1 files changed, 17 insertions, 97 deletions

diff --git a/ansible/debian-mirror.yml b/ansible/debian-mirror.yml
index 1b85a21..89a02c0 100644
--- a/ansible/debian-mirror.yml
+++ b/ansible/debian-mirror.yml
@@ -3,109 +3,29 @@
   become: yes
   roles:
     - role: sane_debian_system
+    - role: sshd
+    - role: comfortable-debian-system
     - role: unix_users
-    - role: self-updating-system
+    - role: mail-client
     - role: debian-mirror
-  tasks:
-    - name: "Install ewww"
-      apt:
-        name:
-          - curl
-          - ewww
-          - locales-all
-          - psmisc
-          - rsync
-        state: present
-    - name: "Create /srv/http"
-      file:
-        state: directory
-        path: /srv/http
-        owner: debmirror
-        group: debmirror
-        mode: 0755
-    - name: "Create ewww config directory"
-      file:
-        state: directory
-        path: /etc/ewww
-    - name: "Install ewww config"
-      copy:
-        content: |
-          webroot: /srv/http
-          listen: "0.0.0.0:443"
-          tls_cert: /etc/ewww/tls.pem
-          tls_key: /etc/ewww/tls.key
-        dest: /etc/ewww/ewww.yaml
-    - name: "Install TLS cert"
-      copy:
-        content: |
-          -----BEGIN CERTIFICATE-----
-          MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx
-          EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz
-          NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
-          ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7
-          uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z
-          Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO
-          FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH
-          pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk
-          zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC
-          AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX
-          h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob
-          7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk
-          xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa
-          WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP
-          NdZiSNvGZAbEnmMnNCEYMO3wVA==
-          -----END CERTIFICATE-----
-        dest: /etc/ewww/tls.pem
-    - name: "Install TLS key"
-      copy:
-        content: |
-          -----BEGIN RSA PRIVATE KEY-----
-          MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP
-          +3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D
-          LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ
-          GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H
-          i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi
-          qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj
-          ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG
-          qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1
-          iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T
-          AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K
-          EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7
-          vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU
-          PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I
-          E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm
-          uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco
-          eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g
-          T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci
-          gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW
-          GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf
-          psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj
-          DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R
-          Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra
-          udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e
-          4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI
-          cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g==
-          -----END RSA PRIVATE KEY-----
-        dest: /etc/ewww/tls.key
-    - name: "Enable and start ewww service"
-      systemd:
-        name: ewww
-        state: restarted
-        enabled: yes
-        daemon_reload: yes
   vars:
-    ansible_python_interpreter: /usr/bin/python3
+    ansible_python_interpreter: python3
 
     sane_debian_system_version: 2
-    sane_debian_system_hostname: debian-mirror
-    sane_debian_system_codename: bullseye
-    sane_debian_system_mirror: deb.debian.org
-    sane_debian_system_sources_lists:
-      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
-        signing_key: "{{ ci_prod_signing_key }}"
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bookworm
+
+    timezone: Europe/Helsinki
 
     unix_users_version: 2
     unix_users:
       - username: debmirror
-      - username: liw
-        comment: Lars Wirzenius
+        comment: Debian mirror
+
+    sshd_version: 1
+
+    mailname: "exolobe1.liw.fi"
+    relayhost: pieni.net:587
+    smarthost: pieni.net
+    smarthost_user: pienirelay
+    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"