diff options
author | Lars Wirzenius <liw@liw.fi> | 2023-01-07 17:51:27 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2023-01-07 17:51:27 +0200 |
commit | 2456f2c82528f31835807addd4ac3b6e62252af9 (patch) | |
tree | eeb400bf3bcda02f4a426052b184c855dc926043 /ansible/maybe-someday | |
parent | 99257314d4fe7ea239d6306b0707e2fa8ad79e63 (diff) | |
download | ansibleness-2456f2c82528f31835807addd4ac3b6e62252af9.tar.gz |
drop old junk
Sponsored-by: author
Diffstat (limited to 'ansible/maybe-someday')
-rw-r--r-- | ansible/maybe-someday/apt-dev.yml | 78 | ||||
-rw-r--r-- | ansible/maybe-someday/billion.yml | 27 | ||||
-rw-r--r-- | ansible/maybe-someday/clab-dev.yml | 53 | ||||
-rw-r--r-- | ansible/maybe-someday/contractor-dev.yml | 48 | ||||
-rw-r--r-- | ansible/maybe-someday/debian-mirror.yml | 111 | ||||
-rw-r--r-- | ansible/maybe-someday/debmirror.yml | 41 | ||||
-rw-r--r-- | ansible/maybe-someday/ewww-dev.yml | 57 | ||||
-rw-r--r-- | ansible/maybe-someday/ewww-test.yml | 118 | ||||
-rw-r--r-- | ansible/maybe-someday/ick2-dev.yml | 50 | ||||
-rw-r--r-- | ansible/maybe-someday/jt-dev.yml | 50 | ||||
-rw-r--r-- | ansible/maybe-someday/letest-letest.vm.liw.fi.yml | 20 | ||||
-rw-r--r-- | ansible/maybe-someday/openpgp-ca-dev.yml | 48 | ||||
-rw-r--r-- | ansible/maybe-someday/openpgp-card-dev.yml | 56 | ||||
-rw-r--r-- | ansible/maybe-someday/python-mess.yml | 41 | ||||
-rw-r--r-- | ansible/maybe-someday/roadmap-dev.yml | 46 | ||||
-rw-r--r-- | ansible/maybe-someday/rust-dev.yml | 42 | ||||
-rw-r--r-- | ansible/maybe-someday/sq-test.yml | 160 | ||||
-rw-r--r-- | ansible/maybe-someday/ssh-dev.yml | 22 |
18 files changed, 1068 insertions, 0 deletions
diff --git a/ansible/maybe-someday/apt-dev.yml b/ansible/maybe-someday/apt-dev.yml new file mode 100644 index 0000000..54c3d99 --- /dev/null +++ b/ansible/maybe-someday/apt-dev.yml @@ -0,0 +1,78 @@ +- hosts: apt-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: comfortable-debian-system + tags: [comfy] + - role: unix_users + tags: [users] + - role: liw + tags: [liw] + tasks: + - apt: + update_cache: yes + name: + - debhelper + - build-essential + - git + - moreutils + - python3 + - cmake + - debhelper-compat + - docbook-xml + - docbook-xsl + - dpkg-dev + - expect + - gettext + - libgtest-dev + - libbz2-dev + - libdb-dev + - libgnutls28-dev + - libgcrypt20-dev + - liblz4-dev +# - liblzma-dev + - libseccomp-dev + - libsystemd-dev + - libudev-dev + - libxxhash-dev + - libzstd-dev + - ninja-build + - pkg-config + - po4a + - triehash + - xsltproc +# - zlib1g-dev + - doxygen + - graphviz + - w3m + + vars: + ansible_python_interpreter: python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: apt-dev + sane_debian_system_codename: bullseye + sane_debian_system_sources_lists: + - repo: deb-src http://deb.debian.org/debian bullseye main + + # - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + # signing_key: "{{ ci_prod_signing_key }}" + + timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: yes + authorized_keys: | + {{ liw_personal_ssh_pub }} + - username: debian + sudo: yes + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/billion.yml b/ansible/maybe-someday/billion.yml new file mode 100644 index 0000000..841ad45 --- /dev/null +++ b/ansible/maybe-someday/billion.yml @@ -0,0 +1,27 @@ +- hosts: billion + remote_user: debian + become: yes + roles: + - sane_debian_system + - role: sshd + tags: [sshd] + - comfortable-debian-system + - unix_users + - self-updating-system + tasks: + - apt: + name: + - btrfs-progs + vars: + sane_debian_system_version: 2 + sane_debian_system_hostname: billion + sane_debian_system_codename: bullseye + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: yes + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/clab-dev.yml b/ansible/maybe-someday/clab-dev.yml new file mode 100644 index 0000000..5d386e3 --- /dev/null +++ b/ansible/maybe-someday/clab-dev.yml @@ -0,0 +1,53 @@ +- hosts: clab-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: comfortable-debian-system + tags: [comfy] + - role: unix_users + tags: [users] + - role: liw + tags: [liw] + - role: rust-rustup + tags: [rustup] + tasks: + - apt: + name: + - debhelper + - build-essential + - dh-cargo + - git + - moreutils + - python3 + - python3-yaml + - subplot + - texlive-fonts-recommended + - texlive-latex-base + - texlive-latex-recommended + vars: + ansible_python_interpreter: python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: clab-dev + sane_debian_system_codename: bullseye + + timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: yes + - username: debian + sudo: yes + + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/contractor-dev.yml b/ansible/maybe-someday/contractor-dev.yml new file mode 100644 index 0000000..0ef3722 --- /dev/null +++ b/ansible/maybe-someday/contractor-dev.yml @@ -0,0 +1,48 @@ +- hosts: contractor-dev + remote_user: root + roles: + - role: sane_debian_system + tags: [sane] + - comfortable-debian-system + - unix_users + - version-controller + - vmhost + tasks: + - user: + name: liw + groups: + - kvm + - libvirt + - apt: + name: + - black + - vmdb2 + - subplot + - shell: | + virsh net-autostart default + virsh net-start default || true + - user: + name: liw + groups: [liw, kvm] + - copy: + content: | + {{ liw_personal_ssh_pub }} + dest: /home/liw/.ssh/liw-openpgp.pub + owner: liw + group: liw + mode: 0600 + + vars: + sane_debian_system_version: 2 + sane_debian_system_hostname: contractor-dev + sane_debian_system_codename: buster + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: yes + + sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" diff --git a/ansible/maybe-someday/debian-mirror.yml b/ansible/maybe-someday/debian-mirror.yml new file mode 100644 index 0000000..1b85a21 --- /dev/null +++ b/ansible/maybe-someday/debian-mirror.yml @@ -0,0 +1,111 @@ +- hosts: debian-mirror + remote_user: debian + become: yes + roles: + - role: sane_debian_system + - role: unix_users + - role: self-updating-system + - role: debian-mirror + tasks: + - name: "Install ewww" + apt: + name: + - curl + - ewww + - locales-all + - psmisc + - rsync + state: present + - name: "Create /srv/http" + file: + state: directory + path: /srv/http + owner: debmirror + group: debmirror + mode: 0755 + - name: "Create ewww config directory" + file: + state: directory + path: /etc/ewww + - name: "Install ewww config" + copy: + content: | + webroot: /srv/http + listen: "0.0.0.0:443" + tls_cert: /etc/ewww/tls.pem + tls_key: /etc/ewww/tls.key + dest: /etc/ewww/ewww.yaml + - name: "Install TLS cert" + copy: + content: | + -----BEGIN CERTIFICATE----- + MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx + EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz + NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7 + uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z + Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO + FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH + pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk + zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC + AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX + h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob + 7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk + xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa + WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP + NdZiSNvGZAbEnmMnNCEYMO3wVA== + -----END CERTIFICATE----- + dest: /etc/ewww/tls.pem + - name: "Install TLS key" + copy: + content: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP + +3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D + LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ + GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H + i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi + qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj + ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG + qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1 + iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T + AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K + EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7 + vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU + PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I + E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm + uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco + eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g + T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci + gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW + GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf + psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj + DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R + Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra + udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e + 4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI + cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g== + -----END RSA PRIVATE KEY----- + dest: /etc/ewww/tls.key + - name: "Enable and start ewww service" + systemd: + name: ewww + state: restarted + enabled: yes + daemon_reload: yes + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: debian-mirror + sane_debian_system_codename: bullseye + sane_debian_system_mirror: deb.debian.org + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: debmirror + - username: liw + comment: Lars Wirzenius diff --git a/ansible/maybe-someday/debmirror.yml b/ansible/maybe-someday/debmirror.yml new file mode 100644 index 0000000..88aa1c1 --- /dev/null +++ b/ansible/maybe-someday/debmirror.yml @@ -0,0 +1,41 @@ +- hosts: debmirror + remote_user: root + roles: + - role: sane_debian_system + - role: comfortable-debian-system + - role: unix_users + - role: apache_server + tags: [apache] + - role: self-updating-system + - role: debian-mirror + tags: [mirror] + - role: smarthost-client + vars: + sane_debian_system_version: 0 + unix_users_version: 0 + + hostname: debmirror + debian_codename: buster + debian_mirror: deb.debian.org + + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: yes + - username: debmirror + comment: Debian Mirror + + static_sites: + + - domain: debmirror + owner: debmirror + ownermail: liw@liw.fi + letsencrypt: no + + mailname: debmirror.liw.fi + timezone: Europe/Helsinki + + relayhost: pieni.net:587 + smarthost: pieni.net + smarthost_user: pienirelay + smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" diff --git a/ansible/maybe-someday/ewww-dev.yml b/ansible/maybe-someday/ewww-dev.yml new file mode 100644 index 0000000..5a24d37 --- /dev/null +++ b/ansible/maybe-someday/ewww-dev.yml @@ -0,0 +1,57 @@ +- hosts: ewww-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: comfortable-debian-system + tags: [comfy] + - role: unix_users + tags: [users] + - role: version-controller + tags: [vacs] + - role: liw + tags: [liw] + - role: rust-rustup + tags: [rustup] + tasks: + - apt: + name: + - debhelper + - build-essential + - dh-cargo + - daemonize + - git + - moreutils + - pkg-config + - python3 + - python3-requests + - python3-yaml + - subplot + - texlive-fonts-recommended + - texlive-latex-base + - texlive-latex-recommended + vars: + ansible_python_interpreter: python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: ewww-dev + sane_debian_system_codename: bullseye + + timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: debian + - username: liw + comment: Lars Wirzenius + sudo: yes + + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/ewww-test.yml b/ansible/maybe-someday/ewww-test.yml new file mode 100644 index 0000000..67b2123 --- /dev/null +++ b/ansible/maybe-someday/ewww-test.yml @@ -0,0 +1,118 @@ +- hosts: ewww-test + remote_user: debian + become: yes + roles: + - role: sane_debian_system + - role: sshd + tags: [sshd] + - role: unix_users + - role: self-updating-system + tasks: + - name: "Install ewww" + apt: + name: + - ewww + - psmisc + - curl + - rsync + state: present + - name: "Create /srv/http" + file: + state: directory + path: /srv/http + owner: _ewww + group: _ewww + mode: 0755 + - name: "Create ewww config directory" + file: + state: directory + path: /etc/ewww + - name: "Install ewww config" + copy: + content: | + webroot: /srv/http + listen: "0.0.0.0:443" + tls_cert: /etc/ewww/tls.pem + tls_key: /etc/ewww/tls.key + dest: /etc/ewww/ewww.yaml + - name: "Install TLS cert" + copy: + content: | + -----BEGIN CERTIFICATE----- + MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx + EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz + NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7 + uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z + Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO + FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH + pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk + zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC + AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX + h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob + 7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk + xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa + WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP + NdZiSNvGZAbEnmMnNCEYMO3wVA== + -----END CERTIFICATE----- + dest: /etc/ewww/tls.pem + - name: "Install TLS key" + copy: + content: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP + +3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D + LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ + GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H + i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi + qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj + ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG + qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1 + iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T + AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K + EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7 + vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU + PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I + E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm + uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco + eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g + T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci + gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW + GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf + psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj + DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R + Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra + udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e + 4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI + cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g== + -----END RSA PRIVATE KEY----- + dest: /etc/ewww/tls.key + - name: "Enable and start ewww service" + systemd: + name: ewww + state: restarted + enabled: yes + daemon_reload: yes + - name: "Add content file" + copy: + content: | + <html><body>Hello, World!</body></html> + dest: /srv/http/index.html + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: ewww-test + sane_debian_system_codename: bullseye + sane_debian_system_mirror: deb.debian.org + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: _ewww + comment: Static web site content + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/ick2-dev.yml b/ansible/maybe-someday/ick2-dev.yml new file mode 100644 index 0000000..6a8b0c6 --- /dev/null +++ b/ansible/maybe-someday/ick2-dev.yml @@ -0,0 +1,50 @@ +- hosts: ick2-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + - role: unix_users + - role: version-controller + - role: liw + tasks: + - name: "install build dependencies for Ick" + apt: + state: present + name: + - debhelper + - python3-all + - python3-bottle + - python-cliapp + - python3-cliapp + - python3-coverage-test-runner + - python3-apifw + - python3-slog + - python3-cryptography + - python3-requests + - python-requests + - pycodestyle + - gunicorn3 + - python3-yaml + - cmdtest + - copyright-statement-lint + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: ick2-dev + sane_debian_system_codename: buster + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: true + authorized_keys: | + {{ liw_personal_ssh_pub }} + ssh_key: | + {{ lookup('pipe', 'pass show ssh/liw@mirror-git') }} + ssh_key_pub: | + {{ lookup('pipe', 'pass show ssh/liw@mirror-git.pub') }} diff --git a/ansible/maybe-someday/jt-dev.yml b/ansible/maybe-someday/jt-dev.yml new file mode 100644 index 0000000..ccb405b --- /dev/null +++ b/ansible/maybe-someday/jt-dev.yml @@ -0,0 +1,50 @@ +- hosts: jt-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: comfortable-debian-system + tags: [comfy] + - role: unix_users + tags: [users] + - role: version-controller + tags: [vacs] + - role: liw + tags: [liw] + - role: rust-rustup + tags: [rustup] + tasks: + - apt: + name: + - black + - build-essential + - jq + - moreutils + - python3 + - subplot + - texlive-fonts-recommended + - texlive-latex-base + - texlive-latex-recommended + vars: + ansible_python_interpreter: python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: jt-dev + sane_debian_system_codename: bullseye + + timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/letest-letest.vm.liw.fi.yml b/ansible/maybe-someday/letest-letest.vm.liw.fi.yml new file mode 100644 index 0000000..c9555dc --- /dev/null +++ b/ansible/maybe-someday/letest-letest.vm.liw.fi.yml @@ -0,0 +1,20 @@ +- hosts: letest + remote_user: root + roles: +# - sane_debian_system +# - comfortable-debian-system +# - self-updating-system + - letest + vars: + sane_debian_system_version: 2 + unix_users_version: 1 + + hostname: letest + debian_codename: buster + debian_mirror: deb.debian.org + + unix_users: + - username: liw + comment: Lars Wirzenius + authorized_keys: | + {{ liw_personal_ssh_pub }} diff --git a/ansible/maybe-someday/openpgp-ca-dev.yml b/ansible/maybe-someday/openpgp-ca-dev.yml new file mode 100644 index 0000000..52afa6c --- /dev/null +++ b/ansible/maybe-someday/openpgp-ca-dev.yml @@ -0,0 +1,48 @@ +- hosts: openpgp-ca-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: version-controller + tags: [vcs] + - role: unix_users + tags: [users] + - role: rust-rustup + tags: [rustup] + - role: liw + tags: [liw] + + tasks: + - apt: + name: + - build-essential + - capnproto + - clang + - debhelper + - dh-cargo + - libclang-dev + - libsqlite3-dev + - libssl-dev + - llvm + - locales-all + - moreutils + - nettle-dev + - pkg-config + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: openpgp-ca-dev + sane_debian_system_codename: bullseye + sane_debian_system_timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/openpgp-card-dev.yml b/ansible/maybe-someday/openpgp-card-dev.yml new file mode 100644 index 0000000..30c528f --- /dev/null +++ b/ansible/maybe-someday/openpgp-card-dev.yml @@ -0,0 +1,56 @@ +- hosts: openpgp-card-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: version-controller + tags: [vcs] + - role: unix_users + tags: [users] + - role: rust-rustup + tags: [rustup] + - role: liw + tags: [liw] + + tasks: + - apt: + name: + - build-essential + - debhelper + - dh-cargo + - docker.io + - libclang-dev + - libpcsclite-dev + - lintian + - moreutils + - nettle-dev + - ntp + - pkg-config + - psmisc + - subplot + - user: + name: liw + groups: + - docker + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: "{{ inventory_hostname }}" + sane_debian_system_codename: bullseye + sane_debian_system_timezone: Europe/Helsinki + + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/python-mess.yml b/ansible/maybe-someday/python-mess.yml new file mode 100644 index 0000000..3cbdc91 --- /dev/null +++ b/ansible/maybe-someday/python-mess.yml @@ -0,0 +1,41 @@ +- hosts: python-mess + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: comfortable-debian-system + tags: [comfy] + - role: unix_users + tags: [users] + - role: version-controller + tags: [vcs] + - role: emacs + tags: [emacs] + - role: liw + tags: [liw] + tasks: + - apt: + name: + - build-essential + - python3-all + - python3-pip + vars: + ansible_python_interpreter: python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: python-mess + sane_debian_system_codename: bullseye + + timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: yes + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/roadmap-dev.yml b/ansible/maybe-someday/roadmap-dev.yml new file mode 100644 index 0000000..ac98d3a --- /dev/null +++ b/ansible/maybe-someday/roadmap-dev.yml @@ -0,0 +1,46 @@ +- hosts: roadmap-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: comfortable-debian-system + tags: [comfy] + - role: unix_users + tags: [users] + - role: version-controller + tags: [vacs] + - role: liw + tags: [liw] + - role: rust-rustup + tags: [rustup] + tasks: + - apt: + name: + - debhelper + - build-essential + - dh-cargo + - git + - moreutils + - python3 + - python3-requests + - python3-yaml + vars: + ansible_python_interpreter: python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: roadmap-dev + sane_debian_system_codename: bullseye + + timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + sudo: yes + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/rust-dev.yml b/ansible/maybe-someday/rust-dev.yml new file mode 100644 index 0000000..23d9ba5 --- /dev/null +++ b/ansible/maybe-someday/rust-dev.yml @@ -0,0 +1,42 @@ +- hosts: rust-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + tags: [sane] + - role: sshd + tags: [sshd] + - role: comfortable-debian-system + tags: [comfy] + - role: unix_users + tags: [users] + - role: version-controller + tags: [vacs] + - role: liw + tags: [liw] + - role: rust-rustup + tags: [rustup] + tasks: + - apt: + name: + - build-essential + vars: + ansible_python_interpreter: python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: rust-dev + sane_debian_system_codename: bullseye + + timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + sshd_version: 1 + sshd_allow_authorized_keys: yes diff --git a/ansible/maybe-someday/sq-test.yml b/ansible/maybe-someday/sq-test.yml new file mode 100644 index 0000000..5879ef1 --- /dev/null +++ b/ansible/maybe-someday/sq-test.yml @@ -0,0 +1,160 @@ +- hosts: sq-test + remote_user: root + roles: + - role: sane_debian_system + - role: comfortable-debian-system + - role: unix_users + - role: self-updating-system + tasks: + - apt: + name: + - bash-completion + - sq + state: present + - file: + path: /tmp/shared + state: directory + mode: 01777 + - copy: + content: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Comment: 010A B1FA 8E24 283F B898 3F52 9036 838A 283E 1AA9 + Comment: Lars Wirzenius + + xjMEYuzSFBYJKwYBBAHaRw8BAQdAkOVflgRACWQrysidOFgXUa5AmknlCt0Sb5U/ + kFHOHmzCwBEEHxYKAIMFgmLs0hQFiQWkj70DCwkHCRCQNoOKKD4aqUcUAAAAAAAe + ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmc0zoAeYXkSCb7SOLblaokA + uMiuMLNocIM4XSeEEVVdogMVCggCmwECHgEWIQQBCrH6jiQoP7iYP1KQNoOKKD4a + qQAAJvkBAPOvcIFKjV+RDssTF+M8ANsVPN8e9MCaHhF65o6dHtv2AQCyJVPftDH2 + ub9mr6bIPEUYJi6+imZX2Xa3C7SGNEe0Bc0OTGFycyBXaXJ6ZW5pdXPCwBQEExYK + AIYFgmLs0hQFiQWkj70DCwkHCRCQNoOKKD4aqUcUAAAAAAAeACBzYWx0QG5vdGF0 + aW9ucy5zZXF1b2lhLXBncC5vcmdy+aoELSz02TDwDO0w+j6N/Yg4vQ8Ws6cZeFQU + u0lkMAMVCggCmQECmwECHgEWIQQBCrH6jiQoP7iYP1KQNoOKKD4aqQAApqwBANTK + v3NN6xI8eH/TSbR+5VgrSiZj4mZoNCBQALpEQzT9AQCvrZmKNfeq77Q4SsEWUmD8 + dHb0eMsppyi0oW8itAuaC84zBGLs0hQWCSsGAQQB2kcPAQEHQGpPf6RSeuBlzhTS + 5J+yAYQNSKUC+RPYBiq3u1jkydJ9wsDFBBgWCgE3BYJi7NIUBYkFpI+9CRCQNoOK + KD4aqUcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcg7Rr7 + iOeL3SCZ2ecGO0/g/5CorBrxP8AlfuyWAJroeAKbAr6gBBkWCgBvBYJi7NIUCRCM + lfahnAL5XUcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmd1 + Jf5951yGEOtGCSw0BpWa4pPp6mR9hGGhMqpyA5sXkhYhBHTyxaykxgutnvUZlIyV + 9qGcAvldAAA+iAD/VOod7dIUrxPL23iUKYCe1OjQ+rOWrjzWr4lXh8MbYD8A/ium + ns8bmARpt2+VPqfbTQiESK5i+k3HFw2O2R3MP1EFFiEEAQqx+o4kKD+4mD9SkDaD + iig+GqkAAJo0AP9TWhlep2UnuQb1eqpyK7bxrpaPV/cR2v98DtxUcDZJPAEAyjcD + +AR1KC2VHF32JYHddbvEBG4YkRuslXpX8t46SQ3OMwRi7NIUFgkrBgEEAdpHDwEB + B0Dlc6Sa0OENRkXRlGSJx+TW6+QEK7WB8eIHikyxfK4hdcLABgQYFgoAeAWCYuzS + FAWJBaSPvQkQkDaDiig+GqlHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p + YS1wZ3Aub3JnadCLyuCKpqa7utZ+81jTDOpCgF1yoR/grzfb3h3H+0YCmyAWIQQB + CrH6jiQoP7iYP1KQNoOKKD4aqQAAY/gA/35WSxWkNURZdGOwKgBJtw5nc5K9s6nt + LefNkI/OB7O/AP98xXylCuzQNw7jbmkuwIyb3t1iyBUmBBkAkVHUVkEmCs44BGLs + 0hQSCisGAQQBl1UBBQEBB0B73lJoeEfLvaYgpYJiJcTnDPXon0TI3Kd37xa+8ieM + eAMBCAfCwAYEGBYKAHgFgmLs0hQFiQWkj70JEJA2g4ooPhqpRxQAAAAAAB4AIHNh + bHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZyeEI8W6tcOpWsDOVz9SqpQlgAlN + IzNCdED0mddImb5RApsMFiEEAQqx+o4kKD+4mD9SkDaDiig+GqkAAFxjAP40OKNA + IEx5tGJneoTLFFDYQUpstG6h7AZ36ooEaRIk5AEA6mUCs9JdJMElHa34g+txs7Pk + 3gygQYQtpkkeCXZ2tgc= + =YmSW + -----END PGP PUBLIC KEY BLOCK----- + dest: /home/liw/liw-pub.pgp + owner: liw + group: liw + - copy: + content: | + -----BEGIN PGP PRIVATE KEY BLOCK----- + Comment: 010A B1FA 8E24 283F B898 3F52 9036 838A 283E 1AA9 + Comment: Lars Wirzenius + + xVgEYuzSFBYJKwYBBAHaRw8BAQdAkOVflgRACWQrysidOFgXUa5AmknlCt0Sb5U/ + kFHOHmwAAP90GKYJ/CEDoZtNhVMCsXveNAmriM18VhfjQmoJVY9F8g6gwsARBB8W + CgCDBYJi7NIUBYkFpI+9AwsJBwkQkDaDiig+GqlHFAAAAAAAHgAgc2FsdEBub3Rh + dGlvbnMuc2VxdW9pYS1wZ3Aub3JnNM6AHmF5Egm+0ji25WqJALjIrjCzaHCDOF0n + hBFVXaIDFQoIApsBAh4BFiEEAQqx+o4kKD+4mD9SkDaDiig+GqkAACb5AQDzr3CB + So1fkQ7LExfjPADbFTzfHvTAmh4ReuaOnR7b9gEAsiVT37Qx9rm/Zq+myDxFGCYu + vopmV9l2twu0hjRHtAXNDkxhcnMgV2lyemVuaXVzwsAUBBMWCgCGBYJi7NIUBYkF + pI+9AwsJBwkQkDaDiig+GqlHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p + YS1wZ3Aub3JncvmqBC0s9Nkw8AztMPo+jf2IOL0PFrOnGXhUFLtJZDADFQoIApkB + ApsBAh4BFiEEAQqx+o4kKD+4mD9SkDaDiig+GqkAAKasAQDUyr9zTesSPHh/00m0 + fuVYK0omY+JmaDQgUAC6REM0/QEAr62ZijX3qu+0OErBFlJg/HR29HjLKacotKFv + IrQLmgvHWARi7NIUFgkrBgEEAdpHDwEBB0BqT3+kUnrgZc4U0uSfsgGEDUilAvkT + 2AYqt7tY5MnSfQABAIPRid4IAhZwCvDmr27PF78T/0VSA2gtlwouA8yvb7HsDojC + wMUEGBYKATcFgmLs0hQFiQWkj70JEJA2g4ooPhqpRxQAAAAAAB4AIHNhbHRAbm90 + YXRpb25zLnNlcXVvaWEtcGdwLm9yZyDtGvuI54vdIJnZ5wY7T+D/kKisGvE/wCV+ + 7JYAmuh4ApsCvqAEGRYKAG8FgmLs0hQJEIyV9qGcAvldRxQAAAAAAB4AIHNhbHRA + bm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ3Ul/n3nXIYQ60YJLDQGlZrik+nqZH2E + YaEyqnIDmxeSFiEEdPLFrKTGC62e9RmUjJX2oZwC+V0AAD6IAP9U6h3t0hSvE8vb + eJQpgJ7U6ND6s5auPNaviVeHwxtgPwD+K6aezxuYBGm3b5U+p9tNCIRIrmL6TccX + DY7ZHcw/UQUWIQQBCrH6jiQoP7iYP1KQNoOKKD4aqQAAmjQA/1NaGV6nZSe5BvV6 + qnIrtvGulo9X9xHa/3wO3FRwNkk8AQDKNwP4BHUoLZUcXfYlgd11u8QEbhiRG6yV + elfy3jpJDcdYBGLs0hQWCSsGAQQB2kcPAQEHQOVzpJrQ4Q1GRdGUZInH5Nbr5AQr + tYHx4geKTLF8riF1AAEAx8kFIwgl9lPJI91ZUXBK9nj8BAChRHHiq1YJI+heIUoN + 4MLABgQYFgoAeAWCYuzSFAWJBaSPvQkQkDaDiig+GqlHFAAAAAAAHgAgc2FsdEBu + b3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnadCLyuCKpqa7utZ+81jTDOpCgF1yoR/g + rzfb3h3H+0YCmyAWIQQBCrH6jiQoP7iYP1KQNoOKKD4aqQAAY/gA/35WSxWkNURZ + dGOwKgBJtw5nc5K9s6ntLefNkI/OB7O/AP98xXylCuzQNw7jbmkuwIyb3t1iyBUm + BBkAkVHUVkEmCsddBGLs0hQSCisGAQQBl1UBBQEBB0B73lJoeEfLvaYgpYJiJcTn + DPXon0TI3Kd37xa+8ieMeAMBCAcAAP9ou8Z/+/40YzSNg9fTYC33bJCA/IFb7V+N + XGhehUoNcBIEwsAGBBgWCgB4BYJi7NIUBYkFpI+9CRCQNoOKKD4aqUcUAAAAAAAe + ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcnhCPFurXDqVrAzlc/UqqU + JYAJTSMzQnRA9JnXSJm+UQKbDBYhBAEKsfqOJCg/uJg/UpA2g4ooPhqpAABcYwD+ + NDijQCBMebRiZ3qEyxRQ2EFKbLRuoewGd+qKBGkSJOQBAOplArPSXSTBJR2t+IPr + cbOz5N4MoEGELaZJHgl2drYH + =DO2c + -----END PGP PRIVATE KEY BLOCK----- + dest: /home/liw/liw.pgp + owner: liw + group: liw + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: shell + sane_debian_system_codename: bullseye + sane_debian_system_mirror: deb.debian.org + sane_debian_system_sources_lists: + - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main + signing_key: "{{ ci_prod_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: root + authorized_keys: | + {{ liw_hetzner_ssh_pub }} + - username: liw + comment: Lars Wirzenius + authorized_keys: | + {{ liw_hetzner_ssh_pub }} + - username: volunteer1 + comment: sq volunteer + authorized_keys: | + {{ liw_hetzner_ssh_pub }} +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZdyfLIkIPT49xv3wHurk97Q4Iv2+E8vzBdLl9FEt/m + - username: volunteer2 + comment: sq volunteer + authorized_keys: | + {{ liw_hetzner_ssh_pub }} +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnYWSq0gnmLnshJdikKT65NJcuKRXa7RAsyUraqha0V + - username: volunteer3 + comment: sq volunteer + authorized_keys: | + {{ liw_hetzner_ssh_pub }} +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY4VaVEXyQpV7knCanFU4oNb8+Tuz2ef8HvMD8fYPhA + - username: volunteer4 + comment: sq volunteer + authorized_keys: | + {{ liw_hetzner_ssh_pub }} +# ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIcY2jjbtV2OnQourPizkXbgLfJJVi4orUdeuvgiM6alHiPmuo/Feya+R+GuLgxoJYXHIk82ZZSHS9LGGNrXrHJIvrCva7CC5XPdUrgGjZRCHnHXI1Ly7Grw1fa/We8a1PoxISxDGRy9NTwqChm8qGEG8Gm4eH7DOXrJCgUoI04oCp/gEfRL+wF0A2/FZvpG7zSuYReJsdIa733t+CpltVTlJS9iCdUFuYkzKzhp01r6sw7Kp3PuzaU2xi2nxBP8K9nBW85UB4q42RdoDHASTcIZE3uss4XzdRQPOurvoppzV7MzGtegCPY65t3MMDJtVKmhAYc4OEZKu4+8cnOd1Wre2rLARFHw/u881QfNjDwN2+oMnmJo45YHM45GIIXhFr+Hs44TJEuons9rA933MW8vjLTNzyKSNK5TXfzg9oqD+Gc3ATwooTPBf+EaN2i5D4DGxX6l7xsRoBXD6DidLRoN9iD1pVVJRpE7q9lRU0GaUMdNC2RRtUk36BZDpmKoyBsuFDLgOUSbKFPOG7378LYC9MQmB0RR2VW0g0x01MGfd7UNX9cpHuJNjRikfqF8Lm4Y7UAkyF498MFbkZPaKpGPFxbUARghryrLRkVjDyqwDAIlOgjjdN2KOGLIB+rgjRnuEvHoshnr1MADlGHBocfX4LO0ABxMNcCB3RU/t26w== + - username: volunteer5 + comment: sq volunteer + authorized_keys: | + {{ liw_hetzner_ssh_pub }} + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/0/n02JFJXtuBOUbu34Hm5xQ9CuiQtthsxPkfnIOhfC4Gx2tNWgcygnZTUh0ymDutQugJVKKj2nHJoKVJUeecroqW7VdR8omfWJGTST9CxJhubMuJnD4dnRVnvsLvmPN5X2ELaoQU7H4Ia4/P596kH9aw3/b07mx+xf0wg9OCLf7q3dNjBUR9ztqR253hjRA9yi4yut3sNosDwtfzbDhypDsG+fzve/bUH13X3Et+pUD3GWRkEjbTUv6qTxob+xlSBRVHviCiQG0MAcW+YAOyvG/REzONGoMufiP9ozgrx46Qn1Ey1bh6POBQjgE8zaajOHn4f63j5sir1aezRmSd7l6yAB/YwyFHuSXY4TkWmiWLaFw0EB4E3A2M8qACjsH173gVh+BlnRot+AYzpJ2oDIluQrTzcY558AYuRb4u0jfRfsnDdt3aifSnLXkF2cw46zB8nBDY789adhvoyX+HR/igA2W2Ljl1i15zHeo8IqI8kgNnghxaSYGisBAUO5oQWsgGoDV5rNz00MZT3IXkG5NN+Diaep0rJBteaqMYQWD/Nr2A/Oq7f7Q47Z9i378kWQywlSk6M252fRh8+sJLCzMFd9sH/MPIEk1HiX3umZoEdfU4/bULYBL6q8ePXC7wSaW7eOL5b0/za0NwTZRL9UC4uduEQC1t/HWuJ3OB+w== + - username: volunteer6 + comment: sq volunteer + authorized_keys: | + {{ liw_hetzner_ssh_pub }} + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqhNi9rrxfK6Rn2rsoJZbBmxWmPoqftMOTf7LD+1K99sOUmwCM+bqoPt7pHl/JsxOpAilfD5lVQ9m+4Xutjtaenf98jnO8Gi3h7xMsUZRaU0T3gCmKq/T1B9N3/YSWosPHAHvRfeu9zr6rJj7gxMAJ7Ab+Ix7t60j6iAGkX+LuyC9VQ5GR1SGC76a3TMHYrgR0VBYohFTzFqhVquubTEtUZrvZy/kNkKb5XvgiCLCNyFfO1huq/c3hDFUnQvP6/0MSGJq/FRqwPdLLOcRDaBQpw942JC0Xh0+0qOJVIpdRfdM/83NBsBIJKNqR2eWYHoW2brTKjxHPsRNtKjn6AgKj + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYbT9Mw8v+C2SdqjFhWCmR2IrurUoZJBxTw1WsO1JkcXdcl7PX/jaQoVlAolI3P2iF9wHO9SwG8LLRObjtjOWzHOGtk+GGwRpxFYgu2a+y3mSu50UwOCJeROWerVfra0/E0JuWkAWAlVzrfcBApXx+g/IY/gH9jb4/ErEqysAE4BcsQSQ25FgtZVj97emSW1Ozzd68X7i6i6KX9W778Guq9XOxS7n+hX+0+yCibMBvW+hBK9HhJba5QvQtZ6msaw9wvWWbfr0T3IknrbRhZAGoNcQ0DW++vrv2+8pvOhcTdXIWsNF/WFIqBAcZmFHR6iKZAnx/pxW2ZM4N+IPT4zX12PsMWPZQqBQxMXy/MIEsAby/NlMK9XO3L1K8WqOqLwnjIJ0YUbsaTkaE1REHY17LuQgmu2UXm4cpTHyzEVBz48PeCh6jqoP4Wd/YQ+VtLZiSqjsP7leU9mvd06mFoBk/z4KeaM7dKqWTUxwwXRJ0HDTb3CaYgy3GF+FtZWAcsKv6X32GEV8lYsrOFSUPXUhPuoJZR12BLuJRCv2kk7rlIjVIAZjG0r84PRWKgNXNmFW9dtpnQmaZnOqeLwIBepQsdb2I5NWUItg4YUp3M8Ne/+KAywH5Zx9FHjCn4PNNKYoYKLYb1D/FW03UECa2Jv+ygi+1iYNgUA8uA4CX2vYXEw== + - username: volunteer7 + comment: sq volunteer + authorized_keys: | + {{ liw_hetzner_ssh_pub }} +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZAUtpJZ3I3alPpJuvAqsjixoO+WWRxFTKauJKe2Lup diff --git a/ansible/maybe-someday/ssh-dev.yml b/ansible/maybe-someday/ssh-dev.yml new file mode 100644 index 0000000..3b05e70 --- /dev/null +++ b/ansible/maybe-someday/ssh-dev.yml @@ -0,0 +1,22 @@ +- hosts: ssh-dev + remote_user: debian + become: yes + roles: + - role: sane_debian_system + - role: sshd + tags: [sshd] + - role: unix_users + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: "{{ inventory_hostname }}" + sane_debian_system_codename: bullseye + sane_debian_system_mirror: deb.debian.org + + unix_users_version: 2 + unix_users: + - username: liw + + sshd_version: 1 + sshd_allow_authorized_keys: yes |