tursas: add

Signed-off-by: Lars Wirzenius <liw@liw.fi>
Sponsored-by: author

3 files changed, 277 insertions, 0 deletions

diff --git a/ansible/tursas.yml b/ansible/tursas.yml
new file mode 100644
index 0000000..6b62d34
--- /dev/null
+++ b/ansible/tursas.yml
@@ -0,0 +1,258 @@
+- hosts: tursas
+  remote_user: root
+  become: no
+  roles:
+    - role: sane_debian_system
+    - role: self-updating-system
+    - role: sshd
+    - role: ssd
+    - role: comfortable-debian-system
+    - role: intel-wifi
+    - role: gnupg-workstation
+    - role: gnome-system
+    - role: mail-client
+    - role: unix_users
+#     # - role: rust-rustup
+
+  tasks:
+    # Remove ping to force it be reinstalled so that the right
+    # capabilities are set.
+    - apt:
+        name: iputils-ping
+        state: absent
+
+    - apt:
+        name:
+          # - ambient-driver
+          # - asciidoctor
+          # - black
+          # - btrfs-progs
+          # - build-essential
+          # - cachedir
+          # - capnproto
+          # - clab
+          # - clang
+          # - daemonize
+          # - debhelper
+          # - expect
+          # - extrautils
+          - fio
+          # - firmware-misc-nonfree
+          # - fling
+          # - gddrescue
+          # - genisoimage
+          # - gimp
+          # - graphviz
+          # - inkscape
+          # - iputils-ping
+          # - jq
+          # - jt
+          # - libclang-dev
+          # - libdvd-pkg
+          # - librsvg2-bin
+          # - libsqlite3-dev
+          # - libssl-dev
+          # - libvirt-dev
+          # - linux-perf
+          # - liw-automation
+          # - llvm
+          # - lmodern
+          # - nettle-dev
+          # - nfs-common
+          # - obnam
+          # - obnam-benchmark
+          # - openpgp-ca
+          # - ovmf
+          # - pandoc
+          # - pandoc-filter-diagram
+          # - pathdedup
+          # - pavucontrol
+          # - pkg-config
+          # - plantuml
+          # - printer-driver-ptouch
+          # - python3
+          # - python3-requests
+          # - qemu-user-static
+          # - radicle
+          # - sequoia-chameleon-gnupg
+          # - shellcheck
+          # - sq-liw
+          # - sqlite3
+          # - sshca
+          # - subplot
+          # - summain
+          # - texlive-fonts-recommended
+          # - texlive-latex-base
+          # - texlive-latex-extra
+          # - texlive-latex-recommended
+          # - texlive-plain-generic
+          # - unicode
+          # - usbutils
+          # - uuid
+          # - validns
+          # - vlc
+          # - vobcopy
+          # - vmdb2
+          # - xpdf
+          # - zerofree
+
+    - name: install command line utilities
+      apt:
+        name:
+        - acpi
+        # - ambient-run
+        # - apt-file
+        # - bc
+        # - bind9-host
+        # - cryptsetup
+        # - curl
+        # - debmirror
+        # - dict
+        # - dict-foldoc
+        # - dict-gcide
+        # - dict-jargon
+        # - dict-vera
+        # - dict-wn
+        # - dictd
+        # - dnsutils
+        # - git-annex
+        # - htop
+        # - iftop
+        # - ikiwiki
+        # - info
+        # - jt
+        # - locales-all
+        # - lshw
+        # - lvm2
+        # - mmv
+        # - moreutils
+        # - mosh
+        # - mtr
+        # - nethogs
+        # - nmap
+        # - num-utils
+        # - oathtool
+        # - parted-doc
+        # - psmisc
+        # - pv
+        # - rsync
+        # - screen
+        # - strace
+        # - time
+        # - tmux
+        # - units
+        # - vim
+        # - w3m
+        # - whois
+        # - yaml-mode
+        # - zip
+        # - yaml-mode
+        # - zip
+        # - zoxide
+
+    # - name: configure dict
+    #   copy:
+    #     content: |
+    #       server localhost
+    #     dest: /etc/dictd/dict.conf
+
+    # - lineinfile:
+    #     path: /etc/gdm3/daemon.conf
+    #     regexp: WaylandEnable=
+    #     line: "# WaylandEnable=false"
+
+    # - lineinfile:
+    #     path: /etc/default/grub
+    #     regexp: GRUB_ENABLE_CRYPTODISK
+    #     line: "GRUB_ENABLE_CRYPTODISK=n"
+
+    # - lineinfile:
+    #     path: /etc/environment
+    #     regexp: MOZ_ENABLE_WAYLAND
+    #     line: "MOZ_ENABLE_WAYLAND=1"
+
+    # - shell: |
+    #     flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+
+    # - shell: |
+    #     env DEBIAN_FRONTEND=noninteractive dpkg-reconfigure libdvd-pkg
+
+    # - name: "create liw/.radicle/keys"
+    #   file:
+    #     state: directory
+    #     path: /home/liw/.radicle/keys
+    #     owner: liw
+    #     group: liw
+    #     mode: 0755
+
+    # - name: "install radicle private key"
+    #   copy:
+    #     content: "{{ radicle_key }}"
+    #     dest: /home/liw/.radicle/keys/radicle
+    #     owner: liw
+    #     group: liw
+    #     mode: 0600
+
+    # - name: "install radicle public key"
+    #   copy:
+    #     content: "{{ radicle_pub }}"
+    #     dest: /home/liw/.radicle/keys/radicle.pub
+    #     owner: liw
+    #     group: liw
+    #     mode: 0644
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bookworm
+    sane_debian_system_timezone: Europe/Helsinki
+    sane_debian_system_sources_lists:
+      - repo: |
+          deb http://deb.debian.org/debian bookworm contrib non-free non-free-firmware
+
+      - repo: |
+          deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+
+      - repo: |
+          deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+
+      # - repo: |
+      #     deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
+
+      - repo: deb http://apt.liw.fi/debian unstable main
+        signing_key: "{{ apt_liw_fi_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        groups:
+          - audio
+#          - bluetooth
+          - cdrom
+          - dialout
+          - dip
+          - floppy
+          - kvm
+          - netdev
+          - plugdev
+#          - scanner
+          - video
+
+    mailname: "tursas.liw.fi"
+    relayhost: pieni.net:587
+    smarthost: pieni.net
+    smarthost_user: pienirelay
+    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
+
+    sshd_version: 1
+
+    # rustup_cargo_install: |
+    #   cargo-cache \
+    #   pikchr-cli \
+    #   bottom
+
+    # radicle_key: "{{ lookup('pipe', 'pass radicle/liw/key') }}"
+    # radicle_pub: "{{ lookup('pipe', 'pass radicle/liw/key.pub') }}"
diff --git a/v-i/tursas-playbook.yml b/v-i/tursas-playbook.yml
new file mode 100644
index 0000000..bfec369
--- /dev/null
+++ b/v-i/tursas-playbook.yml
@@ -0,0 +1,6 @@
+- hosts: image
+  tasks:
+    - lineinfile:
+        path: /etc/systemd/network/external.network
+        regex: "^Name=eth"
+        line: "Name=eth?"
diff --git a/v-i/tursas-spec.yaml b/v-i/tursas-spec.yaml
new file mode 100644
index 0000000..c764796
--- /dev/null
+++ b/v-i/tursas-spec.yaml
@@ -0,0 +1,13 @@
+hostname: tursas
+# luks: asdf
+drive: /dev/nvme0n1
+extra_lvs:
+  - name: home
+    size: 10G
+    mounted: /home
+ansible_vars:
+  passwordless_root: true
+ansible_vars_files:
+  - hostid.yml
+extra_playbooks:
+  - tursas-playbook.yml