campus Wi-Fi access point and the campus ISP and the values of three
variables (~gate_lan_mac~, ~gate_wild_mac~, and ~gate_isp_mac~ in
[[file:private/vars.yml][=private/vars.yml=]]) match the actual hardware MAC addresses of the
-dongles. (For more information, see the tasks in section [[Configure
-Gate NetworkD]].)
+dongles. (For more information, see the tasks in the [[Configure Gate
+NetworkD]] section.)
At this point Gate was prepared for provisioning with Ansible.
** Configure Core NetworkD
Core's network interface is statically configured using the
-~systemd-networkd~ configuration files =10-lan.link= and
-=10-lan.network= installed in =/etc/systemd/network/=. Those files
-statically assign Core's IP address (as well as the campus name server
-and search domain), and its default route through Gate. A second
-route, through Core itself to Front, is advertised to other hosts, and
-is routed through a WireGuard™ interface connected to Front's public
-WireGuard™ VPN.
+~systemd-udevd~ configuration file =10-lan.link= and the
+~systemd-networkd~ configuration file =10-lan.network=, both installed
+in =/etc/systemd/network/=. Those files statically assign Core's IP
+address and its default route through Gate. A second route, through
+Core itself to Front, is advertised to other hosts, and is routed
+through a WireGuard™ interface connected to Front's public WireGuard™
+VPN.
Note that the ~[Match]~ sections of the =.network= files should
specify only a ~MACAddress~. Getting ~systemd-udevd~ to rename
interfaces has thusfar been futile (short of a reboot), so specifying
-a ~Name~ means the interface does not match, leaving it un-configured
-(until the next reboot).
+a ~Name~ means the interface will not be configured until after the
+next reboot.
The configuration needs the MAC address of the primary (only) NIC, an
example of which is given here. (A clever way to extract that name
** Configure Gate NetworkD
-Gate's network interfaces are configured using SystemD NetworkD
-configuration files that specify their MAC addresses. (One or more
-might be plug-and-play USB dongles.) These addresses are provided by
-the [[file:private/vars.yml][=private/vars.yml=]] file as in the example code here.
+Gate's network interfaces are configured by =.link= and =.network=
+files installed in =/etc/systemd/network=. The files specify
+interfaces by matching their MAC addresses. (One or more might be
+plug-and-play USB dongles.) The addresses are provided by the
+[[file:private/vars.yml][=private/vars.yml=]] file as in the example code here.
#+CAPTION: [[file:private/vars.yml][=private/vars.yml=]]
#+BEGIN_SRC conf :tangle private/vars.yml
gate_isp_mac: 08:00:27:3d:42:e5
#+END_SRC
+Note that the =.network= files do not use the interface names for
+reasons discussed in the [[Configure Core NetworkD]] section.
+
The tasks in the following sections install the necessary
configuration files.
[Link]
Name=lan
dest: /etc/systemd/network/10-lan.link
- notify: Reload networkd.
- name: Install 10-lan.network.
become: yes
[Link]
Name=wild
dest: /etc/systemd/network/10-wild.link
- notify: Reload networkd.
- name: Install 10-wild.network.
become: yes
[Link]
Name=isp
dest: /etc/systemd/network/10-isp.link
- notify: Reload networkd.
- name: Install 10-isp.network.
become: yes
campus ISP without interference from Ansible.
The following example =gate-isp.network= file recognizes an Ethernet
-interface by its MAC address.
+interface by its MAC address and configures it as a DHCP client. The
+block tangles to =private/gate-isp.network= as part of the test
+configuration.
#+CAPTION: [[file:private/gate-isp.network][=private/gate-isp.network=]]
#+BEGIN_SRC conf :tangle private/gate-isp.network :tangle-mode u=rw,g=,o=
UseDNS=false
#+END_SRC
+The same =gate-isp.link= and =gate-isp.network= files can be used to
+configure a wireless interface simply by replacing the interface MAC,
+though the machine will need to reboot in order to name the new
+interface ~isp~ and re-load the firewall rules with that new naming.
+
+Once the wireless interface is named ~isp~, WPA Supplicant can be
+supplied a configuration file like the following, and used to connect
+and authenticate.
+
+#+CAPTION: =/etc/wpa_supplicant/wpa_supplicant-isp.conf=
+#+BEGIN_SRC conf
+ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=root
+network={
+ ssid="Access Point Name"
+ scan_ssid=1
+ key_mgmt=WPA-PSK
+ psk="access point passphrase"
+}
+#+END_SRC
+
+#+BEGIN_SRC sh
+sudo systemctl start wpa_supplicant@isp
+networkctl
+sudo systemctl enable wpa_supplicant@isp
+#+END_SRC
+
+The same =gate-isp.link= and =gate-isp.network= files would also be
+used with a USB tether simply by replacing the interface MAC. Again,
+the machine will need to reboot in order to name the interface ~isp~
+and re-load the firewall rules with that new naming.
+
** Configure Gate ResolveD
Gate provides name service on the wild Ethernet by having its "stub
projects / Institute / commitdiff