diff options
Diffstat (limited to 'ansible/exolobe1.yml')
-rw-r--r-- | ansible/exolobe1.yml | 260 |
1 files changed, 244 insertions, 16 deletions
diff --git a/ansible/exolobe1.yml b/ansible/exolobe1.yml index 427ad5d..4ff1648 100644 --- a/ansible/exolobe1.yml +++ b/ansible/exolobe1.yml @@ -2,40 +2,268 @@ remote_user: root become: no roles: - - sane_debian_system - - sshd - - unix_users - - gnome-system + - role: sane_debian_system + - role: self-updating-system + - role: sshd + - role: ssd + - role: comfortable-debian-system - role: intel-wifi - tags: wifi + - role: version-controller + - role: emacs + - role: gnupg-workstation + - role: gnome-system + - role: ansible + - role: vmhost + - role: mail-client + - role: annexed + - role: unix_users +# - role: liw + - role: rust-rustup + - role: riot-host + - role: thinkpad + + tasks: + # Remove ping to force it be reinstalled so that the right + # capabilities are set. + - apt: + name: iputils-ping + state: absent + + - apt: + name: + - ambient-driver + - asciidoctor + - black + - btrfs-progs + - build-essential + - cachedir + - capnproto + - clab + - clang + - daemonize + - debhelper + - expect + - extrautils + - fio + - firmware-misc-nonfree + - fling + - gddrescue + - genisoimage + - gimp + - graphviz + - inkscape + - iputils-ping + - jq + - jt + - libclang-dev + - libdvd-pkg + - librsvg2-bin + - libsqlite3-dev + - libssl-dev + - libvirt-dev + - linux-perf + - liw-automation + - llvm + - lmodern + - nettle-dev + - nfs-common + - obnam + - obnam-benchmark + - openpgp-ca + - ovmf + - pandoc + - pandoc-filter-diagram + - pathdedup + - pavucontrol + - pkg-config + - plantuml + - printer-driver-ptouch + - python3 + - python3-requests + - qemu-user-static + - radicle + - sequoia-chameleon-gnupg + - shellcheck + - sq-liw + - sqlite3 + - sshca + - subplot + - summain + - texlive-fonts-recommended + - texlive-latex-base + - texlive-latex-extra + - texlive-latex-recommended + - texlive-plain-generic + - unicode + - usbutils + - uuid + - validns + - vlc + - vobcopy + - vmdb2 + - xpdf + - zerofree + + + - name: install command line utilities + apt: + name: + - acpi + - ambient-run + - apt-file + - bc + - bind9-host + - cryptsetup + - curl + - debmirror + - dict + - dict-foldoc + - dict-gcide + - dict-jargon + - dict-vera + - dict-wn + - dictd + - dnsutils + - git-annex + - htop + - iftop + - ikiwiki + - info + - jt + - locales-all + - lshw + - lvm2 + - mmv + - moreutils + - mosh + - mtr + - nethogs + - nmap + - num-utils + - oathtool + - parted-doc + - psmisc + - pv + - rsync + - screen + - strace + - time + - tmux + - units + - vim + - w3m + - whois + - yaml-mode + - zip + - yaml-mode + - zip + - zoxide + + - name: configure dict + copy: + content: | + server localhost + dest: /etc/dictd/dict.conf + + - lineinfile: + path: /etc/gdm3/daemon.conf + regexp: WaylandEnable= + line: "# WaylandEnable=false" + + - lineinfile: + path: /etc/default/grub + regexp: GRUB_ENABLE_CRYPTODISK + line: "GRUB_ENABLE_CRYPTODISK=n" + + - lineinfile: + path: /etc/environment + regexp: MOZ_ENABLE_WAYLAND + line: "MOZ_ENABLE_WAYLAND=1" + + - shell: | + flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo + + - shell: | + env DEBIAN_FRONTEND=noninteractive dpkg-reconfigure libdvd-pkg + + - name: "create liw/.radicle/keys" + file: + state: directory + path: /home/liw/.radicle/keys + owner: liw + group: liw + mode: 0755 + + - name: "install radicle private key" + copy: + content: "{{ radicle_key }}" + dest: /home/liw/.radicle/keys/radicle + owner: liw + group: liw + mode: 0600 + + - name: "install radicle public key" + copy: + content: "{{ radicle_pub }}" + dest: /home/liw/.radicle/keys/radicle.pub + owner: liw + group: liw + mode: 0644 + vars: ansible_python_interpreter: /usr/bin/python3 sane_debian_system_version: 2 sane_debian_system_hostname: "{{ inventory_hostname }}" - sane_debian_system_codename: bullseye + sane_debian_system_codename: bookworm sane_debian_system_timezone: Europe/Helsinki sane_debian_system_sources_lists: - repo: | - deb http://deb.debian.org/debian bullseye contrib non-free + deb http://deb.debian.org/debian bookworm contrib non-free non-free-firmware + + - repo: | + deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware + + - repo: | + deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware - repo: | - deb http://security.debian.org/debian-security bullseye-security main contrib non-free + deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware - - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main - signing_key: "{{ ci_prod_signing_key }}" + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" unix_users_version: 2 unix_users: - username: liw comment: Lars Wirzenius - authorized_keys: | - {{ liw_personal_ssh_pub }} + sudo: yes + groups: + - audio + - bluetooth + - cdrom + - dialout + - dip + - floppy + - libvirt + - kvm + - netdev + - plugdev + - scanner + - video + + mailname: "exolobe1.liw.fi" + relayhost: pieni.net:587 + smarthost: pieni.net + smarthost_user: pienirelay + smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" sshd_version: 1 - sshd_host_key: "{{ lookup('pipe', 'sshca host private-key exolobe1') }}" - sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v4 exolobe1') }}" - sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}" rustup_cargo_install: | - starship + cargo-cache \ + pikchr-cli \ + bottom + + radicle_key: "{{ lookup('pipe', 'pass radicle/liw/key') }}" + radicle_pub: "{{ lookup('pipe', 'pass radicle/liw/key.pub') }}" |