diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-12-08 11:30:50 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-12-08 11:30:50 +0200 |
commit | d972225408db4ac1d67a04f9413134a04527cf6b (patch) | |
tree | dc1a36f998237783a84e19073990f2148e57fedd /ansible/exolobe1.yml | |
parent | 3b6c92732e1c40ef5be6ccb398e8220eb435795f (diff) | |
download | ansibleness-d972225408db4ac1d67a04f9413134a04527cf6b.tar.gz |
exolobe1: install for normal desktop use
Sponsored-by: author
Diffstat (limited to 'ansible/exolobe1.yml')
-rw-r--r-- | ansible/exolobe1.yml | 324 |
1 files changed, 253 insertions, 71 deletions
diff --git a/ansible/exolobe1.yml b/ansible/exolobe1.yml index a424fe3..b995d63 100644 --- a/ansible/exolobe1.yml +++ b/ansible/exolobe1.yml @@ -2,92 +2,221 @@ remote_user: root become: no roles: - - sane_debian_system - - sshd - - unix_users - - version-controller - - gnome-system + - role: sane_debian_system + - role: sshd + - role: ssd + - role: unix_users + - role: comfortable-debian-system - intel-wifi - - rust-rustup + - role: chaoskey-host + - role: version-controller + - role: emacs + - role: gnome-system + - role: ansible + - role: vmhost + - role: smarthost-client + - role: mail-client + - role: annexed + - role: riot-host +# # - role: writing-dev-env +# # - role: journal-workstation +# # - role: debian-dev-env +# # - role: subplot-dev-env +# # - role: obnam-dev-env +# # - role: tex-dev-env +# # - role: python-dev-env + - role: rust-rustup + tags: [rustup] - liw + tasks: + # Remove ping to force it be reinstalled so that the right + # capabilities are set. + - apt: + name: iputils-ping + state: absent + - apt: name: + - bash-completion + - black - build-essential - - flatpak - - gnome-software-plugin-flatpak - - pavucontrol - - psmisc - - python3 - - usbutils - - uuid - - # - bash-completion - # - black - # - build-essential - # - cachedir - # - capnproto - # - clang - # - daemonize - # - debhelper - # - dh-cargo - # - expect - # - extrautils - # - fio - # - firmware-misc-nonfree - # - fling - # - gimp - # - graphviz - # - inkscape - # - iputils-ping - # - isync - # - jq - # - jt - # - libclang-dev + - cachedir + - capnproto + - clang + - daemonize + - debhelper + - dh-cargo + - expect + - extrautils + - fio + - firmware-misc-nonfree + - fling + - gddrescue + - gimp + - graphviz + - inkscape + - iputils-ping + - isync + - jq + - jt + - libclang-dev + - libdvd-pkg - librsvg2-bin - # - libsqlite3-dev - # - libssl-dev - # - libvirt-dev - # - linux-perf - # - liw-automation - # - llvm - # - lmodern - # - nettle-dev - # - nfs-common - # - obnam - # - obnam-benchmark - # - openpgp-ca + - libsqlite3-dev + - libssl-dev + - libvirt-dev + - linux-perf + - liw-automation + - llvm + - lmodern + - nettle-dev + - nfs-common + - obnam + - obnam-benchmark + - openpgp-ca - pandoc - pandoc-citeproc - pandoc-filter-diagram - # - pavucontrol - # - pkg-config - # - plantuml - # - printer-driver-ptouch - # - python3 - # - python3-requests - # - qemu-user-static - # - sequoia-chameleon-gnupg - # - shellcheck - # - sq-liw - # - sqlite3 - # - sshca - # - subplot - # - summain + - pavucontrol + - pkg-config + - plantuml + - printer-driver-ptouch + - python3 + - python3-requests + - qemu-user-static + - sequoia-chameleon-gnupg + - shellcheck + - sq-liw + - sqlite3 + - sshca + - subplot + - summain - texlive-fonts-recommended - texlive-latex-base - texlive-latex-extra - texlive-latex-recommended - texlive-plain-generic - # - usbutils - # - uuid - # - validns - # - vlc - # - vobcopy - # - vmdb2 - # - xpdf - # - zerofree + - usbutils + - uuid + - validns + - vlc + - vobcopy + - vmdb2 + - xpdf + - zerofree + + - name: install command line utilities + apt: + name: + - locales-all + - psmisc + - mosh + - rsync + - vim + - screen + - tmux + - strace + - gddrescue + - pv + - moreutils + - bind9-host + - dnsutils + - lshw + - curl + # - extrautils + # - liw-automation + # - copyright-statement-lint + - bc + - yaml-mode + - ikiwiki + - taskwarrior + - zip + # - cachedir + - debmirror + - git-annex + - iftop + - info + # - jt + - kpartx + - lftp + - mediainfo + - mmv + - mtr + - num-utils + - parted-doc + - trickle + - units + - w3m + - youtube-dl + - signing-party + - sshfs + - dict + - dictd + - dict-foldoc + - dict-gcide + - dict-jargon + - dict-vera + - dict-wn + - gnuplot + - acpi + - nmap + - nethogs + - time + - restic + - apt-file + - whois + - oathtool + - htop + - smartmontools + - bonnie++ + - mdadm + - hddtemp + - parted + - lvm2 + - cryptsetup + + - name: configure dict + copy: + content: | + server localhost + dest: /etc/dictd/dict.conf + + - lineinfile: + path: /etc/gdm3/daemon.conf + regexp: WaylandEnable= + line: WaylandEnable=false + + - name: "install necessary packages to use a Yubikey with LUKS" + apt: + name: + - yubikey-luks + - usbutils + + - name: "configure crypttab to use yubikey-luks key script" + crypttab: + name: pv0 + opts: keyscript=/usr/share/yubikey-luks/ykluks-keyscript + state: opts_present + + - name: "update initramfs" + shell: | + update-initramfs -u + + - apt: + name: + - libpam-yubico + + - file: + state: directory + path: /etc/yubikey_chalresp + mode: 0700 + - copy: + content: | + {{ lookup('pipe', 'pass libpam-yubico/liw/y6.chalresp') }} + dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y6.serial') }}" + mode: 0600 - shell: | flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo @@ -100,15 +229,68 @@ sane_debian_system_codename: bullseye sane_debian_system_timezone: Europe/Helsinki sane_debian_system_sources_lists: - - repo: deb http://deb.debian.org/debian stable contrib non-free + - repo: | + deb http://deb.debian.org/debian bullseye contrib non-free + + - repo: | + deb-src http://deb.debian.org/debian bullseye main contrib non-free + + - repo: | + deb http://security.debian.org/debian-security bullseye-security main contrib non-free + + - repo: | + deb http://code.liw.fi/debian unstable main + signing_key: "{{ code_liw_fi_signing_key }}" + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable main + signing_key: "{{ ci_prod_signing_key }}" + unix_users_version: 2 unix_users: - username: liw comment: Lars Wirzenius sudo: yes + groups: + - audio + - bluetooth + - cdrom + - dialout + - dip + - floppy + - libvirt + - netdev + - plugdev + - scanner + - video + + mailname: "{{ sane_debian_system_hostname }}.liw.fi" +# hostname: "{{ sane_debian_system_hostname }}" + relayhost: pieni.net:587 + smarthost: pieni.net + smarthost_user: pienirelay + smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" + + rustup_cargo_install: | + cargo-audit \ + cargo-deny \ + cargo-deps \ + bandwhich \ + bat \ + cargo-edit \ + cargo-geiger \ + cargo-outdated \ + flamegraph \ + hyperfine \ + ripgrep \ + tokei \ + zoxide \ + ytop + +# cargo-semver-checks \ +# starship \ sshd_version: 1 sshd_host_key: "{{ lookup('pipe', 'sshca host private-key exolobe1') }}" |