diff options
Diffstat (limited to 'ansible/tursas.yml')
-rw-r--r-- | ansible/tursas.yml | 249 |
1 files changed, 249 insertions, 0 deletions
diff --git a/ansible/tursas.yml b/ansible/tursas.yml new file mode 100644 index 0000000..a95a9dc --- /dev/null +++ b/ansible/tursas.yml @@ -0,0 +1,249 @@ +- hosts: tursas + remote_user: root + become: no + roles: + - role: sane_debian_system + - role: self-updating-system + - role: sshd + - role: ssd + - role: comfortable-debian-system + - role: intel-wifi + - role: gnupg-workstation + - role: gnome-system + - role: mail-client + - role: unix_users + - role: rust-rustup + + tasks: + - name: "remove ping so it can be re-installed with capabilities" + apt: + name: iputils-ping + state: absent + + - name: "install additional software" + apt: + name: + - acpi + - ambient-driver + - ansible + - apt-file + - asciidoctor + - bc + - bind9-host + - black + - cachedir + - clab + - colordiff + - cpu-checker + - curl + - daemonize + - dict + - dict-foldoc + - dict-gcide + - dict-jargon + - dict-vera + - dict-wn + - dictd + - dnsutils + - emacs + - fio + - firmware-sof-signed + - gddrescue + - genisoimage + - git-annex + - gimp + - graphviz + - iftop + - ikiwiki + - info + - iputils-ping + - jq + - jt + - libdvd-pkg + - librsvg2-bin + - liw-automation + - locales-all + - lshw + - memtest86+ + - moreutils + - musl + - musl-dev + - musl-tools + - nfs-common + - nmap + - num-utils + - oathtool + - obnam +# - obnam-benchmark +# - openpgp-ca + - ovmf + - pan + - pandoc + - pandoc-filter-diagram + - pass + - pathdedup + - pavucontrol + - pciutils + - plantuml + - printer-driver-ptouch + - psmisc + - pv + - qemu-user-static + - radicle + - ripgrep + - shellcheck + - sqlite3 + - sshca + - strace + - subplot + - summain + - s-tui + - systemd-zram-generator + - texlive-fonts-recommended + - texlive-latex-extra + - texlive-latex-recommended + - texlive-plain-generic + - tidy + - time + - units + - usbutils + - uuid + - validns + - vim + - virt-manager + - vlc + - vmdb2 + - vobcopy + - w3m + - whois + - xpdf + - yaml-mode + - zerofree + - zip + - zoxide + - zram-tools + + # - expect + # - gimp + # - inkscape + # - linux-perf + # - python3-requests + # - unicode + # - mmv + # - mtr + # - nethogs + # - parted-doc + + - name: "configure zram" + copy: + content: | + ALGO=zstd + PERCENT=50 + dest: /etc/default/zramswap + + - name: configure dict + copy: + content: | + server localhost + dest: /etc/dictd/dict.conf + + - lineinfile: + path: /etc/default/grub + regexp: GRUB_ENABLE_CRYPTODISK + line: "GRUB_ENABLE_CRYPTODISK=n" + + - shell: | + update-grub + + - lineinfile: + path: /etc/environment + regexp: MOZ_ENABLE_WAYLAND + line: "MOZ_ENABLE_WAYLAND=1" + + - shell: | + env DEBIAN_FRONTEND=noninteractive dpkg-reconfigure libdvd-pkg + + # CAREFUL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + # - name: "create liw/.radicle/keys" + # file: + # state: directory + # path: /home/liw/.radicle/keys + # owner: liw + # group: liw + # mode: 0755 + + # - name: "install radicle private key" + # copy: + # content: "{{ radicle_key }}" + # dest: /home/liw/.radicle/keys/radicle + # owner: liw + # group: liw + # mode: 0600 + + # - name: "install radicle public key" + # copy: + # content: "{{ radicle_pub }}" + # dest: /home/liw/.radicle/keys/radicle.pub + # owner: liw + # group: liw + # mode: 0644 + + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: "{{ inventory_hostname }}" + sane_debian_system_codename: bookworm + sane_debian_system_timezone: Europe/Helsinki + sane_debian_system_sources_lists: + - repo: | + deb http://deb.debian.org/debian bookworm contrib non-free non-free-firmware + + - repo: | + deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware + + - repo: | + deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware + + - repo: | + deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware + + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + groups: + - audio + - bluetooth + - cdrom + - dialout + - dip + - floppy + - kvm + - netdev + - plugdev + - scanner + - video + + mailname: "tursas.liw.fi" + relayhost: pieni.net:587 + smarthost: pieni.net + smarthost_user: pienirelay + smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" + + sshd_version: 1 + + rustup_cargo_install: | + cargo-cache \ + cargo-deny \ + cargo-outdated \ + cargo-semver-checks \ + pikchr-cli \ + bottom + + # CAREFUL!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + # radicle_key: "{{ lookup('pipe', 'pass radicle/liw/key') }}" + # radicle_pub: "{{ lookup('pipe', 'pass radicle/liw/key.pub') }}" |