diff options
author | Lars Wirzenius <liw@liw.fi> | 2023-05-14 09:19:51 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2023-05-14 09:19:51 +0300 |
commit | efd45b6010171d73f51fc2dd39c2aaf17881f8c1 (patch) | |
tree | c365e81188fc572c971be5ef279b21fc60cd9547 /ansible/solace.yml | |
parent | db0234842aa72d77a6d1fd6bf0498d3ebc5e978c (diff) | |
download | ansibleness-efd45b6010171d73f51fc2dd39c2aaf17881f8c1.tar.gz |
solace: update for use as server
Sponsored-by: author
Diffstat (limited to 'ansible/solace.yml')
-rw-r--r-- | ansible/solace.yml | 276 |
1 files changed, 6 insertions, 270 deletions
diff --git a/ansible/solace.yml b/ansible/solace.yml index dccd2b4..734c813 100644 --- a/ansible/solace.yml +++ b/ansible/solace.yml @@ -6,265 +6,38 @@ - role: sshd - role: ssd - role: comfortable-debian-system - - role: chaoskey-host - role: version-controller - - role: emacs - - role: gnupg-workstation - - role: gnome-system - - role: ansible - role: vmhost - role: smarthost-client - role: mail-client - - role: annexed - - role: riot-host -# # - role: writing-dev-env -# # - role: journal-workstation -# # - role: debian-dev-env -# # - role: subplot-dev-env -# # - role: obnam-dev-env -# # - role: tex-dev-env -# # - role: python-dev-env - role: unix_users - role: rust-rustup - tags: [rustup] + - role: liw - role: self-updating-system tasks: - # - shell: | - # sed -i 's/NOPASSWD://' /etc/sudoers.d/liw - # args: - # warn: false - # Remove ping to force it be reinstalled so that the right # capabilities are set. - apt: name: iputils-ping state: absent - - apt: - name: - - bash-completion - - black - - build-essential - - cachedir - - capnproto - - clang - - daemonize - - debhelper - - dh-cargo - - expect - - extrautils - - fio - - firmware-misc-nonfree - - fling - - gimp - - graphviz - - inkscape - - iputils-ping - - isync - - jq - - jt - - libclang-dev - - librsvg2-bin - - libsqlite3-dev - - libssl-dev - - libvirt-dev - - linux-perf - - liw-automation - - llvm - - lmodern - - nettle-dev - - nfs-common - - obnam - - obnam-benchmark - - openpgp-ca - - pandoc - - pandoc-citeproc - - pandoc-filter-diagram - - pavucontrol - - pkg-config - - plantuml - - printer-driver-ptouch - - python3 - - python3-requests - - qemu-user-static - - sequoia-chameleon-gnupg - - shellcheck - - sq-liw - - sqlite3 - - sshca - - subplot - - summain - - texlive-fonts-recommended - - texlive-latex-base - - texlive-latex-extra - - texlive-latex-recommended - - texlive-plain-generic - - unicode - - usbutils - - uuid - - validns - - vlc - - vobcopy - - vmdb2 - - xpdf - - zerofree - - name: install command line utilities apt: name: + - build-essential + - firmware-misc-nonfree + - iputils-ping - locales-all - - psmisc - - mosh + - python3 - rsync - vim - - screen - - tmux - - strace - - gddrescue - - pv - - moreutils - - bind9-host - - dnsutils - - lshw - - curl - # - extrautils - # - liw-automation - # - copyright-statement-lint - - bc - - yaml-mode - - ikiwiki - - taskwarrior - - zip - # - cachedir - - debmirror - - git-annex - - iftop - - info - # - jt - - kpartx - - lftp - - mediainfo - - mmv - - mtr - - num-utils - - parted-doc - - trickle - - units - - w3m - - youtube-dl - - signing-party - - sshfs - - dict - - dictd - - dict-foldoc - - dict-gcide - - dict-jargon - - dict-vera - - dict-wn - - gnuplot - - acpi - - nmap - - nethogs - - time - - restic - - apt-file - - whois - - oathtool - - htop - - smartmontools - - bonnie++ - - mdadm - - hddtemp - - parted - - lvm2 - - cryptsetup - - - name: configure dict - copy: - content: | - server localhost - dest: /etc/dictd/dict.conf - - - lineinfile: - path: /etc/gdm3/daemon.conf - regexp: WaylandEnable= - line: WaylandEnable=false - - # - lineinfile: - # path: /etc/xdg/autostart/gnome-keyring-ssh.desktop - # line: Hidden=true - - # - lineinfile: - # path: /etc/X11/Xsession.options - # line: use-ssh-agent - # state: absent - - # - file: - # state: directory - # path: /home/liw/.config/autostart - # owner: liw - # group: liw - - # - copy: - # content: | - # [Desktop Entry] - # Type=Application - # Name=gpg-agent - # Comment=gpg-agent - # Exec=/usr/bin/gpg-agent --daemon - # OnlyShowIn=GNOME;Unity;MATE; - # X-GNOME-Autostart-Phase=PreDisplayServer - # X-GNOME-AutoRestart=false - # X-GNOME-Autostart-Notify=true - # X-GNOME-Bugzilla-Bugzilla=GNOME - # X-GNOME-Bugzilla-Product=gnome-keyring - # X-GNOME-Bugzilla-Component=general - # X-GNOME-Bugzilla-Version=3.20.0 - # dest: /home/liw/.config/autostart/gpg-agent.desktop - # owner: liw - # group: liw - - # - name: "install necessary packages to use a Yubikey with LUKS" - # apt: - # name: - # - yubikey-luks - # - usbutils - - # - name: "configure crypttab to use yubikey-luks key script" - # crypttab: - # name: pv0 - # opts: keyscript=/usr/share/yubikey-luks/ykluks-keyscript - # state: opts_present - - # - name: "update initramfs" - # shell: | - # update-initramfs -u - - # - apt: - # name: - # - libpam-yubico - # # disabled until I don't need Y4 anymore. - # # - lineinfile: - # # path: /etc/pam.d/common-auth - # # regex: pam_yubico.so - # # line: "auth required pam_yubico.so mode=challenge-response chalresp_path=/etc/yubikey_chalresp" - # - file: - # state: directory - # path: /etc/yubikey_chalresp - # mode: 0700 - # - copy: - # content: | - # {{ lookup('pipe', 'pass libpam-yubico/liw/y6.chalresp') }} - # dest: "/etc/yubikey_chalresp/liw-{{ lookup('pipe', 'pass libpam-yubico/liw/y6.serial') }}" - # mode: 0600 - vars: ansible_python_interpreter: /usr/bin/python3 sane_debian_system_version: 2 - sane_debian_system_hostname: solace + sane_debian_system_hostname: "{{ inventory_hostname }}" sane_debian_system_codename: bullseye sane_debian_system_timezone: Europe/Helsinki sane_debian_system_sources_lists: @@ -272,66 +45,29 @@ deb http://deb.debian.org/debian bullseye contrib non-free - repo: | - deb-src http://deb.debian.org/debian bullseye main contrib non-free - - - repo: | deb http://security.debian.org/debian-security bullseye-security main contrib non-free - - repo: | - deb http://code.liw.fi/debian unstable main - signing_key: "{{ code_liw_fi_signing_key }}" - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" - - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable main - signing_key: "{{ ci_prod_signing_key }}" - unix_users_version: 2 unix_users: - username: liw comment: Lars Wirzenius sudo: yes groups: - - audio - - bluetooth - - cdrom - - dialout - - dip - - floppy - libvirt - - netdev - - plugdev - - scanner - - video - authorized_keys: | - {{ liw_personal_ssh_pub }} mailname: "{{ sane_debian_system_hostname }}.liw.fi" - hostname: "{{ sane_debian_system_hostname }}" relayhost: pieni.net:587 smarthost: pieni.net smarthost_user: pienirelay smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" rustup_cargo_install: | - cargo-audit \ - cargo-deny \ - cargo-deps \ - cargo-semver-checks \ - bandwhich \ - bat \ - cargo-edit \ - cargo-geiger \ - cargo-outdated \ - difftastic \ - flamegraph \ - hyperfine \ - ripgrep \ starship \ - tokei \ - zoxide \ ytop sshd_version: 1 |