apt.liw.fi: fixes

Sponsored-by: author

1 files changed, 43 insertions, 0 deletions

diff --git a/ansible/apt.liw.fi.yml b/ansible/apt.liw.fi.yml
new file mode 100644
index 0000000..ad29b9c
--- /dev/null
+++ b/ansible/apt.liw.fi.yml
@@ -0,0 +1,43 @@
+- hosts: apt.liw.fi
+  remote_user: root
+  roles:
+    - role: sane_debian_system
+    - role: sshd
+    - role: unix_users
+    - role: apt-repository
+  vars:
+    ansible_python_interpreter: python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bookworm
+
+    timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: apt
+        comment: Owner of APT repository
+      - username: incoming
+        comment: APT incoming packages
+        authorized_keys: |
+          {{ apt_uploader_ssh_pub_keys }}
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+
+    sshd_version: 1
+
+    apt_uploader_ssh_pub_keys: |
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP
+    apt_admin_email: liw@liw.fi
+    apt_domain: apt.liw.fi
+    apt_distributions:
+      - codename: unstable-ci
+        description: CI builds for unstable
+      - codename: unstable
+        description: builds for unstable
+    apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}"
+    apt_signing_key_pub: "{{ lookup('pipe', 'pass show ick2/apt_key.pub') }}"
+    apt_signing_key_fingerprint: |
+      {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --show-keys --with-colons | grep "^fpr:" | cut -d: -f10') }}