diff options
21 files changed, 448 insertions, 103 deletions
diff --git a/ansible/all.sh b/ansible/all.sh index 55e07b4..3fbb709 100755 --- a/ansible/all.sh +++ b/ansible/all.sh @@ -11,7 +11,9 @@ online() { } maybe_run_playbook() { - if newer "$1.yml" "$1.stamp" && online "$1"; then + if ! online "$1"; then + echo "UNAVALABLE $1" + elif newer "$1.yml" "$1.stamp"; then echo "$1" ./run-playbook "$1.yml" touch "$1.stamp" @@ -20,13 +22,14 @@ maybe_run_playbook() { fi } +maybe_run_playbook tursas maybe_run_playbook solace maybe_run_playbook exolobe1 maybe_run_playbook exolobe2 maybe_run_playbook stamina maybe_run_playbook holywood2 maybe_run_playbook atuin.liw.fi -maybe_run_playbook mirror-git +#maybe_run_playbook mirror-git maybe_run_playbook git.liw.fi maybe_run_playbook apt.liw.fi maybe_run_playbook http.liw.fi diff --git a/ansible/ambient-driver.yml b/ansible/ambient-driver.yml new file mode 100644 index 0000000..6abdde7 --- /dev/null +++ b/ansible/ambient-driver.yml @@ -0,0 +1,103 @@ +- hosts: ambient-driver + remote_user: debian + become: yes + roles: + - role: sane_debian_system + - role: sshd + - role: comfortable-debian-system + - role: unix_users + - role: liw + - role: rust-rustup + tasks: + - apt: + name: + - ambient-driver + - build-essential + - cpu-checker + - dput + - qemu-system-x86 + - qemu-utils + - file: + state: directory + path: /home/liw/.config/ambient-driver + owner: liw + group: liw + - file: + state: directory + path: /home/liw/images + owner: liw + group: liw + - copy: + content: | + tmpdir: /tmp + log: ~/log + run_ci: /usr/bin/run-ci + cpus: 12 + memory: 25769803776 + cache_max_size: 536870912000 + dput_target: apt.liw.fi + dest: /home/liw/.config/ambient-driver/config.yaml + - copy: + content: | + [apt.liw.fi] + login = incoming + fqdn = apt.liw.fi + method = scp + incoming = /srv/apt/incoming + allow_unsigned_uploads = 1 + check_version = 0 + run_dinstall = 0 + dest: /home/liw/.dput.cf + owner: liw + group: liw + - copy: + content: | + {{ lookup('pipe', 'pass ambient-driver-apt/key') }} + dest: /home/liw/.ssh/id_ed25519 + owner: liw + group: liw + mode: 0600 + - copy: + content: | + {{ lookup('pipe', 'pass ambient-driver-apt/key.pub') }} + dest: /home/liw/.ssh/id_ed25519.pub + owner: liw + group: liw + - copy: + content: | + ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIDiOutT7werZw3x8Yro1UgQJcHV1Z96nuz4PU5P5EiA7AAAAIPyTjl4aj32Gwp5vqvuOx+0hlvDqSh419PbuzSwjXT+EAAAAAAAAAAAAAAABAAAAJ2NlcnRpZmljYXRlIGZvciB1c2VyIGluY29taW5nLF9ld3d3LGxpdwAAABwAAAAIaW5jb21pbmcAAAAFX2V3d3cAAAADbGl3AAAAAGYaL1AAAAAAZpDWkQAAAAAAAACCAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAAFnBlcm1pdC1wb3J0LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAABKAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINjZEn0qxuBORhdR9bB48Sk3dRz4Kxxo4S7dDiqssQPXAAAABHNzaDoAAABnAAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAQAY9oziUwJJWaoFt48RnuinJgTkQ8xJ8sPVG+VIqdVYQ5By6Vv4ukOtLiQpQc+ykBFhzrYrEHVRHsiQWcX1wuQ0BAAAhIA== liw@tursas + dest: /home/liw/.ssh/id_ed25519-cert.pub + owner: liw + group: liw + - copy: + content: | + Host * + IdentityFile ~/.ssh/id_ed25519 + PasswordAuthentication no + IdentitiesOnly yes + dest: /home/liw/.ssh/config + owner: liw + group: liw + vars: + ansible_python_interpreter: python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: "{{ inventory_hostname }}" + sane_debian_system_codename: bookworm + + timezone: Europe/Helsinki + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + groups: + - kvm + sudo: yes + + sane_debian_system_sources_lists: + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" + + sshd_version: 1 + diff --git a/ansible/finntroll.liw.fi.yml b/ansible/finntroll.liw.fi.yml index ad4b9b9..ffcc3e5 100644 --- a/ansible/finntroll.liw.fi.yml +++ b/ansible/finntroll.liw.fi.yml @@ -17,6 +17,9 @@ - nmap - psmisc - ripgrep + - sqlite3 + - wumpus-hunter + - name: "create directory for wumpus files" file: state: directory @@ -24,6 +27,58 @@ owner: wumpus group: wumpus + - name: "create directory for temporary wumpus files" + file: + state: directory + path: /srv/tmp + owner: wumpus + group: wumpus + + - name: "install wumpus hunter config" + copy: + content: | + description: | + Results of running the Radicle heartwood tests + repeatedly. Report number of successful and fail test + runs per commit. Keep logs of each test run for each + commit. + repository_url: https://seed.radicle.xyz/z3gqcJUoA1n9HaHKufZs5FCSGazv5.git + git_ref: master + command: | + cargo test --locked --workspace + dest: /home/wumpus/wumpus.yaml + owner: wumpus + group: wumpus + + - name: "install service unit for wumpus hunter" + copy: + content: | + [Unit] + Description=Wumpus hunter + After=network.target network-online.target + Requires=network-online.target + + [Service] + User=wumpus + Group=wumpus + ExecStart=/usr/bin/wumpus-hunter run --logs /srv/wumpus /home/wumpus/wumpus.yaml + Environment=RUST_BACKTRACE=1 WUMPUS_LOG=info PATH=/home/wumpus/.cargo/bin:/bin:/sbin TMPDIR=/srv/tmp + KillMode=process + Restart=always + RestartSec=3 + + [Install] + WantedBy=multi-user.target + dest: /etc/systemd/system/wumpus-hunter.service + + - name: "(re)start systemd unit for Radicle node" + systemd: + name: wumpus-hunter + state: restarted + masked: no + enabled: yes + daemon_reload: yes + vars: ansible_python_interpreter: /usr/bin/python3 @@ -59,68 +114,57 @@ # host: seed.liw.fi # port: 8776 radicle_node_repositories: - # heartwood - - rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" - - # pathdedup test repo - - rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" - - # ansibleness - - rid: "rad:z3sckw1Xm8j5URDJz1zeESHfFYDEc" - - # debian-ansible - - rid: "rad:z3LXXus6Wu93LuSuuuSBPcFkDiyCW" - - # html-page - - rid: "rad:z2i9UF8soK1X6L9hae8UcQPSvdHjW" - - # liw-dot-files - - rid: "rad:z2xcsrnG8dC76bkxXsASZbWGH5N2w" - - # radicle-stress-test - - rid: "rad:z2HXqzZMRhZUiYm33pLgYfqBgcGCj" - - # radicle-ci-broker - - rid: "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" - - # radicle-native-ci - - rid: "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" - - # riki - - rid: "rad:zw9BgStPgCkdsMspzs7EGbwnXq3r" - - # wumpus hunter - - rid: "rad:zd4kAF7rQFKbCHAdbcF6zVkx8MyN" - - # missing-dependencies - - rid: "rad:z3PKKNstRjLYqhvGq9rxGy7LoEVr5" - - # vmdb2 - - rid: "rad:z2kxCtBwDQMPcaf9vGTNH5nYkp9qk" - - # vmdb2-web - - rid: "rad:z2mn6wzpVAuJoeWx7TZo33nCHuDfQ" - - # unpack-debian-sources - - rid: "rad:zgYpM7b29D6wTMjEUxxzBjcF9EvK" - - - rid: "rad:z4Az1APNZyfFVkTzneyfq6SBPKqtV" # linux-news - - rid: "rad:z3uBEubocQ9kJANPvMAo6z5ZhhaFh" # pathdedup (real) - - rid: "rad:z4PiGKYWcz3XPzLf91DAgSHxjNvg8" # roadmap - - rid: "rad:z2wZYvawkpUTnfrCL5iHaufpCdXyk" # jt - - rid: "rad:z2tnM99uips8nguhcg12hLX5yC3t7" # pandoc-filter-diagram - - rid: "rad:z24MZ7A64C7c9MmcNfR2X7GtQUk14" # sshca - - rid: "rad:z2S7Wn8ZWBKQUQkUNikpZiuFFJZDv" # sshca-web - - rid: "rad:zjxyd2A1A7FnxtC69qDfoAajfTHo" # subplot - - rid: "rad:z2M6WnwXyFcdQNj6M5pav3BnyTBfz" # subplot-web - - rid: "rad:z3U5PDwEqz64be8vfqEyyj2rkfd1s" # vmadm - - rid: "rad:z2qboj3zYdhQBKo8yGxMfwvhj7HfN" # vmadm-web - - rid: "rad:z4AmsrmyEsdZWh9KLSRbReDM9nnbe" # 256.liw.fi - - rid: "rad:zN4j1nt4y1xtoz9Tat6asyfJDyc2" # gtdfh - - rid: "rad:zUcMk9QpMdyty6tABQ6Cje21xAro" # liw-automation - - rid: "rad:z37yxMDoGWhErwFt55n4jDCiQwxLm" # v-i - - rid: "rad:z4DNcHPHUoCytkihDY4vDp4KvGxh3" # v-i-web - - rid: "rad:z355dPnbvpPxC3FoT38pjs9AzspQB" # early-linux-history-talk + # Radicle work + - rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood + - rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" # pathdedup test repo + - rid: "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" # radicle-ci-broker + - rid: "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" # radicle-native-ci + - rid: "rad:z2HXqzZMRhZUiYm33pLgYfqBgcGCj" # radicle-stress-test + - rid: "rad:zd4kAF7rQFKbCHAdbcF6zVkx8MyN" # wumpus hunter + + # Personal, Subplot + - rid: "rad:zjxyd2A1A7FnxtC69qDfoAajfTHo" # subplot + - rid: "rad:z2M6WnwXyFcdQNj6M5pav3BnyTBfz" # subplot-web + + # Personal, Obnam + - rid: "rad:zhmWact4xuWp1XSwPER79oPUGW9S" # cachedir + - rid: "rad:z2iicxsVP46kyA7rzFXrQHrk88cAo" # obnam2 + - rid: "rad:z2aq8B4ui77q8msEtUaGYXeSwNYuc" # obnam-web + - rid: "rad:z3ZFpLzEYTmjzDqSTxf2bZchktBH1" # obnam-benchmark + - rid: "rad:z2bB6gdePNQ9jyMK487mu4CraYewX" # obnam-benchmark-results + - rid: "rad:z3NGfAXUfSehZbf8f6VGad9KHCrb5" # obnam-benchmark-specs + - rid: "rad:z3cL5uBuhFK5FWkc5RYecAoBXNz8d" # summain + + # Personal, other + - rid: "rad:z4AmsrmyEsdZWh9KLSRbReDM9nnbe" # 256.liw.fi + - rid: "rad:z3sckw1Xm8j5URDJz1zeESHfFYDEc" # ansibleness + - rid: "rad:z2aW1bujxH96GsWdKBcFqDpzSNnUS" # clab + - rid: "rad:z3LXXus6Wu93LuSuuuSBPcFkDiyCW" # debian-ansible + - rid: "rad:z355dPnbvpPxC3FoT38pjs9AzspQB" # early-linux-history-talk + - rid: "rad:z3pQaQ5fBe9CZY9g9vzXLWPEnwXVB" # extrautils + - rid: "rad:zN4j1nt4y1xtoz9Tat6asyfJDyc2" # gtdfh + - rid: "rad:z2i9UF8soK1X6L9hae8UcQPSvdHjW" # html-page + - rid: "rad:z2wZYvawkpUTnfrCL5iHaufpCdXyk" # jt + - rid: "rad:zUcMk9QpMdyty6tABQ6Cje21xAro" # liw-automation + - rid: "rad:z4Az1APNZyfFVkTzneyfq6SBPKqtV" # linux-news + - rid: "rad:z2xcsrnG8dC76bkxXsASZbWGH5N2w" # liw-dot-files + - rid: "rad:z3PKKNstRjLYqhvGq9rxGy7LoEVr5" # missing-dependencies + - rid: "rad:z2tnM99uips8nguhcg12hLX5yC3t7" # pandoc-filter-diagram + - rid: "rad:z3uBEubocQ9kJANPvMAo6z5ZhhaFh" # pathdedup (real) + - rid: "rad:zRGTo2HYeSsNojTQg93anVtn5Gcw" # puomi + - rid: "rad:z3GDoHhm4t58pciEoXZBPA76Qtzqz" # puomi-web + - rid: "rad:zw9BgStPgCkdsMspzs7EGbwnXq3r" # riki + - rid: "rad:z2oUkTnZgqvEER9WZdZLU19rqv7rX" # riki-web + - rid: "rad:z4PiGKYWcz3XPzLf91DAgSHxjNvg8" # roadmap + - rid: "rad:z24MZ7A64C7c9MmcNfR2X7GtQUk14" # sshca + - rid: "rad:z2S7Wn8ZWBKQUQkUNikpZiuFFJZDv" # sshca-web + - rid: "rad:zgYpM7b29D6wTMjEUxxzBjcF9EvK" # unpack-debian-sources + - rid: "rad:z37yxMDoGWhErwFt55n4jDCiQwxLm" # v-i + - rid: "rad:z4DNcHPHUoCytkihDY4vDp4KvGxh3" # v-i-web + - rid: "rad:z3U5PDwEqz64be8vfqEyyj2rkfd1s" # vmadm + - rid: "rad:z2qboj3zYdhQBKo8yGxMfwvhj7HfN" # vmadm-web + - rid: "rad:z2kxCtBwDQMPcaf9vGTNH5nYkp9qk" # vmdb2 + - rid: "rad:z2mn6wzpVAuJoeWx7TZo33nCHuDfQ" # vmdb2-web radicle_node_domain_name: radicle.liw.fi radicle_node_ci_domain_name: ci.radicle.liw.fi radicle_node_ci_broker_config: | @@ -132,6 +176,7 @@ command: /bin/radicle-native-ci env: RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml + sensitive_env: {} filters: - !Or - !And diff --git a/ansible/hosts b/ansible/hosts index 2b5e6c6..828a9d4 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -9,6 +9,7 @@ texlive [dev] aptrepo ambient-dev +ambient-driver debian-ansible-dev icktool obnam-bench @@ -27,6 +28,7 @@ v-i-dev vmadm-dev vmdb2-dev vmdb2-dev-sid +wumpus [toys] billion diff --git a/ansible/kea.yml b/ansible/kea.yml index b21f6be..6ff8225 100644 --- a/ansible/kea.yml +++ b/ansible/kea.yml @@ -1,14 +1,12 @@ - hosts: kea remote_user: root - become: no roles: - role: sane_debian_system - - comfortable-debian-system - - intel-wifi - - ssd - - sshd - - unix_users - - puomi + - role: sshd + - role: ssd + - role: puomi + tags: + - puomi vars: ansible_python_interpreter: /usr/bin/python3 @@ -23,15 +21,11 @@ - repo: | deb http://security.debian.org/debian-security bookworm-security main contrib non-free - unix_users_version: 2 - unix_users: - - username: liw - comment: Lars Wirzenius - sshd_version: 1 - sshd_host_key: "{{ lookup('pipe', 'sshca host private-key kea') }}" - sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 kea') }}" - sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" puomi_version: 1 - puomi_lan_ip: 10.2.0.1 + puomi_lan_ip: 10.1.1.1 + puomi_dhcp_start: 10.1.1.10 + puomi_dhcp_end: 10.1.1.250 + puomi_dhcp_netmask: 255.255.255.0 + puomi_dhcp_lease: 1h diff --git a/ansible/radicle-dev.yml b/ansible/radicle-dev.yml index 09a3bb2..db72f23 100644 --- a/ansible/radicle-dev.yml +++ b/ansible/radicle-dev.yml @@ -4,7 +4,7 @@ roles: - role: sane_debian_system - role: sshd -# - role: comfortable-debian-system + - role: comfortable-debian-system - role: unix_users - role: rust-rustup - role: liw @@ -12,18 +12,26 @@ - name: "install important additional packages" apt: name: -# - asciidoctor + - asciidoctor - build-essential - curl - git + - llvm + - podman - rsync - screen + - man-db - moreutils + - time - tree -# - debhelper -# - lintian -# - python3 -# - ripgrep + - vim + - name: "make /bin/sh be bash" + shell: | + ln -nsf /bin/bash /bin/sh + - copy: + dest: /etc/containers/registries.conf.d/unqualified.conf + content: | + unqualified-search-registries = ["docker.io"] vars: ansible_python_interpreter: /usr/bin/python3 @@ -39,6 +47,7 @@ unix_users: - username: liw comment: Lars Wirzenius + sudo: true sshd_version: 1 diff --git a/ansible/roles/rust-rustup/tasks/main.yml b/ansible/roles/rust-rustup/tasks/main.yml index ceb4a69..a24cf37 100644 --- a/ansible/roles/rust-rustup/tasks/main.yml +++ b/ansible/roles/rust-rustup/tasks/main.yml @@ -4,6 +4,8 @@ - build-essential - cmake - curl + - libssl-dev + - pkg-config - name: "install Rust toolchain using rustup" shell: | set -eu diff --git a/ansible/stamina-vms.sh b/ansible/stamina-vms.sh index b4eac67..232d146 100755 --- a/ansible/stamina-vms.sh +++ b/ansible/stamina-vms.sh @@ -5,13 +5,10 @@ set -eu playbooks=" web.yml ambient-dev.yml -obnam-dev.yml +ambient-driver.yml radicle-dev.yml -radicle-multi.yml rust-dev.yml subplot-dev.yml -v-i-dev.yml -vmdb2-dev.yml " for playbook in $playbooks; do diff --git a/ansible/texlive.yml b/ansible/texlive.yml index 7945b5b..8bbd121 100644 --- a/ansible/texlive.yml +++ b/ansible/texlive.yml @@ -39,6 +39,9 @@ - repo: | deb http://security.debian.org/debian-security bullseye-security main contrib non-free + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" + unix_users_version: 2 unix_users: - username: liw diff --git a/ansible/tursas.yml b/ansible/tursas.yml index 1f90818..aa8d2f8 100644 --- a/ansible/tursas.yml +++ b/ansible/tursas.yml @@ -30,8 +30,11 @@ - asciidoctor - bc - bind9-host + - black - cachedir - clab + - colordiff + - cpu-checker - curl - daemonize - dict @@ -48,6 +51,7 @@ - gddrescue - genisoimage - git-annex + - gimp - graphviz - iftop - ikiwiki @@ -60,7 +64,11 @@ - liw-automation - locales-all - lshw + - memtest86+ - moreutils + - musl + - musl-dev + - musl-tools - nfs-common - nmap - num-utils @@ -82,12 +90,14 @@ - pv - qemu-user-static - radicle + - ripgrep - shellcheck - sqlite3 - sshca - strace - subplot - summain + - systemd-zram-generator - texlive-fonts-recommended - texlive-latex-extra - texlive-latex-recommended @@ -99,6 +109,7 @@ - uuid - validns - vim + - virt-manager - vlc - vmdb2 - vobcopy @@ -109,8 +120,8 @@ - zerofree - zip - zoxide + - zram-tools - # - black # - expect # - gimp # - inkscape @@ -122,6 +133,13 @@ # - nethogs # - parted-doc + - name: "configure zram" + copy: + content: | + ALGO=zstd + PERCENT=50 + dest: /etc/default/zramswap + - name: configure dict copy: content: | @@ -219,6 +237,9 @@ rustup_cargo_install: | cargo-cache \ + cargo-deny \ + cargo-outdated \ + cargo-semver-checks \ pikchr-cli \ bottom diff --git a/ansible/wumpus.yml b/ansible/wumpus.yml new file mode 100644 index 0000000..c921822 --- /dev/null +++ b/ansible/wumpus.yml @@ -0,0 +1,165 @@ +- hosts: wumpus + remote_user: root + roles: + - sshd + - sane_debian_system + - unix_users + tasks: + - name: "Install packages" + apt: + name: + - ewww + - psmisc + - curl + - rsync + - wumpus-hunter + state: present + + - name: "Create /srv/wumpus" + file: + state: directory + path: /srv/wumpus + owner: wumpus + group: wumpus + mode: 0755 + + - name: "Create ewww config directory" + file: + state: directory + path: /etc/ewww + + - name: "Install ewww config" + copy: + content: | + webroot: /srv/wumpus + listen: "0.0.0.0:443" + tls_cert: /etc/ewww/tls.pem + tls_key: /etc/ewww/tls.key + dest: /etc/ewww/ewww.yaml + + - name: "Install TLS cert" + copy: + content: | + -----BEGIN CERTIFICATE----- + MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx + EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz + NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP + ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7 + uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z + Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO + FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH + pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk + zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC + AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX + h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob + 7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk + xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa + WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP + NdZiSNvGZAbEnmMnNCEYMO3wVA== + -----END CERTIFICATE----- + dest: /etc/ewww/tls.pem + - name: "Install TLS key" + copy: + content: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP + +3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D + LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ + GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H + i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi + qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj + ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG + qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1 + iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T + AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K + EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7 + vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU + PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I + E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm + uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco + eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g + T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci + gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW + GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf + psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj + DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R + Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra + udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e + 4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI + cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g== + -----END RSA PRIVATE KEY----- + dest: /etc/ewww/tls.key + + - name: "Enable and start ewww service" + systemd: + name: ewww + state: restarted + enabled: yes + daemon_reload: yes + + - name: "create directory for temporary wumpus files" + file: + state: directory + path: /srv/tmp + owner: wumpus + group: wumpus + + - name: "install wumpus hunter config" + copy: + content: | + description: | + Test Radicle heartwood. + repository_url: https://seed.radicle.xyz/z3gqcJUoA1n9HaHKufZs5FCSGazv5.git + git_ref: master + command: | + cargo test --locked --workspace + dest: /home/wumpus/wumpus.yaml + owner: wumpus + group: wumpus + + - name: "install service unit for wumpus hunter" + copy: + content: | + [Unit] + Description=Wumpus hunter + After=network.target network-online.target + Requires=network-online.target + + [Service] + User=wumpus + Group=wumpus + ExecStart=/usr/bin/wumpus-hunter run --logs /srv/wumpus /home/wumpus/wumpus.yaml + Environment=RUST_BACKTRACE=1 WUMPUS_LOG=info PATH=/home/wumpus/.cargo/bin:/bin:/sbin TMPDIR=/srv/tmp + KillMode=process + Restart=always + RestartSec=3 + + [Install] + WantedBy=multi-user.target + dest: /etc/systemd/system/wumpus-hunter.service + + - name: "(re)start systemd unit for the wumpus hunter" + systemd: + name: wumpus-hunter + state: restarted + masked: no + enabled: yes + daemon_reload: yes + + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: "{{ inventory_hostname }}" + sane_debian_system_codename: bookworm + sane_debian_system_timezone: Europe/Helsinki + sane_debian_system_sources_lists: + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: wumpus + comment: Wumpus hunter + + sshd_version: 1 diff --git a/v-i/exolobe1-spec.yaml b/v-i/exolobe1-spec.yaml index cdfbaf3..6dde289 100644 --- a/v-i/exolobe1-spec.yaml +++ b/v-i/exolobe1-spec.yaml @@ -1,9 +1,6 @@ hostname: exolobe1 -luks: asdf drive: /dev/sda -extra_lvs: - - name: home - size: 300G - mounted: /home ansible_vars_files: - hostid.yml +ansible_vars: + passwordless_root: true diff --git a/v-i/kea-spec.yaml b/v-i/kea-spec.yaml index d19609c..9fee708 100644 --- a/v-i/kea-spec.yaml +++ b/v-i/kea-spec.yaml @@ -1,9 +1,5 @@ hostname: kea drive: /dev/sda -extra_lvs: - - name: home - size: 20G - mounted: /home ansible_vars_files: - hostid.yml ansible_vars: diff --git a/vmadm/stamina/obnam-dev.yaml b/vmadm/someday-maybe/obnam-dev.yaml index 96dae0c..96dae0c 100644 --- a/vmadm/stamina/obnam-dev.yaml +++ b/vmadm/someday-maybe/obnam-dev.yaml diff --git a/vmadm/stamina/radicle-multi.yaml b/vmadm/someday-maybe/radicle-multi.yaml index 03e36f6..03e36f6 100644 --- a/vmadm/stamina/radicle-multi.yaml +++ b/vmadm/someday-maybe/radicle-multi.yaml diff --git a/vmadm/stamina/v-i-dev.yaml b/vmadm/someday-maybe/v-i-dev.yaml index d0765cd..d0765cd 100644 --- a/vmadm/stamina/v-i-dev.yaml +++ b/vmadm/someday-maybe/v-i-dev.yaml diff --git a/vmadm/stamina/vmdb2-dev.yaml b/vmadm/someday-maybe/vmdb2-dev.yaml index 4e0690d..4e0690d 100644 --- a/vmadm/stamina/vmdb2-dev.yaml +++ b/vmadm/someday-maybe/vmdb2-dev.yaml diff --git a/vmadm/stamina/ambient-driver.yml b/vmadm/stamina/ambient-driver.yml new file mode 100644 index 0000000..cdb3661 --- /dev/null +++ b/vmadm/stamina/ambient-driver.yml @@ -0,0 +1,4 @@ +ambient-driver: + cpus: 16 + memory_mib: 32768 + image_size_gib: 200 diff --git a/vmadm/stamina/radicle-dev.yaml b/vmadm/stamina/radicle-dev.yaml index c073431..e48f783 100644 --- a/vmadm/stamina/radicle-dev.yaml +++ b/vmadm/stamina/radicle-dev.yaml @@ -1,4 +1,4 @@ radicle-dev: - cpus: 8 - memory_mib: 8192 - image_size_gib: 100 + cpus: 30 + memory_mib: 65535 + image_size_gib: 800 diff --git a/vmadm/someday-maybe/texlive.yaml b/vmadm/stamina/texlive.yaml index 08c6d80..08c6d80 100644 --- a/vmadm/someday-maybe/texlive.yaml +++ b/vmadm/stamina/texlive.yaml diff --git a/vmadm/stamina/wumpus.yaml b/vmadm/stamina/wumpus.yaml new file mode 100644 index 0000000..3a99e1c --- /dev/null +++ b/vmadm/stamina/wumpus.yaml @@ -0,0 +1,4 @@ +wumpus: + cpus: 8 + memory_mib: 32768 + image_size_gib: 100 |