diff options
-rw-r--r-- | ansible/group_vars/all.yml | 4 | ||||
-rw-r--r-- | ansible/handbrake.yml | 52 | ||||
-rw-r--r-- | ansible/hosts | 1 |
3 files changed, 57 insertions, 0 deletions
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 0211717..0d0f220 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -303,3 +303,7 @@ riot_im_signing_key: | 3mc4ZPLfWwxNMYs= =dS2q -----END PGP PUBLIC KEY BLOCK----- + +sshd_host_key: "{{ lookup('pipe', 'sshca host private-key {{ sane_debian_system_hostname }}') }}" +sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 {{ sane_debian_system_hostname }}') }}" +sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" diff --git a/ansible/handbrake.yml b/ansible/handbrake.yml new file mode 100644 index 0000000..51fb447 --- /dev/null +++ b/ansible/handbrake.yml @@ -0,0 +1,52 @@ +- hosts: handbrake + remote_user: debian + become: yes + roles: + - role: sane_debian_system + - role: sshd + - role: unix_users + tasks: + - apt: + name: + - gnome + - handbrake + - handbrake-cli + - htop + + # This seems to be wanted by something in the GNOME app stack. + # Installing it will stop a lot of apps from whinging at startup. + - libcanberra-gtk-module + + - lineinfile: + path: /etc/gdm3/daemon.conf + regexp: WaylandEnable= + line: "WaylandEnable=false" + + - lineinfile: + path: /etc/default/grub + regexp: GRUB_ENABLE_CRYPTODISK + line: "GRUB_ENABLE_CRYPTODISK=n" + + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: "{{ inventory_hostname }}" + sane_debian_system_codename: bookworm + sane_debian_system_timezone: Europe/Helsinki + sane_debian_system_sources_lists: + - repo: | + deb http://deb.debian.org/debian bookworm contrib non-free non-free-firmware + + - repo: | + deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware + + - repo: | + deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + + sshd_version: 1 diff --git a/ansible/hosts b/ansible/hosts index 14f9c28..0a13e88 100644 --- a/ansible/hosts +++ b/ansible/hosts @@ -27,6 +27,7 @@ radicle1-dev [toys] toy bigtoy +handbrake [upliw_vm] private |