diff options
Diffstat (limited to 'ansible/stamina.yml')
-rw-r--r-- | ansible/stamina.yml | 91 |
1 files changed, 52 insertions, 39 deletions
diff --git a/ansible/stamina.yml b/ansible/stamina.yml index f2c0a30..713bef1 100644 --- a/ansible/stamina.yml +++ b/ansible/stamina.yml @@ -8,7 +8,7 @@ - self-updating-system - vmhost-minimal - unix_users - - smarthost-client + - mail-client tasks: - apt: name: @@ -19,6 +19,7 @@ - ifupdown - bridge-utils - moreutils + - genisoimage - apt: name: ntp state: absent @@ -50,6 +51,13 @@ owner: root group: libvirt mode: 0775 + - name: "remove git reps from ~liw" + file: + path: "{{ item }}" + state: absent + with_items: + - /home/liw/ansibleness + - /home/liw/liw-dot-files - name: "clone ansibleness to ~liw" git: repo: git://git.liw.fi/ansibleness @@ -59,16 +67,36 @@ repo: git://git.liw.fi/liw-dot-files dest: /home/liw/liw-dot-files - name: "set ownership of everything in ~liw/ansibleness and liw-dot-files" - args: - warn: false shell: | chown -R liw:liw /home/liw/ansibleness /home/liw/liw-dot-files - name: "configure liw dot files" - args: - warn: false shell: | sudo -u liw -i bash -c "pwd && ./liw-dot-files/make-symlinks" sudo -u liw -i bash -c "ln -nsf liw-dot-files/gitconfig-exolobe1 .gitconfig" + - name: "remove vmadm config" + file: + state: absent + path: /home/liw/.config/vmadm/config.yaml + - name: "install vmadm config" + copy: + content: | + image_directory: /mnt/vms + default_autostart: true + default_base_image: ~/base-images/bookworm-vm.qcow2 + default_cpus: 4 + default_generate_host_certificate: true + default_image_gib: 100 + default_memory_mib: 8192 + default_networks: + - bridge=br0 + authorized_keys: + - ~/.ssh/id_personal.pub + ca_key: ~/.ssh/vmadm + user_ca_pubkey: ~/.ssh/userca.pub + dest: /home/liw/.config/vmadm/config.yaml + owner: liw + group: liw + mode: 0644 - name: "create ~liw/base-images" file: state: directory @@ -83,18 +111,6 @@ owner: liw group: liw mode: 0755 - # - name: "fetch cloud images" - # get_url: - # url: "{{ item.url }}" - # dest: "/home/liw/base-images/{{ item.file }}" - # owner: liw - # group: liw - # mode: 0644 - # with_items: - # - url: https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 - # file: bullseye.qcow2 - # - url: https://cloud.debian.org/images/cloud/OpenStack/current-10/debian-10-openstack-amd64.qcow2 - # file: buster.qcow2 - name: "create ~liw/.ssh" file: state: directory @@ -122,20 +138,19 @@ then echo >> /home/liw/.ssh/vmadm fi - # - name: "create ~liw/.config/vmadm" - # file: - # state: directory - # path: /home/liw/.config/vmadm - # owner: liw - # group: liw - # mode: 0755 - # - name: "configure vmadm" - # copy: - # src: vmadm.yaml - # dest: /home/liw/.config/vmadm/config.yaml - # owner: liw - # group: liw - # mode: 0644 + - name: "install SSH user CA key" + copy: + content: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" + dest: /home/liw/.ssh/userca.pub + owner: liw + group: liw + mode: 0644 + - name: "ensure SSH user CA key file ends in a newline" + shell: | + if [ "$(tail -n1 /home/liw/.ssh/userca.pub | wc -l)" = 0 ] + then + echo >> /home/liw/.ssh/userca.pub + fi - name: "enable libvirt 'default' network" virt_net: name: default @@ -146,16 +161,16 @@ sane_debian_system_version: 2 sane_debian_system_hostname: "{{ inventory_hostname}}" - sane_debian_system_codename: bullseye + sane_debian_system_codename: bookworm sane_debian_system_sources_lists: - repo: | - deb http://security.debian.org/debian-security buster/updates main contrib non-free + deb http://deb.debian.org/debian bookworm contrib non-free - repo: | - deb http://deb.debian.org/debian buster contrib non-free + deb http://security.debian.org/debian-security bookworm-security main contrib non-free - - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main - signing_key: "{{ ci_prod_signing_key }}" + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" unix_users_version: 2 unix_users: @@ -164,6 +179,7 @@ sudo: yes groups: - libvirt + - kvm authorized_keys: | {{ liw_personal_ssh_pub }} - username: root @@ -177,6 +193,3 @@ smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" sshd_version: 1 - sshd_host_key: "{{ lookup('pipe', 'sshca host private-key stamina') }}" - sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v4 stamina') }}" - sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}" |