diff options
author | Lars Wirzenius <liw@liw.fi> | 2024-03-24 08:11:39 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2024-03-24 08:11:39 +0200 |
commit | 0461f36853595f5500cd203ba61bfbdbed6ad239 (patch) | |
tree | 35c66079c170972f043ce2fe0b3a982131e27ad0 | |
parent | 26ba6bdcc632cfdebd868504590577913546d27b (diff) | |
download | ansibleness-0461f36853595f5500cd203ba61bfbdbed6ad239.tar.gz |
kea updates for Puomi testing
-rw-r--r-- | ansible/kea.yml | 69 | ||||
-rw-r--r-- | v-i/kea-spec.yaml | 3 |
2 files changed, 16 insertions, 56 deletions
diff --git a/ansible/kea.yml b/ansible/kea.yml index 8841b9b..b21f6be 100644 --- a/ansible/kea.yml +++ b/ansible/kea.yml @@ -3,74 +3,35 @@ become: no roles: - role: sane_debian_system - tags: [sane] - comfortable-debian-system - - gnome-system - - mail-client - intel-wifi - - self-updating-system - ssd + - sshd - unix_users - tasks: - - lineinfile: - path: /etc/gdm3/daemon.conf - regex: WaylandEnable - line: WaylandEnable=false - - apt: - name: - - flatpak - - gnome-software-plugin-flatpak - - cups - - nfs-common - - ufw - - apt: - deb: https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb - - shell: - flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - - ufw: - state: enabled - policy: deny - - ufw: - port: ssh - rule: allow + - puomi vars: ansible_python_interpreter: /usr/bin/python3 sane_debian_system_version: 2 - sane_debian_system_hostname: kea - sane_debian_system_codename: bullseye + sane_debian_system_hostname: "{{ inventory_hostname }}" + sane_debian_system_codename: bookworm sane_debian_system_timezone: Europe/Helsinki sane_debian_system_sources_lists: - repo: | - deb http://deb.debian.org/debian bullseye contrib non-free + deb http://deb.debian.org/debian bookworm contrib non-free - repo: | - deb-src http://deb.debian.org/debian bullseye main contrib non-free - - - repo: | - deb http://security.debian.org/debian-security bullseye-security main contrib non-free + deb http://security.debian.org/debian-security bookworm-security main contrib non-free unix_users_version: 2 unix_users: - - username: soile - comment: Soile Mottisenkangas - groups: - - audio - - bluetooth - - cdrom - - dialout - - dip - - floppy - - netdev - - plugdev - - scanner - - video - authorized_keys: | - {{ liw_personal_ssh_pub }} + - username: liw + comment: Lars Wirzenius + + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key kea') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 kea') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" - mailname: kea.liw.fi - hostname: "{{ sane_debian_system_hostname }}" - relayhost: pieni.net:587 - smarthost: pieni.net - smarthost_user: pienirelay - smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" + puomi_version: 1 + puomi_lan_ip: 10.2.0.1 diff --git a/v-i/kea-spec.yaml b/v-i/kea-spec.yaml index aeeb595..d19609c 100644 --- a/v-i/kea-spec.yaml +++ b/v-i/kea-spec.yaml @@ -1,5 +1,4 @@ hostname: kea -luks: asdf drive: /dev/sda extra_lvs: - name: home @@ -8,4 +7,4 @@ extra_lvs: ansible_vars_files: - hostid.yml ansible_vars: - passwordless_root: true + passwordless_root: true |