- change "wifi" role to "ap"

roles/ap/files/dnsmasq.conf

@@ -0,0 +1,7 @@
+interface=wlan0
+dhcp-range=10.250.250.2,10.250.250.6,255.255.255.248,24h
+listen-address=10.250.250.1
+bind-interfaces
+server=8.8.8.8
+bogus-priv
+domain=demo.dsfinancial.com

roles/ap/files/hostapd.conf

@@ -0,0 +1,15 @@
+interface=wlan0
+driver=nl80211
+hw_mode=g
+channel=6
+ieee80211n=1
+wmm_enabled=1
+ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
+macaddr_acl=0
+ignore_broadcast_ssid=0
+wpa=2
+auth_algs=1
+wpa_key_mgmt=WPA-PSK
+rsn_pairwise=CCMP
+ssid=PHLIPAMT
+wpa_passphrase=dsfinisdemo

roles/ap/files/iptables.ipv4.nat

@@ -0,0 +1,18 @@
+# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
+*filter
+:INPUT ACCEPT [7056:1877085]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [6972:1880076]
+-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A FORWARD -i wlan0 -o eth0 -j ACCEPT
+COMMIT
+# Completed on Thu Mar 14 09:59:15 2019
+# Generated by iptables-save v1.6.0 on Thu Mar 14 09:59:15 2019
+*nat
+:PREROUTING ACCEPT [15:3832]
+:INPUT ACCEPT [15:3832]
+:OUTPUT ACCEPT [110:30472]
+:POSTROUTING ACCEPT [106:29680]
+-A POSTROUTING -o eth0 -j MASQUERADE
+COMMIT
+# Completed on Thu Mar 14 09:59:15 2019

roles/ap/tasks/main.yaml

@@ -0,0 +1,101 @@
+---
+- name: configure wlan0
+  become: true
+  blockinfile:
+    path: /etc/dhcpcd.conf
+    block: |
+      interface wlan0
+      static ip_address=10.250.250.1/29
+      nohook wpa_supplicant
+  tags: wireless_ap
+- name: install hostapd
+  become: true
+  apt:
+    name: ['hostapd']
+    state: present
+  tags: wireless_ap
+- name: configure hostapd
+  become: true
+  template:
+    src: "{{ role_path }}/templates/hostapd.conf.j2"
+    dest: "/etc/hostapd/hostapd.conf"
+    owner: root
+    group: root
+    backup: yes
+  tags: wireless_ap
+- name: configure hostapd startup
+  become: true
+  tags: wireless_ap
+  lineinfile:
+          state: present
+          path: "{{ item.path }}"
+          regexp: "{{ item.regexp }}"
+          line: "{{ item.line }}"
+  with_items:
+          - { path: "/etc/init.d/hostapd", regexp: "^DAEMON_CONF=", line: "DAEMON_CONF=/etc/hostapd/hostapd.conf" }
+          - { path: "/etc/default/hostapd", regexp: "^#DAEMON_CONF=", line: "DAEMON_CONF=\"/etc/hostapd/hostapd.conf\"" }
+- name: enable hostapd
+  become: true
+  systemd:
+          name: hostapd
+          enabled: yes
+          masked: no
+          state: restarted
+  tags: wireless_ap
+- name: install dnsmasq
+  become: true
+  apt:
+    name: ['dnsmasq']
+    state: present
+  tags: wireless_ap
+- name: configure dnsmasq
+  become: true
+  copy:
+    src: "{{ role_path }}/files/dnsmasq.conf"
+    dest: "/etc/dnsmasq.conf"
+    backup: yes
+    owner: root
+    group: root
+  tags: wireless_ap
+- name: enable dnsmasq
+  become: true
+  systemd:
+          name: dnsmasq
+          enabled: yes
+          masked: no
+          state: restarted
+  tags: wireless_ap
+- name: enable ipv4.forwarding
+  become: true
+  sysctl:
+          name: net.ipv4.ip_forward
+          value: 1
+          sysctl_set: yes
+          state: present
+          reload: yes
+  tags: wireless_ap
+- name: copy fw config
+  become: true
+  copy:
+    src: "{{ role_path }}/files/iptables.ipv4.nat"
+    dest: "/etc/iptables.ipv4.nat"
+    backup: yes
+    owner: root
+    group: root
+  tags: wireless_ap
+- name: iptables-restore to rc.local
+  lineinfile:
+    path: "/etc/rc.local"
+    state: present
+    insertbefore: "exit 0"
+    line: "iptables-restore < /etc/iptables.ipv4.nat"
+  become: true
+  tags: wireless_ap
+- name: restart dhcpcd
+  become: true
+  systemd:
+    name: dhcpcd
+    enabled: yes
+    masked: no
+    state: restarted
+  tags: wireless_ap

roles/ap/templates/hostapd.conf.j2

@@ -0,0 +1,15 @@
+interface=wlan0
+driver=nl80211
+hw_mode=g
+channel=6
+ieee80211n=1
+wmm_enabled=1
+ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
+macaddr_acl=0
+ignore_broadcast_ssid=0
+wpa=2
+auth_algs=1
+wpa_key_mgmt=WPA-PSK
+rsn_pairwise=CCMP
+ssid={{ site_clli }}
+wpa_passphrase=dsfinisdemo