install-packages.sls
@@ -0,0 +1,5 @@
+hotspot--install-packages:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - iptables-persistent

diff --git a/salt/states/hotspot/init.sls b/salt/states/hotspot/init.sls
new file mode 100644 (file)
index 0000000..9d3a9de
--- /dev/null
+++ b/salt/states/hotspot/init.sls
@@ -0,0 +1,3 @@
+include:
+  - hotspot.hotspot--install-packages
+  - hotspot.hotspot--configure

diff --git a/salt/states/mullvad-vpn/files/mullvad-keyring.asc b/salt/states/mullvad-vpn/files/mullvad-keyring.asc
new file mode 100644 (file)
index 0000000..63052fe
--- /dev/null
+++ b/salt/states/mullvad-vpn/files/mullvad-keyring.asc
@@ -0,0 +1,84 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBFgRmCoBEAChee2rs/braqjqim1D+uvTBpPZzkpccJVb2SqhErQKs54iJVyo
+H5pNrGR4VIzFRUnY7fbATo2Ej+0MlglXahl4ok93XmeDz04P5rH2NKnLvWYdaK1C
+9Lvpq22t1nytJuhc124UBahVVEYjc7l2+JGdTh7WvLj8FXqfnnmI1upVU48S70RL
+oM3tSDZqQaO3OGCc0znMNBGI/uKNNwc6Omm6KPvczOhci7bnKt0b0R6TrXufvgOG
+y1DM9sntIbXtpIjOuZdTWyrGTm/AvT6zddPFjN8SN6ZIfoRmJT6ROB6ZTtiz/d20
+VJ87QPEfVRKrMImZxtkJtSliojZB/I3/bkP7A4pvgJ6cJ+ErwW4cfqc3DrWaZY+D
+4AZnk71FA6C5rQdkFbfkgyUMY1WeKX+8N/R+e5oLGmoVI/fdHu1z0JkJJvEraAO9
++qX2mOcW5h/NRxv0Xw57fjMhnMha7bWs8Jn5AchDPJZs1U64Wr36FuSvcdxc0ON/
+WaX4RL/J5OtJHu+2FB+UB1/JuICdOP07/KFxUJod43KwwBctLUHOOz3m1KIVcnXR
+l6+gNQ7vxGm+xghN/zG7lgPLuw5ToCCkMLkQydsRPRSlm0f2zqbQUD3jn+4zZ2ma
+HBHcu6Ld8SSGPp5XIauAKhqZA9IkD5VPgqlrm0iJ4emzPYGp7PMFFdH3qQARAQAB
+tCpNdWxsdmFkIChjb2RlIHNpZ25pbmcpIDxhZG1pbkBtdWxsdmFkLm5ldD6JAjUE
+EwEIAB8CGwMCHgECF4AFAlgR6R8ECwkIBwUVCgkICwQWAgMBAAoJENWh1PJm3o3f
+muQQAJElHN6lLhpOgrbRprJAR15HfRI0Leoomfu5V53Qieqf+6O3TF4PC9JRn+v8
+NYOMsBmBgosvO8YcABA3wYTW6qyRGr+8zQePltEe/J9SE3oCbb4K5KWEThiicZ6R
+o0sJgXB3l0CIHVP+/3bWeZlBpTJNMLOEM+WsEsTe6v7hZfF7HIubVdKSIbQy7T3X
+nsk8840rt5LjJiNtSpsG+EJOIGEdXH5FAis35pTLrbkgnL3Evyjd2OW1grciqF+v
+7aba2g/2zpEGEdtbJKO5C4nG9CHcN5BlaSev0oQlKWuRSG3igwauZFe/0RQPkH/V
+kCOHA3l8NTlublQCdLLLrJJyX7aODH+AKLaVci17ogtGwwO+xNh0h4ejM0QuMLYV
+giMCpxRT5uUuOHbh3by1rwTSb+8dvIw3KyW1TbZ6LFCQHX+8Zs7xU7KQ6tGZ6Pvr
+Fhk/YiM8J+Fe+rBGwEcUfo/ALv4p7qHpRVA7CvdrzKg66iaN+iPQzsptamoSLsCj
+SYbjIby74X0vppRAg7sDXiAxJSRPXM3h1xO83yk1HMrswwWAUuJeToYRXOHYl5zN
+i3E0D6I5Zk1ioO9XPE7oILwJ7YaO4XuC3UuNMwWPSvOoJxbnsUdHpenITvbpe9DP
+z4HGzZWbUtShFDq77MDhv9vkNaFUOgP7AfO5N/35pVCkI4m1uQINBFgRmCoBEADT
+5YK+TLcGSzC4ML7t8VW+rVpYyY3pswX8dL058LYfCIrlaNa14/UvINvjA5529SWr
+jmmDluD8fqtMSFHw6l+XwPMOwvETAjaMLS6c/MLFmw2gHR2ARHBmLEn/ux9kZ03Y
+dEKak5wvkUVqLV7EgGnvfrI0FUw/gaIfdtAt0dcvpAG0bILXQtcYEj7BtiAdxiWL
+O8HMUzD7kj0Q2IUbA3bO4dAtJtXDyY+Ash/kqLzm+0kZtzk4FLWZT2CMw9l73mIT
+/f03+y8oBe1KhZ5FzqgUxQXdjV5hkWyFNbBn4+dsyoMltnVDPkRznIHDWJXiKUV+
+buSQ+xewO/flwrwcgbdTtH5qfuxtNBA2AkVs/dul8FJHeSCB7at6Vy1m8/xFlxgc
+QOk/wwiDKLBub0uIE6TfNs7SvAOUuZP5syLQq8ZeyYMWGrWQKgAEmHlXr0uCrqVF
+O5vjaja8Zwc6wdApiFxjiBzl3z7UiE3fafpeO9nqLwaZqz0RPCEpvCrkpDi4Gl2W
+nfWmQbj2jEpUER1osJhvNRCEfA12IUWjp1vFJhy31i6gTXdCxVBasQrxpJBEZnuJ
+57yIZ+FbdMI0wQD2OMdUYxx4o9p6aGwhotSBrgpM0cfZ5LruP6MjBfWKqLnZBuYk
+prqWeh5rgtXIebsiGYp7V3Ay9pcoilbzh53/wU6y+wARAQABiQIfBBgBCAAJBQJY
+EZgqAhsMAAoJENWh1PJm3o3fbfoP/RfOil8d3hNK+qgG4Xh46bF/UmGzorYbVzzP
+myXXRHTMh3/Br2tPOOnhP65nKJnv8pqCuK1UOJpfXUXDyRpAP7opiWRaS0gbU9s6
+RBy499P/LyMmvZbM4YkpxwPJkC6JaITQ+ZtnPQp+MYLizsz5OD8utyfoPWDOdaEf
+3JHOvupcItDL3DDKw5zPzrI6pKc0IMObO5VI/uU3BIf0x+FKh2rhMVMI+Psapotm
+qhpaPZoz/QPapS2WiMNr7cInLxx7/fv/RLEr5WSVn1eAKkKuXUO/VB5+h4GdP/YV
+boBW4wMneEEkJX3iLr/IM1GQdQK/db4fyWAKh7LhzS9ZCVMxm5BU6GkId7GI2jFE
+djmedt6iF6Tyk0/49WjU/qAZ9H0IHgpyNCwUqPpzWgRiiIbZryRXycht/rH6zuL1
+8p5N6r7AgT6s6kCHfrNK/zxMOzylUuwng1EnLCmlg88PoCCQpaNFZkqwIR0LCh3p
+Xp8zAp+0Sx2td1FtjbEw+OaNCmmJoMqoejuw0nSOFdQUUNAB5WGeZQLoPaastanW
+ir6XcUChoy/1osuovAPNKpWWUxWDdW+62mV8s2ArkLzhgl0FmLZhu+VBKrQaNUKV
+WmPnMRZF6f1C3M8l5DtT1VzfEr1A9ON6uZzKITLlJdBltVFkV7qJTsxbsoj0AJj7
+0VY4XEjauQINBFgR4mgBEACsFJ+BkT+yBxB0E2MNUAcW5stDgscDOJOAXS/ViYd8
+68FqC87VnG+bgTqG2atRqb493RoCHwZyL3L9JniadSk35d9JEQBWzCPff+kEy5Uc
+bwzvSUJyCfjFdxU4YgH/bMt+RXi1mVjLcGTthRp4IfBxQcluI//rxP1kurrqq+lO
+wj7n+h1wxrdhvXXDiAeBJqlQcBjeT0VLc74PYQJ3SbpeX1aFaxsVATGpgXf3SWp+
+8vRCmzM9CnyZW8BeaXBrkwiZQEOeiqnQ0MWaD/8Fs6WWfiyoObJcadmS7HgqCfw7
+SwjSUjSPAr+Vr02P83S59u8ql0RWtDI8CCXcSc1t4u52lvXBdO3nKa9+PeW64I+A
+UfqgJOmfhWZsoImV1pCx+RzY6luFp7H7JVACAi3Z1s24fsRhN5wVZ/hjKn7xGPv0
+O+zFVGWXs/JKl6Bv7xMR0epL+D0d13ahPZYHyLqLfdeJwg2HT1BUAPy+QCy5rhzS
+iEjeygqVzwNTcBPnu1PFhzXSdGMvHKTFXwO5xPwqanvKUd9zH6Xxan5wAJL7yRPq
+7/MSEqUFiE+OfVTeZ3PDduLrkrQm0ZIgTl4EkUNn70YbzrPnEDh7EMETNnAqjNU3
+5iwELxRyxjUdSaIuF/5gSfc4DG/c8miUrYAaXyqMuJWuF7aNnVnSQJDZCjnf//Yy
+KQARAQABiQQ+BBgBCAAJBQJYEeJoAhsCAikJENWh1PJm3o3fwV0gBBkBCAAGBQJY
+EeJoAAoJEKJlgfIZyDFMyBwP/ih4/pKyfQOdgP03IXK0v9dhKOs+PcSAd4BC+ACV
+kDz+N4Pui7/6FJ7+hSJE7Tf2vcWYYbtTrVCz335VCf5zWC/Tz8aXs9MOBlMeZNOS
+2Fsi8P1KOv2BD7qi+m6fkHJ59hDXp2SzvmYRNRgn3N1QpuJl6bjssLmG7X+8NrNA
+JZedzfXmvxDfnxaqKTwGotlJXVo5b/wB1ZXn7yr3zecuXKvcG1SJTGCSyK98jyip
+S/0qAOqzd6FPbNEl/4ehKPX5STdZytTzN8lcbtfTMUA6qLqe/5Tvt50n8yDD3bEh
+ripRSaC2BoVDADwxo7kDhTO6c1xCNMdG/9dHMelbzOPuxJhVMkNzL+dR5V6Q3Clt
+I2rjANqWq/3G7kA4oaItoYOYnh9J8a7P/bkMFbrGEYmaYu9PCqLY5NzqaCKlNyJP
+Fy8u0TdBhiyoBWWarTN6fZwTG6MotHPi9q0iWPfsb9kyoRJWIcvEJq+Vi0wE0+9/
+kXgibqh76U5JekysGV/dBgXaPF4XAPCpBaEe9sbD2PVeUDZPuVeo3c8iGPK1NxmJ
+dt1ktfCcuV3MYCo1DGifuOCCvVaJms6IEFjLPAEQmTGhRSVzTWZ7J8HoDqulhlJh
+HxLT7KI9z85238zplUarSEZ42gNT5SQd35prGVlJDVBwRm2NmJurcfU/EcPi++eD
+0hJhWrYP/3lW/OOkR5NZCK8HhKYM2kBcAsOC/6x5vV1VISslZY2LB3jKq+XhXlPO
+cEmQVMPliBx4yuFrPOKk1+87D9bEL5LJBQskgQwFe2Pg9QirIYflO+P+1LJK3U/g
+3NnlkSrOTRV0M/AvhtU/8R3V2V423pm3sjQsaRdMMtWGfsFNJxvotBkwgEDwDu7h
+sZqzL0zFucm+iMAhGnqi+EZEPXwbX1Utp7S8edBCztfytQMjnJ6jv4UCz///rc3i
+8IDlMo2d19CW/psPS4v7lns5g9oqCGpRbGRllrBV1M/o7bs7+1NyvPTJm9UAmt5U
+iApao4vt4YOG5w0vYd0t50pDS/j3TGjbakgxZpNUMpAgrhnelClKDsXbCVGCyhlJ
+ZOw9Q9t4vIAhFFSpxEDl1NREOUInoK3R4yo4Ep4sq6cbfZvoyAYZf1zpQHQX9OBN
+DKp1jwGLA3+0Jna2/1QUYFLjFiz9bdL+1nT9k/RStFBauRh529r+M1WlkwqNIL+L
+bRGm0rXbWu9eiLhq2ldnfIADOtccUll10RznrjumqgYYw2CI0YUudzpzIghAKZyo
+THYPADmBfvN2pZa/KU3c1OSKHOH2b91Xi97k3u0fECMHLgXctA3BkQ69fONSzx/c
+abgtcydAU0wAD3mG3mr1XI96uOMeVNK0wgYyO5VhzZNziSFhls0D
+=kwTD
+-----END PGP PUBLIC KEY BLOCK-----

diff --git a/salt/states/mullvad-vpn/init.sls b/salt/states/mullvad-vpn/init.sls
new file mode 100644 (file)
index 0000000..9b4924b
--- /dev/null
+++ b/salt/states/mullvad-vpn/init.sls
@@ -0,0 +1,4 @@
+include:
+  - mullvad-vpn.mullvad-vpn--configure
+  - mullvad-vpn.mullvad-vpn--install-packages
+  - mullvad-vpn.mullvad-vpn--configure-vpn

diff --git a/salt/states/mullvad-vpn/mullvad-vpn--configure-vpn.sls b/salt/states/mullvad-vpn/mullvad-vpn--configure-vpn.sls
new file mode 100644 (file)
index 0000000..eaaf804
--- /dev/null
+++ b/salt/states/mullvad-vpn/mullvad-vpn--configure-vpn.sls
@@ -0,0 +1,46 @@
+include:
+  - mullvad-vpn.mullvad-vpn--install-packages
+
+mullvad-vpn--configure-vpn-account:
+  cmd.run:
+    - name: mullvad account login {{ pillar['services']['mullvad']['account'] }}
+    - require:
+      - pkg: mullvad-vpn--install-packages
+
+mullvad-vpn--configure-vpn-connect:
+  cmd.run:
+    - name: mullvad connect
+    - require:
+      - cmd: mullvad-vpn--configure-vpn-account
+      - pkg: mullvad-vpn--install-packages
+
+mullvad-vpn--configure-vpn-lan:
+  cmd.run:
+    - name: mullvad lan set allow
+    - require:
+      - cmd: mullvad-vpn--configure-vpn-account
+      - pkg: mullvad-vpn--install-packages
+
+mullvad-vpn--configure-vpn-autoconnect:
+  cmd.run:
+    - name: mullvad auto-connect set on
+    - require:
+      - cmd: mullvad-vpn--configure-vpn-account
+      - cmd: mullvad-vpn--configure-vpn-lan
+      - pkg: mullvad-vpn--install-packages
+
+mullvad-vpn--configure-vpn-lockdownmode:
+  cmd.run:
+    - name: mullvad lockdown-mode set on
+    - require:
+      - cmd: mullvad-vpn--configure-vpn-account
+      - cmd: mullvad-vpn--configure-vpn-lan
+      - pkg: mullvad-vpn--install-packages
+
+mullvad-vpn--configure-vpn-dns:
+  cmd.run:
+    - name: mullvad dns set default --block-ads --block-trackers --block-malware --block-gambling --block-adult-content --block-social-media
+    - require:
+      - cmd: mullvad-vpn--configure-vpn-account
+      - cmd: mullvad-vpn--configure-vpn-lan
+      - pkg: mullvad-vpn--install-packages

diff --git a/salt/states/mullvad-vpn/mullvad-vpn--configure.sls b/salt/states/mullvad-vpn/mullvad-vpn--configure.sls
new file mode 100644 (file)
index 0000000..54fdaa3
--- /dev/null
+++ b/salt/states/mullvad-vpn/mullvad-vpn--configure.sls
@@ -0,0 +1,13 @@
+mullvad-vpn--configure-keyring:
+  file.managed:
+    - name: /usr/share/keyrings/mullvad-keyring.asc
+    - source: salt://mullvad-vpn/files/mullvad-keyring.asc
+    - user: root
+    - group: root
+    - mode: 644
+
+mullvad-vpn--configure-repo:
+  cmd.run:
+    - name: echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list
+    - require:
+       - file: mullvad-vpn--configure-keyring

diff --git a/salt/states/mullvad-vpn/mullvad-vpn--install-packages.sls b/salt/states/mullvad-vpn/mullvad-vpn--install-packages.sls
new file mode 100644 (file)
index 0000000..9f1a882
--- /dev/null
+++ b/salt/states/mullvad-vpn/mullvad-vpn--install-packages.sls
@@ -0,0 +1,10 @@
+include:
+  - mullvad-vpn.mullvad-vpn--configure
+
+mullvad-vpn--install-packages:
+  pkg.installed:
+    - refresh: True
+    - pkgs:
+      - mullvad-vpn
+    - require:
+      - cmd: mullvad-vpn--configure-repo

diff --git a/salt/states/top.sls b/salt/states/top.sls
index 830392ce70bfa1a632011087d1dbc37e710e0fcf..e56395e0f2c664431600b5f5f74bef9096ee37e3 100644 (file)
--- a/salt/states/top.sls
+++ b/salt/states/top.sls
@@ -43,3 +43,8 @@ base:
     - certbot
     - bind9
     - reboot
+
+  'raspi':
+    - hotspot
+    - mullvad-vpn
+    - reboot