support AP+STA mode, and hostapd in general, by adapting MkLHX/AP_STA_RPI_SAME_WIFI_CHIP#12

Author: ipitio

README.md

@@ -32,10 +32,11 @@ A SaaH-HaaS[-Spoke] topology may be useful when you can't forward the WireGuard
 Move everything in `examples/` out to the parent directory. The files to edit are:
 
 - `dhcp/*dhcp*`: DHCP config, if you want to use the node as a DHCP server but don't want to use Pi-hole for it
-- `netplan/{closed,open}.yml`: network config when gateway is reachable or not, respectively
+- `netplan/{closed,open}.yml`: network config when internet is reachable or not, respectively
 - `env.sh`: environment variables for the scripts
 - `compose.yml`: environment variables for the services and bare WireGuard
 - `hooks/{pre,post}-{up,down}.sh`: scripts that run from the project directory before and after everything is started or stopped
+- `hostapd/*.conf`: hostapd configs for your non-netplan APs, for more control and AP+STA mode support
 
 Keep in mind that:
 
@@ -55,7 +56,7 @@ Keep in mind that:
 Set a node up in two or three steps:
 
 1. Move this directory to the target in any way you like. If you install the `deb` package provided in [Releases](https://github.com/ipitio/closure/releases), the directory will be `/opt/closure`.
-2. Modify the files above and, if you didn't install the package, spin everything up by running `sudo bash kickstart.sh` from the directory. Otherwise, just reboot.
+2. Modify the files above and, if you didn't install the package, spin everything up either by running `sudo bash kickstart.sh` from the directory or by moving `rc.local` to `/etc` and making it executable. Otherwise, just reboot.
 3. On a Hub or HaaS, add a Spoke or SaaH peer. To finish adding the SaaH peer to a HaaS, run `add.sh` (as described below) for it, after Step 3, with `-a` to correctly set the peer's AllowedIPs. Then add an `SERVER_ALLOWEDIPS_PEER_[SaaH]=` environment variable -- using the peer's name sans the brackets -- for the wireguard service with the difference of `0.0.0.0/1,128.0.0.0/1,::/1,8000::/1` minus the peer's IP and run `sudo bash restart.sh`. This [AllowedIPs Calculator](https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator) is pretty nifty.
 
 Set a Hub or HaaS up first, so you can generate the necessary peer configuration for a Spoke or SaaH, then drop it in the Spoke's or SaaH's `wireguard/config/wg_confs` directory after its Step 1.

debian/control

@@ -4,9 +4,9 @@ Homepage: https://github.com/ipitio/closure
 Standards-Version: 3.9.2
 
 Package: closure
-Version: 1.3
+Version: 1.4
 Maintainer: ipitio <21136719+ipitio@users.noreply.github.com>
-Depends: curl, docker-ce, docker-ce-cli, containerd.io, docker-buildx-plugin, docker-compose-plugin, macchanger, network-manager, isc-dhcp-server, iw, net-tools, qrencode, wireguard, wireless-tools, wmctrl, wget
+Depends: containerd.io, curl, docker-ce, docker-ce-cli, docker-buildx-plugin, docker-compose-plugin, hostapd, isc-dhcp-server, iw, macchanger, network-manager, net-tools, qrencode, rfkill, wireguard, wireless-tools, wmctrl, wget
 Recommends: build-essential, byobu, dkms, iperf3, nmap, tmux, traceroute
 Copyright: debian/copyright
 Readme: debian/README.Debian

examples/env.sh

@@ -35,8 +35,17 @@ CLS_DOMAIN="internal"
 # Expected network speed as described here: https://man7.org/linux/man-pages/man8/tc-cake.8.html
 CLS_BANDWIDTH=""
 
+# Load "serial", "ether", etc. module, leave empty for host mode
+CLS_OTG_g_=""
+
 # If using a wireless interface to connect to the gateway, set its name
 CLS_WIFACE=""
 
-# Load "serial", "ether", etc. module
-CLS_OTG_g_=""
+# Create hotspot(s) using hostapd, instead of including in netplan, eg. for the STA+AP mode example below
+CLS_AP_HOSTAPD=false
+
+# "/" separated list of interfaces to use for the hostapd AP
+CLS_AP_WIFACES="ap@$CLS_WIFACE"
+
+# "/" separated list of names of the respective configs in `hostapd/` for the above interfaces
+CLS_AP_CONFIGS="ap@"

examples/hostapd/ap@.conf

@@ -0,0 +1,67 @@
+ctrl_interface=/var/run/hostapd
+ctrl_interface_group=0
+driver=nl80211
+
+# Commented options depend on your hardware, the rest probably work on newer hardware
+
+# Automatically set at runtime
+interface=
+
+# IEEE 802.11
+ssid=star
+country_code=PA
+ieee80211d=1
+ieee80211h=1
+hw_mode=g
+channel=11
+wmm_enabled=1
+macaddr_acl=0
+auth_algs=1
+ap_max_inactivity=691200
+basic_rates=180 240 360 480 540
+rts_threshold=534
+fragm_threshold=784
+preamble=1
+#wds_sta=1
+
+# RADIUS
+nas_identifier=router.cls
+radius_server_ipv6=0
+
+# IEEE 802.11n
+ieee80211n=1
+#ht_capab=
+
+# IEEE 802.11i
+wpa=2
+wpa_passphrase=C10sure_
+wpa_key_mgmt=WPA-PSK
+wpa_pairwise=CCMP
+extended_key_id=1
+ieee80211w=1
+beacon_prot=1
+#ocv=2
+okc=1
+dhcp_rapid_commit_proxy=1
+
+# IEEE 802.11r
+mobility_domain=1337
+reassociation_deadline=20000
+ft_psk_generate_local=1
+r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
+
+# IEEE 802.11v
+bss_transition=1
+#proxy_arp=1
+
+# IEEE 802.11k
+rrm_neighbor_report=1
+rrm_beacon_report=1
+
+# MBO
+#mbo=1
+#mbo_cell_data_conn_pref=1
+
+# Airtime
+#airtime_mode=2
+#airtime_bss_weight=1