From: Andreas Glashauser Date: Mon, 24 Mar 2025 15:37:56 +0000 (+0100) Subject: ADDED: states for setting up a mullvad-hotspot on a raspberrypi X-Git-Url: https://git.andreasglashauser.com/?a=commitdiff_plain;ds=sidebyside;p=salt-infra.git ADDED: states for setting up a mullvad-hotspot on a raspberrypi --- diff --git a/salt/pillar/services.sls b/salt/pillar/services.sls index c4c51c9..77488b3 100644 --- a/salt/pillar/services.sls +++ b/salt/pillar/services.sls @@ -41,3 +41,24 @@ services: fQ== =YMy2 -----END PGP MESSAGE----- + mullvad: + account: | + -----BEGIN PGP MESSAGE----- + + hF4D+CZXdqKq9X4SAQdAvvEzFn/npfXBkWr9SI3wyPwU1NjMIIbn7ukYm41AUXIw + BN+TEIeo0QLnzTJGTpHzWKdksUu5BA7MOkYw8UkxR9Fgzce89zw1vJ0cm+tAIPAO + 0kwB5wvQSbkRKDSz1cwf4lb7LuVmzDjaWnwq+DbgVwJWXi8KTIRo+z2ESax3Kp+A + 6aFUzcmyVVaKFQOkFl0+2xtt/MTPjoNo7uhLKnIf + =QCjK + -----END PGP MESSAGE----- + + hotspot: + password: | + -----BEGIN PGP MESSAGE----- + + hF4D+CZXdqKq9X4SAQdAWzoLl8U+ljDJyqurZ+gCAD5hvXZQF4hEakjtYuX7Bzgw + kCIhFnWJELtoZnbvFop+ef9Ac1TClsE8ZgYrzSAkTmnhcfdKIFU2mW1yyglDrNUJ + 0kQBjh34q7YvatspRvROBGW0NVbNM1XweTxkGBJ2fq6JlLj1/RejrPqBIdLzew4C + AOAI6Eq5wJWinPwsmdobSoPWEbzNMQ== + =CXiE + -----END PGP MESSAGE----- diff --git a/salt/states/hotspot/files/NetworkManager.conf b/salt/states/hotspot/files/NetworkManager.conf new file mode 100644 index 0000000..06c5d59 --- /dev/null +++ b/salt/states/hotspot/files/NetworkManager.conf @@ -0,0 +1,8 @@ +[main] +plugins=ifupdown,keyfile + +[ifupdown] +managed=true + +[device] +wifi.scan-rand-mac-address=no diff --git a/salt/states/hotspot/files/hotspot.nmconnection b/salt/states/hotspot/files/hotspot.nmconnection new file mode 100644 index 0000000..9f75903 --- /dev/null +++ b/salt/states/hotspot/files/hotspot.nmconnection @@ -0,0 +1,28 @@ +[connection] +id=hotspot +uuid=3d9094d9-e09f-4cf2-87d5-72f67f93b9dd +type=wifi +interface-name=wlan0 +timestamp=1738389031 + +[wifi] +band=bg +mode=ap +ssid=ag - Hotspot + +[wifi-security] +group=ccmp; +key-mgmt=wpa-psk +pairwise=ccmp; +pmf=2 +proto=rsn; +psk={{ pillar['services']['hotspot']['password'] }} + +[ipv4] +method=shared + +[ipv6] +addr-gen-mode=default +method=disabled + +[proxy] diff --git a/salt/states/hotspot/files/sysctl.conf b/salt/states/hotspot/files/sysctl.conf new file mode 100644 index 0000000..119d730 --- /dev/null +++ b/salt/states/hotspot/files/sysctl.conf @@ -0,0 +1 @@ +net.ipv4.ip_forward=1 diff --git a/salt/states/hotspot/hotspot--configure.sls b/salt/states/hotspot/hotspot--configure.sls new file mode 100644 index 0000000..d24ecb4 --- /dev/null +++ b/salt/states/hotspot/hotspot--configure.sls @@ -0,0 +1,38 @@ +hotspot--configure: + file.managed: + - name: /etc/NetworkManager/system-connections/hotspot.nmconnection + - source: salt://hotspot/files/hotspot.nmconnection + - template: jinja + - user: root + - group: root + - mode: 600 + +hotspot--configure-networkmanager: + file.managed: + - name: /etc/NetworkManager/NetworkManager.conf + - source: salt://hotspot/files/NetworkManager.conf + - user: root + - group: root + - mode: 644 + +hotspot--configure-ipforwarding: + file.append: + - name: /etc/sysctl.conf + - source: salt://hotspot/files/sysctl.conf + +hotspot--configure-iptables: + cmd.run: + - name: iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE + - require: + - pkg: hotspot--install-packages + +hotspot--configure-persistent-iptables: + cmd.run: + - name: iptables-save > /etc/iptables/rules.v4 + - watch: + - cmd: hotspot--configure-iptables + - require: + - pkg: hotspot--install-packages + - file: hotspot--configure + - file: hotspot--configure-ipforwarding + - cmd: hotspot--configure-iptables diff --git a/salt/states/hotspot/hotspot--install-packages.sls b/salt/states/hotspot/hotspot--install-packages.sls new file mode 100644 index 0000000..ea2d13a --- /dev/null +++ b/salt/states/hotspot/hotspot--install-packages.sls @@ -0,0 +1,5 @@ +hotspot--install-packages: + pkg.installed: + - refresh: True + - pkgs: + - iptables-persistent diff --git a/salt/states/hotspot/init.sls b/salt/states/hotspot/init.sls new file mode 100644 index 0000000..9d3a9de --- /dev/null +++ b/salt/states/hotspot/init.sls @@ -0,0 +1,3 @@ +include: + - hotspot.hotspot--install-packages + - hotspot.hotspot--configure diff --git a/salt/states/mullvad-vpn/files/mullvad-keyring.asc b/salt/states/mullvad-vpn/files/mullvad-keyring.asc new file mode 100644 index 0000000..63052fe --- /dev/null +++ b/salt/states/mullvad-vpn/files/mullvad-keyring.asc @@ -0,0 +1,84 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFgRmCoBEAChee2rs/braqjqim1D+uvTBpPZzkpccJVb2SqhErQKs54iJVyo +H5pNrGR4VIzFRUnY7fbATo2Ej+0MlglXahl4ok93XmeDz04P5rH2NKnLvWYdaK1C +9Lvpq22t1nytJuhc124UBahVVEYjc7l2+JGdTh7WvLj8FXqfnnmI1upVU48S70RL +oM3tSDZqQaO3OGCc0znMNBGI/uKNNwc6Omm6KPvczOhci7bnKt0b0R6TrXufvgOG +y1DM9sntIbXtpIjOuZdTWyrGTm/AvT6zddPFjN8SN6ZIfoRmJT6ROB6ZTtiz/d20 +VJ87QPEfVRKrMImZxtkJtSliojZB/I3/bkP7A4pvgJ6cJ+ErwW4cfqc3DrWaZY+D +4AZnk71FA6C5rQdkFbfkgyUMY1WeKX+8N/R+e5oLGmoVI/fdHu1z0JkJJvEraAO9 ++qX2mOcW5h/NRxv0Xw57fjMhnMha7bWs8Jn5AchDPJZs1U64Wr36FuSvcdxc0ON/ +WaX4RL/J5OtJHu+2FB+UB1/JuICdOP07/KFxUJod43KwwBctLUHOOz3m1KIVcnXR +l6+gNQ7vxGm+xghN/zG7lgPLuw5ToCCkMLkQydsRPRSlm0f2zqbQUD3jn+4zZ2ma +HBHcu6Ld8SSGPp5XIauAKhqZA9IkD5VPgqlrm0iJ4emzPYGp7PMFFdH3qQARAQAB +tCpNdWxsdmFkIChjb2RlIHNpZ25pbmcpIDxhZG1pbkBtdWxsdmFkLm5ldD6JAjUE +EwEIAB8CGwMCHgECF4AFAlgR6R8ECwkIBwUVCgkICwQWAgMBAAoJENWh1PJm3o3f +muQQAJElHN6lLhpOgrbRprJAR15HfRI0Leoomfu5V53Qieqf+6O3TF4PC9JRn+v8 +NYOMsBmBgosvO8YcABA3wYTW6qyRGr+8zQePltEe/J9SE3oCbb4K5KWEThiicZ6R +o0sJgXB3l0CIHVP+/3bWeZlBpTJNMLOEM+WsEsTe6v7hZfF7HIubVdKSIbQy7T3X +nsk8840rt5LjJiNtSpsG+EJOIGEdXH5FAis35pTLrbkgnL3Evyjd2OW1grciqF+v +7aba2g/2zpEGEdtbJKO5C4nG9CHcN5BlaSev0oQlKWuRSG3igwauZFe/0RQPkH/V +kCOHA3l8NTlublQCdLLLrJJyX7aODH+AKLaVci17ogtGwwO+xNh0h4ejM0QuMLYV +giMCpxRT5uUuOHbh3by1rwTSb+8dvIw3KyW1TbZ6LFCQHX+8Zs7xU7KQ6tGZ6Pvr +Fhk/YiM8J+Fe+rBGwEcUfo/ALv4p7qHpRVA7CvdrzKg66iaN+iPQzsptamoSLsCj +SYbjIby74X0vppRAg7sDXiAxJSRPXM3h1xO83yk1HMrswwWAUuJeToYRXOHYl5zN +i3E0D6I5Zk1ioO9XPE7oILwJ7YaO4XuC3UuNMwWPSvOoJxbnsUdHpenITvbpe9DP +z4HGzZWbUtShFDq77MDhv9vkNaFUOgP7AfO5N/35pVCkI4m1uQINBFgRmCoBEADT +5YK+TLcGSzC4ML7t8VW+rVpYyY3pswX8dL058LYfCIrlaNa14/UvINvjA5529SWr +jmmDluD8fqtMSFHw6l+XwPMOwvETAjaMLS6c/MLFmw2gHR2ARHBmLEn/ux9kZ03Y +dEKak5wvkUVqLV7EgGnvfrI0FUw/gaIfdtAt0dcvpAG0bILXQtcYEj7BtiAdxiWL +O8HMUzD7kj0Q2IUbA3bO4dAtJtXDyY+Ash/kqLzm+0kZtzk4FLWZT2CMw9l73mIT +/f03+y8oBe1KhZ5FzqgUxQXdjV5hkWyFNbBn4+dsyoMltnVDPkRznIHDWJXiKUV+ +buSQ+xewO/flwrwcgbdTtH5qfuxtNBA2AkVs/dul8FJHeSCB7at6Vy1m8/xFlxgc +QOk/wwiDKLBub0uIE6TfNs7SvAOUuZP5syLQq8ZeyYMWGrWQKgAEmHlXr0uCrqVF +O5vjaja8Zwc6wdApiFxjiBzl3z7UiE3fafpeO9nqLwaZqz0RPCEpvCrkpDi4Gl2W +nfWmQbj2jEpUER1osJhvNRCEfA12IUWjp1vFJhy31i6gTXdCxVBasQrxpJBEZnuJ +57yIZ+FbdMI0wQD2OMdUYxx4o9p6aGwhotSBrgpM0cfZ5LruP6MjBfWKqLnZBuYk +prqWeh5rgtXIebsiGYp7V3Ay9pcoilbzh53/wU6y+wARAQABiQIfBBgBCAAJBQJY +EZgqAhsMAAoJENWh1PJm3o3fbfoP/RfOil8d3hNK+qgG4Xh46bF/UmGzorYbVzzP +myXXRHTMh3/Br2tPOOnhP65nKJnv8pqCuK1UOJpfXUXDyRpAP7opiWRaS0gbU9s6 +RBy499P/LyMmvZbM4YkpxwPJkC6JaITQ+ZtnPQp+MYLizsz5OD8utyfoPWDOdaEf +3JHOvupcItDL3DDKw5zPzrI6pKc0IMObO5VI/uU3BIf0x+FKh2rhMVMI+Psapotm +qhpaPZoz/QPapS2WiMNr7cInLxx7/fv/RLEr5WSVn1eAKkKuXUO/VB5+h4GdP/YV +boBW4wMneEEkJX3iLr/IM1GQdQK/db4fyWAKh7LhzS9ZCVMxm5BU6GkId7GI2jFE +djmedt6iF6Tyk0/49WjU/qAZ9H0IHgpyNCwUqPpzWgRiiIbZryRXycht/rH6zuL1 +8p5N6r7AgT6s6kCHfrNK/zxMOzylUuwng1EnLCmlg88PoCCQpaNFZkqwIR0LCh3p +Xp8zAp+0Sx2td1FtjbEw+OaNCmmJoMqoejuw0nSOFdQUUNAB5WGeZQLoPaastanW +ir6XcUChoy/1osuovAPNKpWWUxWDdW+62mV8s2ArkLzhgl0FmLZhu+VBKrQaNUKV +WmPnMRZF6f1C3M8l5DtT1VzfEr1A9ON6uZzKITLlJdBltVFkV7qJTsxbsoj0AJj7 +0VY4XEjauQINBFgR4mgBEACsFJ+BkT+yBxB0E2MNUAcW5stDgscDOJOAXS/ViYd8 +68FqC87VnG+bgTqG2atRqb493RoCHwZyL3L9JniadSk35d9JEQBWzCPff+kEy5Uc +bwzvSUJyCfjFdxU4YgH/bMt+RXi1mVjLcGTthRp4IfBxQcluI//rxP1kurrqq+lO +wj7n+h1wxrdhvXXDiAeBJqlQcBjeT0VLc74PYQJ3SbpeX1aFaxsVATGpgXf3SWp+ +8vRCmzM9CnyZW8BeaXBrkwiZQEOeiqnQ0MWaD/8Fs6WWfiyoObJcadmS7HgqCfw7 +SwjSUjSPAr+Vr02P83S59u8ql0RWtDI8CCXcSc1t4u52lvXBdO3nKa9+PeW64I+A +UfqgJOmfhWZsoImV1pCx+RzY6luFp7H7JVACAi3Z1s24fsRhN5wVZ/hjKn7xGPv0 +O+zFVGWXs/JKl6Bv7xMR0epL+D0d13ahPZYHyLqLfdeJwg2HT1BUAPy+QCy5rhzS +iEjeygqVzwNTcBPnu1PFhzXSdGMvHKTFXwO5xPwqanvKUd9zH6Xxan5wAJL7yRPq +7/MSEqUFiE+OfVTeZ3PDduLrkrQm0ZIgTl4EkUNn70YbzrPnEDh7EMETNnAqjNU3 +5iwELxRyxjUdSaIuF/5gSfc4DG/c8miUrYAaXyqMuJWuF7aNnVnSQJDZCjnf//Yy +KQARAQABiQQ+BBgBCAAJBQJYEeJoAhsCAikJENWh1PJm3o3fwV0gBBkBCAAGBQJY +EeJoAAoJEKJlgfIZyDFMyBwP/ih4/pKyfQOdgP03IXK0v9dhKOs+PcSAd4BC+ACV +kDz+N4Pui7/6FJ7+hSJE7Tf2vcWYYbtTrVCz335VCf5zWC/Tz8aXs9MOBlMeZNOS +2Fsi8P1KOv2BD7qi+m6fkHJ59hDXp2SzvmYRNRgn3N1QpuJl6bjssLmG7X+8NrNA +JZedzfXmvxDfnxaqKTwGotlJXVo5b/wB1ZXn7yr3zecuXKvcG1SJTGCSyK98jyip +S/0qAOqzd6FPbNEl/4ehKPX5STdZytTzN8lcbtfTMUA6qLqe/5Tvt50n8yDD3bEh +ripRSaC2BoVDADwxo7kDhTO6c1xCNMdG/9dHMelbzOPuxJhVMkNzL+dR5V6Q3Clt +I2rjANqWq/3G7kA4oaItoYOYnh9J8a7P/bkMFbrGEYmaYu9PCqLY5NzqaCKlNyJP +Fy8u0TdBhiyoBWWarTN6fZwTG6MotHPi9q0iWPfsb9kyoRJWIcvEJq+Vi0wE0+9/ +kXgibqh76U5JekysGV/dBgXaPF4XAPCpBaEe9sbD2PVeUDZPuVeo3c8iGPK1NxmJ +dt1ktfCcuV3MYCo1DGifuOCCvVaJms6IEFjLPAEQmTGhRSVzTWZ7J8HoDqulhlJh +HxLT7KI9z85238zplUarSEZ42gNT5SQd35prGVlJDVBwRm2NmJurcfU/EcPi++eD +0hJhWrYP/3lW/OOkR5NZCK8HhKYM2kBcAsOC/6x5vV1VISslZY2LB3jKq+XhXlPO +cEmQVMPliBx4yuFrPOKk1+87D9bEL5LJBQskgQwFe2Pg9QirIYflO+P+1LJK3U/g +3NnlkSrOTRV0M/AvhtU/8R3V2V423pm3sjQsaRdMMtWGfsFNJxvotBkwgEDwDu7h +sZqzL0zFucm+iMAhGnqi+EZEPXwbX1Utp7S8edBCztfytQMjnJ6jv4UCz///rc3i +8IDlMo2d19CW/psPS4v7lns5g9oqCGpRbGRllrBV1M/o7bs7+1NyvPTJm9UAmt5U +iApao4vt4YOG5w0vYd0t50pDS/j3TGjbakgxZpNUMpAgrhnelClKDsXbCVGCyhlJ +ZOw9Q9t4vIAhFFSpxEDl1NREOUInoK3R4yo4Ep4sq6cbfZvoyAYZf1zpQHQX9OBN +DKp1jwGLA3+0Jna2/1QUYFLjFiz9bdL+1nT9k/RStFBauRh529r+M1WlkwqNIL+L +bRGm0rXbWu9eiLhq2ldnfIADOtccUll10RznrjumqgYYw2CI0YUudzpzIghAKZyo +THYPADmBfvN2pZa/KU3c1OSKHOH2b91Xi97k3u0fECMHLgXctA3BkQ69fONSzx/c +abgtcydAU0wAD3mG3mr1XI96uOMeVNK0wgYyO5VhzZNziSFhls0D +=kwTD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/salt/states/mullvad-vpn/init.sls b/salt/states/mullvad-vpn/init.sls new file mode 100644 index 0000000..9b4924b --- /dev/null +++ b/salt/states/mullvad-vpn/init.sls @@ -0,0 +1,4 @@ +include: + - mullvad-vpn.mullvad-vpn--configure + - mullvad-vpn.mullvad-vpn--install-packages + - mullvad-vpn.mullvad-vpn--configure-vpn diff --git a/salt/states/mullvad-vpn/mullvad-vpn--configure-vpn.sls b/salt/states/mullvad-vpn/mullvad-vpn--configure-vpn.sls new file mode 100644 index 0000000..eaaf804 --- /dev/null +++ b/salt/states/mullvad-vpn/mullvad-vpn--configure-vpn.sls @@ -0,0 +1,46 @@ +include: + - mullvad-vpn.mullvad-vpn--install-packages + +mullvad-vpn--configure-vpn-account: + cmd.run: + - name: mullvad account login {{ pillar['services']['mullvad']['account'] }} + - require: + - pkg: mullvad-vpn--install-packages + +mullvad-vpn--configure-vpn-connect: + cmd.run: + - name: mullvad connect + - require: + - cmd: mullvad-vpn--configure-vpn-account + - pkg: mullvad-vpn--install-packages + +mullvad-vpn--configure-vpn-lan: + cmd.run: + - name: mullvad lan set allow + - require: + - cmd: mullvad-vpn--configure-vpn-account + - pkg: mullvad-vpn--install-packages + +mullvad-vpn--configure-vpn-autoconnect: + cmd.run: + - name: mullvad auto-connect set on + - require: + - cmd: mullvad-vpn--configure-vpn-account + - cmd: mullvad-vpn--configure-vpn-lan + - pkg: mullvad-vpn--install-packages + +mullvad-vpn--configure-vpn-lockdownmode: + cmd.run: + - name: mullvad lockdown-mode set on + - require: + - cmd: mullvad-vpn--configure-vpn-account + - cmd: mullvad-vpn--configure-vpn-lan + - pkg: mullvad-vpn--install-packages + +mullvad-vpn--configure-vpn-dns: + cmd.run: + - name: mullvad dns set default --block-ads --block-trackers --block-malware --block-gambling --block-adult-content --block-social-media + - require: + - cmd: mullvad-vpn--configure-vpn-account + - cmd: mullvad-vpn--configure-vpn-lan + - pkg: mullvad-vpn--install-packages diff --git a/salt/states/mullvad-vpn/mullvad-vpn--configure.sls b/salt/states/mullvad-vpn/mullvad-vpn--configure.sls new file mode 100644 index 0000000..54fdaa3 --- /dev/null +++ b/salt/states/mullvad-vpn/mullvad-vpn--configure.sls @@ -0,0 +1,13 @@ +mullvad-vpn--configure-keyring: + file.managed: + - name: /usr/share/keyrings/mullvad-keyring.asc + - source: salt://mullvad-vpn/files/mullvad-keyring.asc + - user: root + - group: root + - mode: 644 + +mullvad-vpn--configure-repo: + cmd.run: + - name: echo "deb [signed-by=/usr/share/keyrings/mullvad-keyring.asc arch=$( dpkg --print-architecture )] https://repository.mullvad.net/deb/stable $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/mullvad.list + - require: + - file: mullvad-vpn--configure-keyring diff --git a/salt/states/mullvad-vpn/mullvad-vpn--install-packages.sls b/salt/states/mullvad-vpn/mullvad-vpn--install-packages.sls new file mode 100644 index 0000000..9f1a882 --- /dev/null +++ b/salt/states/mullvad-vpn/mullvad-vpn--install-packages.sls @@ -0,0 +1,10 @@ +include: + - mullvad-vpn.mullvad-vpn--configure + +mullvad-vpn--install-packages: + pkg.installed: + - refresh: True + - pkgs: + - mullvad-vpn + - require: + - cmd: mullvad-vpn--configure-repo diff --git a/salt/states/top.sls b/salt/states/top.sls index 830392c..e56395e 100644 --- a/salt/states/top.sls +++ b/salt/states/top.sls @@ -43,3 +43,8 @@ base: - certbot - bind9 - reboot + + 'raspi': + - hotspot + - mullvad-vpn + - reboot