drop old junk

Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2023-01-07 17:51:27 +0200
committer: Lars Wirzenius <liw@liw.fi> 2023-01-07 17:51:27 +0200
commit: 2456f2c82528f31835807addd4ac3b6e62252af9 (patch)
tree: eeb400bf3bcda02f4a426052b184c855dc926043 /ansible/maybe-someday
parent: 99257314d4fe7ea239d6306b0707e2fa8ad79e63 (diff)
download: ansibleness-2456f2c82528f31835807addd4ac3b6e62252af9.tar.gz
18 files changed, 1068 insertions, 0 deletions
diff --git a/ansible/maybe-someday/apt-dev.yml b/ansible/maybe-someday/apt-dev.yml
new file mode 100644
index 0000000..54c3d99
--- /dev/null
+++ b/ansible/maybe-someday/apt-dev.yml
@@ -0,0 +1,78 @@
+- hosts: apt-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: comfortable-debian-system
+      tags: [comfy]
+    - role: unix_users
+      tags: [users]
+    - role: liw
+      tags: [liw]
+  tasks:
+    - apt:
+        update_cache: yes
+        name:
+          - debhelper
+          - build-essential
+          - git
+          - moreutils
+          - python3
+          - cmake
+          - debhelper-compat
+          - docbook-xml
+          - docbook-xsl
+          - dpkg-dev
+          - expect
+          - gettext
+          - libgtest-dev
+          - libbz2-dev
+          - libdb-dev
+          - libgnutls28-dev
+          - libgcrypt20-dev
+          - liblz4-dev
+#          - liblzma-dev
+          - libseccomp-dev
+          - libsystemd-dev
+          - libudev-dev
+          - libxxhash-dev
+          - libzstd-dev
+          - ninja-build
+          - pkg-config
+          - po4a
+          - triehash
+          - xsltproc
+#          - zlib1g-dev
+          - doxygen
+          - graphviz
+          - w3m
+
+  vars:
+    ansible_python_interpreter: python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: apt-dev
+    sane_debian_system_codename: bullseye
+    sane_debian_system_sources_lists:
+      - repo: deb-src http://deb.debian.org/debian bullseye main
+
+    #   - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+    #     signing_key: "{{ ci_prod_signing_key }}"
+
+    timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+        authorized_keys: |
+          {{ liw_personal_ssh_pub }}
+      - username: debian
+        sudo: yes
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/billion.yml b/ansible/maybe-someday/billion.yml
new file mode 100644
index 0000000..841ad45
--- /dev/null
+++ b/ansible/maybe-someday/billion.yml
@@ -0,0 +1,27 @@
+- hosts: billion
+  remote_user: debian
+  become: yes
+  roles:
+    - sane_debian_system
+    - role: sshd
+      tags: [sshd]
+    - comfortable-debian-system
+    - unix_users
+    - self-updating-system
+  tasks:
+    - apt:
+        name:
+          - btrfs-progs
+  vars:
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: billion
+    sane_debian_system_codename: bullseye
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/clab-dev.yml b/ansible/maybe-someday/clab-dev.yml
new file mode 100644
index 0000000..5d386e3
--- /dev/null
+++ b/ansible/maybe-someday/clab-dev.yml
@@ -0,0 +1,53 @@
+- hosts: clab-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: comfortable-debian-system
+      tags: [comfy]
+    - role: unix_users
+      tags: [users]
+    - role: liw
+      tags: [liw]
+    - role: rust-rustup
+      tags: [rustup]
+  tasks:
+    - apt:
+        name:
+          - debhelper
+          - build-essential
+          - dh-cargo
+          - git
+          - moreutils
+          - python3
+          - python3-yaml
+          - subplot
+          - texlive-fonts-recommended
+          - texlive-latex-base
+          - texlive-latex-recommended
+  vars:
+    ansible_python_interpreter: python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: clab-dev
+    sane_debian_system_codename: bullseye
+
+    timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+      - username: debian
+        sudo: yes
+
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/contractor-dev.yml b/ansible/maybe-someday/contractor-dev.yml
new file mode 100644
index 0000000..0ef3722
--- /dev/null
+++ b/ansible/maybe-someday/contractor-dev.yml
@@ -0,0 +1,48 @@
+- hosts: contractor-dev
+  remote_user: root
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - comfortable-debian-system
+    - unix_users
+    - version-controller
+    - vmhost
+  tasks:
+    - user:
+        name: liw
+        groups:
+          - kvm
+          - libvirt
+    - apt:
+        name:
+          - black
+          - vmdb2
+          - subplot
+    - shell: |
+        virsh net-autostart default
+        virsh net-start default || true
+    - user:
+        name: liw
+        groups: [liw, kvm]
+    - copy:
+        content: |
+          {{ liw_personal_ssh_pub }}
+        dest: /home/liw/.ssh/liw-openpgp.pub
+        owner: liw
+        group: liw
+        mode: 0600
+
+  vars:
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: contractor-dev
+    sane_debian_system_codename: buster
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+
+    sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
diff --git a/ansible/maybe-someday/debian-mirror.yml b/ansible/maybe-someday/debian-mirror.yml
new file mode 100644
index 0000000..1b85a21
--- /dev/null
+++ b/ansible/maybe-someday/debian-mirror.yml
@@ -0,0 +1,111 @@
+- hosts: debian-mirror
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+    - role: unix_users
+    - role: self-updating-system
+    - role: debian-mirror
+  tasks:
+    - name: "Install ewww"
+      apt:
+        name:
+          - curl
+          - ewww
+          - locales-all
+          - psmisc
+          - rsync
+        state: present
+    - name: "Create /srv/http"
+      file:
+        state: directory
+        path: /srv/http
+        owner: debmirror
+        group: debmirror
+        mode: 0755
+    - name: "Create ewww config directory"
+      file:
+        state: directory
+        path: /etc/ewww
+    - name: "Install ewww config"
+      copy:
+        content: |
+          webroot: /srv/http
+          listen: "0.0.0.0:443"
+          tls_cert: /etc/ewww/tls.pem
+          tls_key: /etc/ewww/tls.key
+        dest: /etc/ewww/ewww.yaml
+    - name: "Install TLS cert"
+      copy:
+        content: |
+          -----BEGIN CERTIFICATE-----
+          MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx
+          EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz
+          NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+          ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7
+          uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z
+          Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO
+          FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH
+          pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk
+          zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC
+          AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX
+          h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob
+          7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk
+          xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa
+          WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP
+          NdZiSNvGZAbEnmMnNCEYMO3wVA==
+          -----END CERTIFICATE-----
+        dest: /etc/ewww/tls.pem
+    - name: "Install TLS key"
+      copy:
+        content: |
+          -----BEGIN RSA PRIVATE KEY-----
+          MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP
+          +3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D
+          LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ
+          GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H
+          i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi
+          qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj
+          ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG
+          qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1
+          iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T
+          AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K
+          EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7
+          vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU
+          PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I
+          E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm
+          uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco
+          eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g
+          T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci
+          gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW
+          GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf
+          psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj
+          DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R
+          Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra
+          udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e
+          4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI
+          cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g==
+          -----END RSA PRIVATE KEY-----
+        dest: /etc/ewww/tls.key
+    - name: "Enable and start ewww service"
+      systemd:
+        name: ewww
+        state: restarted
+        enabled: yes
+        daemon_reload: yes
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: debian-mirror
+    sane_debian_system_codename: bullseye
+    sane_debian_system_mirror: deb.debian.org
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: debmirror
+      - username: liw
+        comment: Lars Wirzenius
diff --git a/ansible/maybe-someday/debmirror.yml b/ansible/maybe-someday/debmirror.yml
new file mode 100644
index 0000000..88aa1c1
--- /dev/null
+++ b/ansible/maybe-someday/debmirror.yml
@@ -0,0 +1,41 @@
+- hosts: debmirror
+  remote_user: root
+  roles:
+    - role: sane_debian_system
+    - role: comfortable-debian-system
+    - role: unix_users
+    - role: apache_server
+      tags: [apache]
+    - role: self-updating-system
+    - role: debian-mirror
+      tags: [mirror]
+    - role: smarthost-client
+  vars:
+    sane_debian_system_version: 0
+    unix_users_version: 0
+
+    hostname: debmirror
+    debian_codename: buster
+    debian_mirror: deb.debian.org
+
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+      - username: debmirror
+        comment: Debian Mirror
+
+    static_sites:
+
+      - domain: debmirror
+        owner: debmirror
+        ownermail: liw@liw.fi
+        letsencrypt: no
+
+    mailname: debmirror.liw.fi
+    timezone: Europe/Helsinki
+
+    relayhost: pieni.net:587
+    smarthost: pieni.net
+    smarthost_user: pienirelay
+    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
diff --git a/ansible/maybe-someday/ewww-dev.yml b/ansible/maybe-someday/ewww-dev.yml
new file mode 100644
index 0000000..5a24d37
--- /dev/null
+++ b/ansible/maybe-someday/ewww-dev.yml
@@ -0,0 +1,57 @@
+- hosts: ewww-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: comfortable-debian-system
+      tags: [comfy]
+    - role: unix_users
+      tags: [users]
+    - role: version-controller
+      tags: [vacs]
+    - role: liw
+      tags: [liw]
+    - role: rust-rustup
+      tags: [rustup]
+  tasks:
+    - apt:
+        name:
+          - debhelper
+          - build-essential
+          - dh-cargo
+          - daemonize
+          - git
+          - moreutils
+          - pkg-config
+          - python3
+          - python3-requests
+          - python3-yaml
+          - subplot
+          - texlive-fonts-recommended
+          - texlive-latex-base
+          - texlive-latex-recommended
+  vars:
+    ansible_python_interpreter: python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: ewww-dev
+    sane_debian_system_codename: bullseye
+
+    timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: debian
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/ewww-test.yml b/ansible/maybe-someday/ewww-test.yml
new file mode 100644
index 0000000..67b2123
--- /dev/null
+++ b/ansible/maybe-someday/ewww-test.yml
@@ -0,0 +1,118 @@
+- hosts: ewww-test
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+    - role: sshd
+      tags: [sshd]
+    - role: unix_users
+    - role: self-updating-system
+  tasks:
+    - name: "Install ewww"
+      apt:
+        name:
+          - ewww
+          - psmisc
+          - curl
+          - rsync
+        state: present
+    - name: "Create /srv/http"
+      file:
+        state: directory
+        path: /srv/http
+        owner: _ewww
+        group: _ewww
+        mode: 0755
+    - name: "Create ewww config directory"
+      file:
+        state: directory
+        path: /etc/ewww
+    - name: "Install ewww config"
+      copy:
+        content: |
+          webroot: /srv/http
+          listen: "0.0.0.0:443"
+          tls_cert: /etc/ewww/tls.pem
+          tls_key: /etc/ewww/tls.key
+        dest: /etc/ewww/ewww.yaml
+    - name: "Install TLS cert"
+      copy:
+        content: |
+          -----BEGIN CERTIFICATE-----
+          MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx
+          EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz
+          NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
+          ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7
+          uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z
+          Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO
+          FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH
+          pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk
+          zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC
+          AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX
+          h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob
+          7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk
+          xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa
+          WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP
+          NdZiSNvGZAbEnmMnNCEYMO3wVA==
+          -----END CERTIFICATE-----
+        dest: /etc/ewww/tls.pem
+    - name: "Install TLS key"
+      copy:
+        content: |
+          -----BEGIN RSA PRIVATE KEY-----
+          MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP
+          +3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D
+          LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ
+          GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H
+          i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi
+          qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj
+          ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG
+          qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1
+          iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T
+          AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K
+          EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7
+          vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU
+          PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I
+          E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm
+          uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco
+          eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g
+          T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci
+          gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW
+          GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf
+          psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj
+          DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R
+          Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra
+          udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e
+          4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI
+          cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g==
+          -----END RSA PRIVATE KEY-----
+        dest: /etc/ewww/tls.key
+    - name: "Enable and start ewww service"
+      systemd:
+        name: ewww
+        state: restarted
+        enabled: yes
+        daemon_reload: yes
+    - name: "Add content file"
+      copy:
+        content: |
+          <html><body>Hello, World!</body></html>
+        dest: /srv/http/index.html
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: ewww-test
+    sane_debian_system_codename: bullseye
+    sane_debian_system_mirror: deb.debian.org
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: _ewww
+        comment: Static web site content
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/ick2-dev.yml b/ansible/maybe-someday/ick2-dev.yml
new file mode 100644
index 0000000..6a8b0c6
--- /dev/null
+++ b/ansible/maybe-someday/ick2-dev.yml
@@ -0,0 +1,50 @@
+- hosts: ick2-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+    - role: unix_users
+    - role: version-controller
+    - role: liw
+  tasks:
+    - name: "install build dependencies for Ick"
+      apt:
+        state: present
+        name:
+          - debhelper
+          - python3-all
+          - python3-bottle
+          - python-cliapp
+          - python3-cliapp
+          - python3-coverage-test-runner
+          - python3-apifw
+          - python3-slog
+          - python3-cryptography
+          - python3-requests
+          - python-requests
+          - pycodestyle
+          - gunicorn3
+          - python3-yaml
+          - cmdtest
+          - copyright-statement-lint
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: ick2-dev
+    sane_debian_system_codename: buster
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: true
+        authorized_keys: |
+          {{ liw_personal_ssh_pub }}
+        ssh_key: |
+          {{ lookup('pipe', 'pass show ssh/liw@mirror-git') }}
+        ssh_key_pub: |
+          {{ lookup('pipe', 'pass show ssh/liw@mirror-git.pub') }}
diff --git a/ansible/maybe-someday/jt-dev.yml b/ansible/maybe-someday/jt-dev.yml
new file mode 100644
index 0000000..ccb405b
--- /dev/null
+++ b/ansible/maybe-someday/jt-dev.yml
@@ -0,0 +1,50 @@
+- hosts: jt-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: comfortable-debian-system
+      tags: [comfy]
+    - role: unix_users
+      tags: [users]
+    - role: version-controller
+      tags: [vacs]
+    - role: liw
+      tags: [liw]
+    - role: rust-rustup
+      tags: [rustup]
+  tasks:
+    - apt:
+        name:
+          - black
+          - build-essential
+          - jq
+          - moreutils
+          - python3
+          - subplot
+          - texlive-fonts-recommended
+          - texlive-latex-base
+          - texlive-latex-recommended
+  vars:
+    ansible_python_interpreter: python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: jt-dev
+    sane_debian_system_codename: bullseye
+
+    timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/letest-letest.vm.liw.fi.yml b/ansible/maybe-someday/letest-letest.vm.liw.fi.yml
new file mode 100644
index 0000000..c9555dc
--- /dev/null
+++ b/ansible/maybe-someday/letest-letest.vm.liw.fi.yml
@@ -0,0 +1,20 @@
+- hosts: letest
+  remote_user: root
+  roles:
+#    - sane_debian_system
+#    - comfortable-debian-system
+#    - self-updating-system
+    - letest
+  vars:
+    sane_debian_system_version: 2
+    unix_users_version: 1
+
+    hostname: letest
+    debian_codename: buster
+    debian_mirror: deb.debian.org
+
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        authorized_keys: |
+          {{ liw_personal_ssh_pub }}
diff --git a/ansible/maybe-someday/openpgp-ca-dev.yml b/ansible/maybe-someday/openpgp-ca-dev.yml
new file mode 100644
index 0000000..52afa6c
--- /dev/null
+++ b/ansible/maybe-someday/openpgp-ca-dev.yml
@@ -0,0 +1,48 @@
+- hosts: openpgp-ca-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: version-controller
+      tags: [vcs]
+    - role: unix_users
+      tags: [users]
+    - role: rust-rustup
+      tags: [rustup]
+    - role: liw
+      tags: [liw]
+
+  tasks:
+    - apt:
+        name:
+          - build-essential
+          - capnproto
+          - clang
+          - debhelper
+          - dh-cargo
+          - libclang-dev
+          - libsqlite3-dev
+          - libssl-dev
+          - llvm
+          - locales-all
+          - moreutils
+          - nettle-dev
+          - pkg-config
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: openpgp-ca-dev
+    sane_debian_system_codename: bullseye
+    sane_debian_system_timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/openpgp-card-dev.yml b/ansible/maybe-someday/openpgp-card-dev.yml
new file mode 100644
index 0000000..30c528f
--- /dev/null
+++ b/ansible/maybe-someday/openpgp-card-dev.yml
@@ -0,0 +1,56 @@
+- hosts: openpgp-card-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: version-controller
+      tags: [vcs]
+    - role: unix_users
+      tags: [users]
+    - role: rust-rustup
+      tags: [rustup]
+    - role: liw
+      tags: [liw]
+
+  tasks:
+    - apt:
+        name:
+          - build-essential
+          - debhelper
+          - dh-cargo
+          - docker.io
+          - libclang-dev
+          - libpcsclite-dev
+          - lintian
+          - moreutils
+          - nettle-dev
+          - ntp
+          - pkg-config
+          - psmisc
+          - subplot
+    - user:
+        name: liw
+        groups:
+          - docker
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bullseye
+    sane_debian_system_timezone: Europe/Helsinki
+
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/python-mess.yml b/ansible/maybe-someday/python-mess.yml
new file mode 100644
index 0000000..3cbdc91
--- /dev/null
+++ b/ansible/maybe-someday/python-mess.yml
@@ -0,0 +1,41 @@
+- hosts: python-mess
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: comfortable-debian-system
+      tags: [comfy]
+    - role: unix_users
+      tags: [users]
+    - role: version-controller
+      tags: [vcs]
+    - role: emacs
+      tags: [emacs]
+    - role: liw
+      tags: [liw]
+  tasks:
+    - apt:
+        name:
+          - build-essential
+          - python3-all
+          - python3-pip
+  vars:
+    ansible_python_interpreter: python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: python-mess
+    sane_debian_system_codename: bullseye
+
+    timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/roadmap-dev.yml b/ansible/maybe-someday/roadmap-dev.yml
new file mode 100644
index 0000000..ac98d3a
--- /dev/null
+++ b/ansible/maybe-someday/roadmap-dev.yml
@@ -0,0 +1,46 @@
+- hosts: roadmap-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: comfortable-debian-system
+      tags: [comfy]
+    - role: unix_users
+      tags: [users]
+    - role: version-controller
+      tags: [vacs]
+    - role: liw
+      tags: [liw]
+    - role: rust-rustup
+      tags: [rustup]
+  tasks:
+    - apt:
+        name:
+          - debhelper
+          - build-essential
+          - dh-cargo
+          - git
+          - moreutils
+          - python3
+          - python3-requests
+          - python3-yaml
+  vars:
+    ansible_python_interpreter: python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: roadmap-dev
+    sane_debian_system_codename: bullseye
+
+    timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/rust-dev.yml b/ansible/maybe-someday/rust-dev.yml
new file mode 100644
index 0000000..23d9ba5
--- /dev/null
+++ b/ansible/maybe-someday/rust-dev.yml
@@ -0,0 +1,42 @@
+- hosts: rust-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+      tags: [sane]
+    - role: sshd
+      tags: [sshd]
+    - role: comfortable-debian-system
+      tags: [comfy]
+    - role: unix_users
+      tags: [users]
+    - role: version-controller
+      tags: [vacs]
+    - role: liw
+      tags: [liw]
+    - role: rust-rustup
+      tags: [rustup]
+  tasks:
+    - apt:
+        name:
+          - build-essential
+  vars:
+    ansible_python_interpreter: python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: rust-dev
+    sane_debian_system_codename: bullseye
+
+    timezone: Europe/Helsinki
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
diff --git a/ansible/maybe-someday/sq-test.yml b/ansible/maybe-someday/sq-test.yml
new file mode 100644
index 0000000..5879ef1
--- /dev/null
+++ b/ansible/maybe-someday/sq-test.yml
@@ -0,0 +1,160 @@
+- hosts: sq-test
+  remote_user: root
+  roles:
+    - role: sane_debian_system
+    - role: comfortable-debian-system
+    - role: unix_users
+    - role: self-updating-system
+  tasks:
+    - apt:
+        name:
+          - bash-completion
+          - sq
+        state: present
+    - file:
+        path: /tmp/shared
+        state: directory
+        mode: 01777
+    - copy:
+        content: |
+          -----BEGIN PGP PUBLIC KEY BLOCK-----
+          Comment: 010A B1FA 8E24 283F B898  3F52 9036 838A 283E 1AA9
+          Comment: Lars Wirzenius
+
+          xjMEYuzSFBYJKwYBBAHaRw8BAQdAkOVflgRACWQrysidOFgXUa5AmknlCt0Sb5U/
+          kFHOHmzCwBEEHxYKAIMFgmLs0hQFiQWkj70DCwkHCRCQNoOKKD4aqUcUAAAAAAAe
+          ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmc0zoAeYXkSCb7SOLblaokA
+          uMiuMLNocIM4XSeEEVVdogMVCggCmwECHgEWIQQBCrH6jiQoP7iYP1KQNoOKKD4a
+          qQAAJvkBAPOvcIFKjV+RDssTF+M8ANsVPN8e9MCaHhF65o6dHtv2AQCyJVPftDH2
+          ub9mr6bIPEUYJi6+imZX2Xa3C7SGNEe0Bc0OTGFycyBXaXJ6ZW5pdXPCwBQEExYK
+          AIYFgmLs0hQFiQWkj70DCwkHCRCQNoOKKD4aqUcUAAAAAAAeACBzYWx0QG5vdGF0
+          aW9ucy5zZXF1b2lhLXBncC5vcmdy+aoELSz02TDwDO0w+j6N/Yg4vQ8Ws6cZeFQU
+          u0lkMAMVCggCmQECmwECHgEWIQQBCrH6jiQoP7iYP1KQNoOKKD4aqQAApqwBANTK
+          v3NN6xI8eH/TSbR+5VgrSiZj4mZoNCBQALpEQzT9AQCvrZmKNfeq77Q4SsEWUmD8
+          dHb0eMsppyi0oW8itAuaC84zBGLs0hQWCSsGAQQB2kcPAQEHQGpPf6RSeuBlzhTS
+          5J+yAYQNSKUC+RPYBiq3u1jkydJ9wsDFBBgWCgE3BYJi7NIUBYkFpI+9CRCQNoOK
+          KD4aqUcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcg7Rr7
+          iOeL3SCZ2ecGO0/g/5CorBrxP8AlfuyWAJroeAKbAr6gBBkWCgBvBYJi7NIUCRCM
+          lfahnAL5XUcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmd1
+          Jf5951yGEOtGCSw0BpWa4pPp6mR9hGGhMqpyA5sXkhYhBHTyxaykxgutnvUZlIyV
+          9qGcAvldAAA+iAD/VOod7dIUrxPL23iUKYCe1OjQ+rOWrjzWr4lXh8MbYD8A/ium
+          ns8bmARpt2+VPqfbTQiESK5i+k3HFw2O2R3MP1EFFiEEAQqx+o4kKD+4mD9SkDaD
+          iig+GqkAAJo0AP9TWhlep2UnuQb1eqpyK7bxrpaPV/cR2v98DtxUcDZJPAEAyjcD
+          +AR1KC2VHF32JYHddbvEBG4YkRuslXpX8t46SQ3OMwRi7NIUFgkrBgEEAdpHDwEB
+          B0Dlc6Sa0OENRkXRlGSJx+TW6+QEK7WB8eIHikyxfK4hdcLABgQYFgoAeAWCYuzS
+          FAWJBaSPvQkQkDaDiig+GqlHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p
+          YS1wZ3Aub3JnadCLyuCKpqa7utZ+81jTDOpCgF1yoR/grzfb3h3H+0YCmyAWIQQB
+          CrH6jiQoP7iYP1KQNoOKKD4aqQAAY/gA/35WSxWkNURZdGOwKgBJtw5nc5K9s6nt
+          LefNkI/OB7O/AP98xXylCuzQNw7jbmkuwIyb3t1iyBUmBBkAkVHUVkEmCs44BGLs
+          0hQSCisGAQQBl1UBBQEBB0B73lJoeEfLvaYgpYJiJcTnDPXon0TI3Kd37xa+8ieM
+          eAMBCAfCwAYEGBYKAHgFgmLs0hQFiQWkj70JEJA2g4ooPhqpRxQAAAAAAB4AIHNh
+          bHRAbm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZyeEI8W6tcOpWsDOVz9SqpQlgAlN
+          IzNCdED0mddImb5RApsMFiEEAQqx+o4kKD+4mD9SkDaDiig+GqkAAFxjAP40OKNA
+          IEx5tGJneoTLFFDYQUpstG6h7AZ36ooEaRIk5AEA6mUCs9JdJMElHa34g+txs7Pk
+          3gygQYQtpkkeCXZ2tgc=
+          =YmSW
+          -----END PGP PUBLIC KEY BLOCK-----
+        dest: /home/liw/liw-pub.pgp
+        owner: liw
+        group: liw
+    - copy:
+        content: |
+          -----BEGIN PGP PRIVATE KEY BLOCK-----
+          Comment: 010A B1FA 8E24 283F B898  3F52 9036 838A 283E 1AA9
+          Comment: Lars Wirzenius
+
+          xVgEYuzSFBYJKwYBBAHaRw8BAQdAkOVflgRACWQrysidOFgXUa5AmknlCt0Sb5U/
+          kFHOHmwAAP90GKYJ/CEDoZtNhVMCsXveNAmriM18VhfjQmoJVY9F8g6gwsARBB8W
+          CgCDBYJi7NIUBYkFpI+9AwsJBwkQkDaDiig+GqlHFAAAAAAAHgAgc2FsdEBub3Rh
+          dGlvbnMuc2VxdW9pYS1wZ3Aub3JnNM6AHmF5Egm+0ji25WqJALjIrjCzaHCDOF0n
+          hBFVXaIDFQoIApsBAh4BFiEEAQqx+o4kKD+4mD9SkDaDiig+GqkAACb5AQDzr3CB
+          So1fkQ7LExfjPADbFTzfHvTAmh4ReuaOnR7b9gEAsiVT37Qx9rm/Zq+myDxFGCYu
+          vopmV9l2twu0hjRHtAXNDkxhcnMgV2lyemVuaXVzwsAUBBMWCgCGBYJi7NIUBYkF
+          pI+9AwsJBwkQkDaDiig+GqlHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p
+          YS1wZ3Aub3JncvmqBC0s9Nkw8AztMPo+jf2IOL0PFrOnGXhUFLtJZDADFQoIApkB
+          ApsBAh4BFiEEAQqx+o4kKD+4mD9SkDaDiig+GqkAAKasAQDUyr9zTesSPHh/00m0
+          fuVYK0omY+JmaDQgUAC6REM0/QEAr62ZijX3qu+0OErBFlJg/HR29HjLKacotKFv
+          IrQLmgvHWARi7NIUFgkrBgEEAdpHDwEBB0BqT3+kUnrgZc4U0uSfsgGEDUilAvkT
+          2AYqt7tY5MnSfQABAIPRid4IAhZwCvDmr27PF78T/0VSA2gtlwouA8yvb7HsDojC
+          wMUEGBYKATcFgmLs0hQFiQWkj70JEJA2g4ooPhqpRxQAAAAAAB4AIHNhbHRAbm90
+          YXRpb25zLnNlcXVvaWEtcGdwLm9yZyDtGvuI54vdIJnZ5wY7T+D/kKisGvE/wCV+
+          7JYAmuh4ApsCvqAEGRYKAG8FgmLs0hQJEIyV9qGcAvldRxQAAAAAAB4AIHNhbHRA
+          bm90YXRpb25zLnNlcXVvaWEtcGdwLm9yZ3Ul/n3nXIYQ60YJLDQGlZrik+nqZH2E
+          YaEyqnIDmxeSFiEEdPLFrKTGC62e9RmUjJX2oZwC+V0AAD6IAP9U6h3t0hSvE8vb
+          eJQpgJ7U6ND6s5auPNaviVeHwxtgPwD+K6aezxuYBGm3b5U+p9tNCIRIrmL6TccX
+          DY7ZHcw/UQUWIQQBCrH6jiQoP7iYP1KQNoOKKD4aqQAAmjQA/1NaGV6nZSe5BvV6
+          qnIrtvGulo9X9xHa/3wO3FRwNkk8AQDKNwP4BHUoLZUcXfYlgd11u8QEbhiRG6yV
+          elfy3jpJDcdYBGLs0hQWCSsGAQQB2kcPAQEHQOVzpJrQ4Q1GRdGUZInH5Nbr5AQr
+          tYHx4geKTLF8riF1AAEAx8kFIwgl9lPJI91ZUXBK9nj8BAChRHHiq1YJI+heIUoN
+          4MLABgQYFgoAeAWCYuzSFAWJBaSPvQkQkDaDiig+GqlHFAAAAAAAHgAgc2FsdEBu
+          b3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnadCLyuCKpqa7utZ+81jTDOpCgF1yoR/g
+          rzfb3h3H+0YCmyAWIQQBCrH6jiQoP7iYP1KQNoOKKD4aqQAAY/gA/35WSxWkNURZ
+          dGOwKgBJtw5nc5K9s6ntLefNkI/OB7O/AP98xXylCuzQNw7jbmkuwIyb3t1iyBUm
+          BBkAkVHUVkEmCsddBGLs0hQSCisGAQQBl1UBBQEBB0B73lJoeEfLvaYgpYJiJcTn
+          DPXon0TI3Kd37xa+8ieMeAMBCAcAAP9ou8Z/+/40YzSNg9fTYC33bJCA/IFb7V+N
+          XGhehUoNcBIEwsAGBBgWCgB4BYJi7NIUBYkFpI+9CRCQNoOKKD4aqUcUAAAAAAAe
+          ACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcnhCPFurXDqVrAzlc/UqqU
+          JYAJTSMzQnRA9JnXSJm+UQKbDBYhBAEKsfqOJCg/uJg/UpA2g4ooPhqpAABcYwD+
+          NDijQCBMebRiZ3qEyxRQ2EFKbLRuoewGd+qKBGkSJOQBAOplArPSXSTBJR2t+IPr
+          cbOz5N4MoEGELaZJHgl2drYH
+          =DO2c
+          -----END PGP PRIVATE KEY BLOCK-----
+        dest: /home/liw/liw.pgp
+        owner: liw
+        group: liw
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: shell
+    sane_debian_system_codename: bullseye
+    sane_debian_system_mirror: deb.debian.org
+    sane_debian_system_sources_lists:
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: root
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+      - username: liw
+        comment: Lars Wirzenius
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+      - username: volunteer1
+        comment: sq volunteer
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+#          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZdyfLIkIPT49xv3wHurk97Q4Iv2+E8vzBdLl9FEt/m
+      - username: volunteer2
+        comment: sq volunteer
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+#          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMnYWSq0gnmLnshJdikKT65NJcuKRXa7RAsyUraqha0V
+      - username: volunteer3
+        comment: sq volunteer
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+#          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY4VaVEXyQpV7knCanFU4oNb8+Tuz2ef8HvMD8fYPhA
+      - username: volunteer4
+        comment: sq volunteer
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+#          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIcY2jjbtV2OnQourPizkXbgLfJJVi4orUdeuvgiM6alHiPmuo/Feya+R+GuLgxoJYXHIk82ZZSHS9LGGNrXrHJIvrCva7CC5XPdUrgGjZRCHnHXI1Ly7Grw1fa/We8a1PoxISxDGRy9NTwqChm8qGEG8Gm4eH7DOXrJCgUoI04oCp/gEfRL+wF0A2/FZvpG7zSuYReJsdIa733t+CpltVTlJS9iCdUFuYkzKzhp01r6sw7Kp3PuzaU2xi2nxBP8K9nBW85UB4q42RdoDHASTcIZE3uss4XzdRQPOurvoppzV7MzGtegCPY65t3MMDJtVKmhAYc4OEZKu4+8cnOd1Wre2rLARFHw/u881QfNjDwN2+oMnmJo45YHM45GIIXhFr+Hs44TJEuons9rA933MW8vjLTNzyKSNK5TXfzg9oqD+Gc3ATwooTPBf+EaN2i5D4DGxX6l7xsRoBXD6DidLRoN9iD1pVVJRpE7q9lRU0GaUMdNC2RRtUk36BZDpmKoyBsuFDLgOUSbKFPOG7378LYC9MQmB0RR2VW0g0x01MGfd7UNX9cpHuJNjRikfqF8Lm4Y7UAkyF498MFbkZPaKpGPFxbUARghryrLRkVjDyqwDAIlOgjjdN2KOGLIB+rgjRnuEvHoshnr1MADlGHBocfX4LO0ABxMNcCB3RU/t26w==
+      - username: volunteer5
+        comment: sq volunteer
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/0/n02JFJXtuBOUbu34Hm5xQ9CuiQtthsxPkfnIOhfC4Gx2tNWgcygnZTUh0ymDutQugJVKKj2nHJoKVJUeecroqW7VdR8omfWJGTST9CxJhubMuJnD4dnRVnvsLvmPN5X2ELaoQU7H4Ia4/P596kH9aw3/b07mx+xf0wg9OCLf7q3dNjBUR9ztqR253hjRA9yi4yut3sNosDwtfzbDhypDsG+fzve/bUH13X3Et+pUD3GWRkEjbTUv6qTxob+xlSBRVHviCiQG0MAcW+YAOyvG/REzONGoMufiP9ozgrx46Qn1Ey1bh6POBQjgE8zaajOHn4f63j5sir1aezRmSd7l6yAB/YwyFHuSXY4TkWmiWLaFw0EB4E3A2M8qACjsH173gVh+BlnRot+AYzpJ2oDIluQrTzcY558AYuRb4u0jfRfsnDdt3aifSnLXkF2cw46zB8nBDY789adhvoyX+HR/igA2W2Ljl1i15zHeo8IqI8kgNnghxaSYGisBAUO5oQWsgGoDV5rNz00MZT3IXkG5NN+Diaep0rJBteaqMYQWD/Nr2A/Oq7f7Q47Z9i378kWQywlSk6M252fRh8+sJLCzMFd9sH/MPIEk1HiX3umZoEdfU4/bULYBL6q8ePXC7wSaW7eOL5b0/za0NwTZRL9UC4uduEQC1t/HWuJ3OB+w==
+      - username: volunteer6
+        comment: sq volunteer
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqhNi9rrxfK6Rn2rsoJZbBmxWmPoqftMOTf7LD+1K99sOUmwCM+bqoPt7pHl/JsxOpAilfD5lVQ9m+4Xutjtaenf98jnO8Gi3h7xMsUZRaU0T3gCmKq/T1B9N3/YSWosPHAHvRfeu9zr6rJj7gxMAJ7Ab+Ix7t60j6iAGkX+LuyC9VQ5GR1SGC76a3TMHYrgR0VBYohFTzFqhVquubTEtUZrvZy/kNkKb5XvgiCLCNyFfO1huq/c3hDFUnQvP6/0MSGJq/FRqwPdLLOcRDaBQpw942JC0Xh0+0qOJVIpdRfdM/83NBsBIJKNqR2eWYHoW2brTKjxHPsRNtKjn6AgKj
+          ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYbT9Mw8v+C2SdqjFhWCmR2IrurUoZJBxTw1WsO1JkcXdcl7PX/jaQoVlAolI3P2iF9wHO9SwG8LLRObjtjOWzHOGtk+GGwRpxFYgu2a+y3mSu50UwOCJeROWerVfra0/E0JuWkAWAlVzrfcBApXx+g/IY/gH9jb4/ErEqysAE4BcsQSQ25FgtZVj97emSW1Ozzd68X7i6i6KX9W778Guq9XOxS7n+hX+0+yCibMBvW+hBK9HhJba5QvQtZ6msaw9wvWWbfr0T3IknrbRhZAGoNcQ0DW++vrv2+8pvOhcTdXIWsNF/WFIqBAcZmFHR6iKZAnx/pxW2ZM4N+IPT4zX12PsMWPZQqBQxMXy/MIEsAby/NlMK9XO3L1K8WqOqLwnjIJ0YUbsaTkaE1REHY17LuQgmu2UXm4cpTHyzEVBz48PeCh6jqoP4Wd/YQ+VtLZiSqjsP7leU9mvd06mFoBk/z4KeaM7dKqWTUxwwXRJ0HDTb3CaYgy3GF+FtZWAcsKv6X32GEV8lYsrOFSUPXUhPuoJZR12BLuJRCv2kk7rlIjVIAZjG0r84PRWKgNXNmFW9dtpnQmaZnOqeLwIBepQsdb2I5NWUItg4YUp3M8Ne/+KAywH5Zx9FHjCn4PNNKYoYKLYb1D/FW03UECa2Jv+ygi+1iYNgUA8uA4CX2vYXEw==
+      - username: volunteer7
+        comment: sq volunteer
+        authorized_keys: |
+          {{ liw_hetzner_ssh_pub }}
+#          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZAUtpJZ3I3alPpJuvAqsjixoO+WWRxFTKauJKe2Lup
diff --git a/ansible/maybe-someday/ssh-dev.yml b/ansible/maybe-someday/ssh-dev.yml
new file mode 100644
index 0000000..3b05e70
--- /dev/null
+++ b/ansible/maybe-someday/ssh-dev.yml
@@ -0,0 +1,22 @@
+- hosts: ssh-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+    - role: sshd
+      tags: [sshd]
+    - role: unix_users
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bullseye
+    sane_debian_system_mirror: deb.debian.org
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+
+    sshd_version: 1
+    sshd_allow_authorized_keys: yes
author	Lars Wirzenius <liw@liw.fi>	2023-01-07 17:51:27 +0200
committer	Lars Wirzenius <liw@liw.fi>	2023-01-07 17:51:27 +0200
commit	2456f2c82528f31835807addd4ac3b6e62252af9 (patch)
tree	eeb400bf3bcda02f4a426052b184c855dc926043 /ansible/maybe-someday
parent	99257314d4fe7ea239d6306b0707e2fa8ad79e63 (diff)
download	ansibleness-2456f2c82528f31835807addd4ac3b6e62252af9.tar.gz