From a057159c24192526f6a0767dfb405b8457a3529b Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andreas.mundt@steinbeisschule-reutlingen.de>
Date: Thu, 26 Oct 2023 08:11:44 +0200
Subject: [PATCH] Implement systemd-networkd and iwd for WLAN connection.

---
 lmn-client.yml                                |  3 +-
 roles/lmn_wlan_iwd/tasks/main.yml             | 60 +++++++++++++++++++
 .../{lmn_wlan => lmn_wlan_nm}/tasks/main.yml  |  0
 .../templates/ssid.nmconnection.j2            |  0
 4 files changed, 62 insertions(+), 1 deletion(-)
 create mode 100644 roles/lmn_wlan_iwd/tasks/main.yml
 rename roles/{lmn_wlan => lmn_wlan_nm}/tasks/main.yml (100%)
 rename roles/{lmn_wlan => lmn_wlan_nm}/templates/ssid.nmconnection.j2 (100%)

diff --git a/lmn-client.yml b/lmn-client.yml
index e4ece7c..2221901 100644
--- a/lmn-client.yml
+++ b/lmn-client.yml
@@ -159,5 +159,6 @@
     localuser: "{{ vault_localuser }}"
     localuser_pwd: "{{ vault_localuser_pwd }}"
   roles:
-    - lmn_wlan
+    - role: lmn_wlan_iwd
+      when: ansible_interfaces | select('search', 'wl.+') | first is defined
     - lmn_localuser
diff --git a/roles/lmn_wlan_iwd/tasks/main.yml b/roles/lmn_wlan_iwd/tasks/main.yml
new file mode 100644
index 0000000..7610abd
--- /dev/null
+++ b/roles/lmn_wlan_iwd/tasks/main.yml
@@ -0,0 +1,60 @@
+## Make sure to use an initrd providing firmware:
+##   wget https://cdimage.debian.org/cdimage/firmware/testing/current/firmware.cpio.gz
+##   cat initrd.gz firmware.cpio.gz > initrd-fw.gz
+---
+- name: Install iwd
+  ansible.builtin.apt:
+    name:
+      - iwd
+      - systemd-resolved
+    state: latest
+
+- name: Disable wpa-supplicant
+  ansible.builtin.systemd:
+    name: wpa_supplicant.service
+    state: stopped
+    enabled: False
+
+- name: Enable iwd
+  ansible.builtin.systemd:
+    name: iwd.service
+    state: started
+    enabled: True
+
+- name: Prepare directory for iwd
+  file:
+    path: /var/lib/iwd/
+    state: directory
+
+- name: Configure iwd for wifi device
+  ansible.builtin.copy:
+    dest: /var/lib/iwd/{{ ssid }}.psk
+    content: |
+      [Security]
+      Passphrase={{ wifipasswd }}
+
+- name: Use iwd but ignore wlan interfaces in NetworkManager
+  blockinfile:
+    dest: /etc/NetworkManager/NetworkManager.conf
+    block: |
+      [device]
+      wifi.backend=iwd
+      match-device=interface-name:wl*
+      managed=0
+
+- name: Configure systemd-networkd
+  ansible.builtin.copy:
+    dest: /etc/systemd/network/wlan-dhcp.network
+    content: |
+      [Match]
+      Name=wl*
+      [Network]
+      DHCP=yes
+      [DHCPv4]
+      UseDomains=true
+
+- name: Enable systemd-networkd
+  ansible.builtin.systemd:
+    name: systemd-networkd.service
+    state: started
+    enabled: True
diff --git a/roles/lmn_wlan/tasks/main.yml b/roles/lmn_wlan_nm/tasks/main.yml
similarity index 100%
rename from roles/lmn_wlan/tasks/main.yml
rename to roles/lmn_wlan_nm/tasks/main.yml
diff --git a/roles/lmn_wlan/templates/ssid.nmconnection.j2 b/roles/lmn_wlan_nm/templates/ssid.nmconnection.j2
similarity index 100%
rename from roles/lmn_wlan/templates/ssid.nmconnection.j2
rename to roles/lmn_wlan_nm/templates/ssid.nmconnection.j2