solace: add initial version

Sponsored-by: author

1 files changed, 201 insertions, 0 deletions

diff --git a/ansible/solace.yml b/ansible/solace.yml
new file mode 100644
index 0000000..44ea2d4
--- /dev/null
+++ b/ansible/solace.yml
@@ -0,0 +1,201 @@
+- hosts: solace
+  remote_user: root
+  become: no
+  roles:
+    - role: sane_debian_system
+    - role: ssd
+    - role: comfortable-debian-system
+    - role: chaoskey-host
+    - role: version-controller
+    - role: emacs
+    - role: gnupg-workstation
+    - role: gnome-system
+    - role: ansible
+    - role: vmhost
+    - role: smarthost-client
+    - role: mail-client
+    - role: annexed
+#     - role: riot-host
+    - role: liw-usual
+# #    - role: writing-dev-env
+# #    - role: journal-workstation
+# #    - role: debian-dev-env
+# #    - role: subplot-dev-env
+# #    - role: obnam-dev-env
+# #    - role: tex-dev-env
+# #    - role: python-dev-env
+    - role: unix_users
+    - role: rust-rustup
+      tags: [rustup]
+
+  tasks:
+    # Remove ping to force it be reinstalled so that the right
+    # capabilities are set.
+    - apt:
+        name: iputils-ping
+        state: absent
+
+    - apt:
+        name:
+          - black
+          - build-essential
+          - capnproto
+          - clang
+          - daemonize
+          - expect
+          - extrautils
+          - firmware-misc-nonfree
+          - fling
+          - gimp
+          - inkscape
+          - iputils-ping
+          - isync
+          - jq
+          - jt
+          - libclang-dev
+          - libsqlite3-dev
+          - libssl-dev
+          - libvirt-dev
+          - linux-perf
+          - liw-automation
+          - llvm
+          - nettle-dev
+          - nfs-common
+          - obnam
+          - obnam-benchmark
+          - openpgp-ca
+          - pandoc-filter-diagram
+          - pavucontrol
+          - pkg-config
+          - printer-driver-ptouch
+          - qemu-user-static
+          - sequoia-chameleon-gnupg
+          - shellcheck
+          - sq-liw
+          - sqlite3
+          - sshca
+          - subplot
+          - texlive-latex-extra
+          - texlive-latex-recommended
+          - usbutils
+          - uuid
+          - validns
+          - vlc
+          - vmdb2
+          - xpdf
+          - zerofree
+
+    - lineinfile:
+        path: /etc/gdm3/daemon.conf
+        regexp: WaylandEnable=
+        line: WaylandEnable=false
+
+    - lineinfile:
+        path: /etc/xdg/autostart/gnome-keyring-ssh.desktop
+        line: Hidden=true
+
+    - lineinfile:
+        path: /etc/X11/Xsession.options
+        line: use-ssh-agent
+        state: absent
+
+    - file:
+        state: directory
+        path: /home/liw/.config/autostart
+        owner: liw
+        group: liw
+
+    - copy:
+        content: |
+          [Desktop Entry]
+          Type=Application
+          Name=gpg-agent
+          Comment=gpg-agent
+          Exec=/usr/bin/gpg-agent --daemon
+          OnlyShowIn=GNOME;Unity;MATE;
+          X-GNOME-Autostart-Phase=PreDisplayServer
+          X-GNOME-AutoRestart=false
+          X-GNOME-Autostart-Notify=true
+          X-GNOME-Bugzilla-Bugzilla=GNOME
+          X-GNOME-Bugzilla-Product=gnome-keyring
+          X-GNOME-Bugzilla-Component=general
+          X-GNOME-Bugzilla-Version=3.20.0
+        dest: /home/liw/.config/autostart/gpg-agent.desktop
+        owner: liw
+        group: liw
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: solace
+    sane_debian_system_codename: bullseye
+    sane_debian_system_timezone: Europe/Helsinki
+    sane_debian_system_sources_lists:
+      - repo: |
+          deb http://deb.debian.org/debian bullseye contrib non-free
+
+      - repo: |
+          deb-src http://deb.debian.org/debian bullseye main contrib non-free
+
+      - repo: |
+          deb http://security.debian.org/debian-security bullseye-security main contrib non-free
+
+      - repo: |
+          deb http://code.liw.fi/debian unstable main
+        signing_key: "{{ code_liw_fi_signing_key }}"
+
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+        groups:
+          - audio
+          - bluetooth
+          - cdrom
+          - dialout
+          - dip
+          - floppy
+          - libvirt
+          - netdev
+          - plugdev
+          - scanner
+          - video
+        authorized_keys: |
+          {{ liw_personal_ssh_pub }}
+
+    mailname: "{{ sane_debian_system_hostname }}.liw.fi"
+
+    hostname: "{{ sane_debian_system_hostname }}"
+    relayhost: pieni.net:587
+    smarthost: pieni.net
+    smarthost_user: pienirelay
+    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
+
+    rustup_cargo_install: |
+      cargo-audit \
+      cargo-deny \
+      cargo-deps \
+      bandwhich \
+      bat \
+      cargo-edit \
+      cargo-geiger \
+      cargo-outdated \
+      exa \
+      fd-find \
+      flamegraph \
+      git-delta \
+      hyperfine \
+      ripgrep \
+      starship \
+      tokei \
+      zoxide \
+      fzf \
+      ytop