summaryrefslogtreecommitdiff
path: root/ansible
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2024-03-24 08:11:39 +0200
committerLars Wirzenius <liw@liw.fi>2024-03-24 08:11:39 +0200
commit0461f36853595f5500cd203ba61bfbdbed6ad239 (patch)
tree35c66079c170972f043ce2fe0b3a982131e27ad0 /ansible
parent26ba6bdcc632cfdebd868504590577913546d27b (diff)
downloadansibleness-main.tar.gz
kea updates for Puomi testingHEADmain
Diffstat (limited to 'ansible')
-rw-r--r--ansible/kea.yml69
1 files changed, 15 insertions, 54 deletions
diff --git a/ansible/kea.yml b/ansible/kea.yml
index 8841b9b..b21f6be 100644
--- a/ansible/kea.yml
+++ b/ansible/kea.yml
@@ -3,74 +3,35 @@
become: no
roles:
- role: sane_debian_system
- tags: [sane]
- comfortable-debian-system
- - gnome-system
- - mail-client
- intel-wifi
- - self-updating-system
- ssd
+ - sshd
- unix_users
- tasks:
- - lineinfile:
- path: /etc/gdm3/daemon.conf
- regex: WaylandEnable
- line: WaylandEnable=false
- - apt:
- name:
- - flatpak
- - gnome-software-plugin-flatpak
- - cups
- - nfs-common
- - ufw
- - apt:
- deb: https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
- - shell:
- flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
- - ufw:
- state: enabled
- policy: deny
- - ufw:
- port: ssh
- rule: allow
+ - puomi
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
- sane_debian_system_hostname: kea
- sane_debian_system_codename: bullseye
+ sane_debian_system_hostname: "{{ inventory_hostname }}"
+ sane_debian_system_codename: bookworm
sane_debian_system_timezone: Europe/Helsinki
sane_debian_system_sources_lists:
- repo: |
- deb http://deb.debian.org/debian bullseye contrib non-free
+ deb http://deb.debian.org/debian bookworm contrib non-free
- repo: |
- deb-src http://deb.debian.org/debian bullseye main contrib non-free
-
- - repo: |
- deb http://security.debian.org/debian-security bullseye-security main contrib non-free
+ deb http://security.debian.org/debian-security bookworm-security main contrib non-free
unix_users_version: 2
unix_users:
- - username: soile
- comment: Soile Mottisenkangas
- groups:
- - audio
- - bluetooth
- - cdrom
- - dialout
- - dip
- - floppy
- - netdev
- - plugdev
- - scanner
- - video
- authorized_keys: |
- {{ liw_personal_ssh_pub }}
+ - username: liw
+ comment: Lars Wirzenius
+
+ sshd_version: 1
+ sshd_host_key: "{{ lookup('pipe', 'sshca host private-key kea') }}"
+ sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 kea') }}"
+ sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
- mailname: kea.liw.fi
- hostname: "{{ sane_debian_system_hostname }}"
- relayhost: pieni.net:587
- smarthost: pieni.net
- smarthost_user: pienirelay
- smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
+ puomi_version: 1
+ puomi_lan_ip: 10.2.0.1