11 files changed, 135 insertions, 43 deletions

diff --git a/v-i/exolobe1-spec.yaml b/v-i/exolobe1-spec.yaml
index b063753..6dde289 100644
--- a/v-i/exolobe1-spec.yaml
+++ b/v-i/exolobe1-spec.yaml
@@ -1,19 +1,6 @@
 hostname: exolobe1
 drive: /dev/sda
-extra_lvs:
-  - name: home
-    size: 300G
-    mounted: /home
+ansible_vars_files:
+  - hostid.yml
 ansible_vars:
-  host_key: |
-    -----BEGIN OPENSSH PRIVATE KEY-----
-    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-    QyNTUxOQAAACDrR+77pLmmtG2oAtcaot5ZIgU7FriMoDSCejG33dsfjgAAAIietrwbnra8
-    GwAAAAtzc2gtZWQyNTUxOQAAACDrR+77pLmmtG2oAtcaot5ZIgU7FriMoDSCejG33dsfjg
-    AAAEAugoV1wqYMsAYSW1su3W3WyWh4ZIWNbvDIkphOGOS0eetH7vukuaa0bagC1xqi3lki
-    BTsWuIygNIJ6Mbfd2x+OAAAAAAECAwQF
-    -----END OPENSSH PRIVATE KEY-----
-  host_cert: |
-    ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIBP8EBgXCPNnMmQyA/yi1TR7gvC/x4nuy07Rerr5YiZEAAAAIOtH7vukuaa0bagC1xqi3lkiBTsWuIygNIJ6Mbfd2x+OAAAAAAAAAAAAAAACAAAAJGhvc3QgY2VydGlmaWNhdGUgZm9yIC1uZXhvbG9iZTEgb25seQAAAAwAAAAIZXhvbG9iZTEAAAAAYv80eAAAAABi/0LWAAAAAAAAAAAAAAAAAAAASgAAABpzay1zc2gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACDeJ1TbK+3I9g06kkVHB3IeEWOikNT4BAd1S0NFgwfjNwAAAARzc2g6AAAAZwAAABpzay1zc2gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAAECkEfhBJWCzRnqDZb3XnrBJNOb41pwpKtC3u4fKodkUjjag3+Sp0myTVexUaTAOGF0OSrrk/j0YdZIeArWTaroDAQAAAsw= /tmp/.tmpximUbQ/sub.pub
-  user_pub: |
-   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+  passwordless_root: true
diff --git a/v-i/hostid.py b/v-i/hostid.py
new file mode 100755
index 0000000..d87d3a6
--- /dev/null
+++ b/v-i/hostid.py
@@ -0,0 +1,73 @@
+#!/usr/bin/python3
+
+import argparse
+import yaml
+import sys
+from subprocess import run, PIPE
+
+
+DEFAULT_HOST_CA = "liw.fi/ca/host/v5"
+DEFAULT_USER_CA = "liw.fi/ca/user/v5"
+
+
+class HostId:
+    def __init__(self):
+        self.user_ca_pubkey = None
+        self.host_key = None
+        self.host_cert = None
+
+    def set_user_ca_pubkey(self, value):
+        self.user_ca_pubkey = value
+
+    def set_host_key(self, value):
+        self.host_key = value
+
+    def set_host_cert(self, value):
+        self.host_cert = value
+
+    def to_dict(self):
+        return {
+            "user_ca_pubkey": self.user_ca_pubkey,
+            "host_key": self.host_key,
+            "host_cert": self.host_cert,
+        }
+
+
+def sshca(args):
+    p = run(["sshca"] + args, capture_output=True, check=True)
+    return p.stdout.decode().strip()
+
+
+def user_ca_pubkey(ca_name):
+    return sshca(["ca", "public-key", ca_name]).strip()
+
+
+def host_key(hostname):
+    sshca(["host", "regenerate", hostname])
+    return sshca(["host", "private-key", hostname]).strip()
+
+
+def host_cert(ca_name, hostname):
+    return sshca(["host", "certify", "--ca", ca_name, hostname]).strip()
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument("--hostname", required=True)
+    parser.add_argument("--host-ca", default=DEFAULT_HOST_CA)
+    parser.add_argument("--user-ca", default=DEFAULT_USER_CA)
+    values = parser.parse_args()
+
+    hostname = values.hostname
+    host_ca = values.host_ca
+    user_ca = values.user_ca
+
+    hostid = HostId()
+    hostid.set_user_ca_pubkey(user_ca_pubkey(user_ca))
+    hostid.set_host_key(host_key(hostname))
+    hostid.set_host_cert(host_cert(host_ca, hostname))
+    yaml.safe_dump(hostid.to_dict(), stream=sys.stdout, indent=4)
+
+
+if __name__ == "__main__":
+    main()
diff --git a/v-i/kea-spec.yaml b/v-i/kea-spec.yaml
index 5b82490..9fee708 100644
--- a/v-i/kea-spec.yaml
+++ b/v-i/kea-spec.yaml
@@ -1,6 +1,6 @@
 hostname: kea
-luks: asdf
 drive: /dev/sda
+ansible_vars_files:
+  - hostid.yml
 ansible_vars:
-  user_pub: |
-   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+  passwordless_root: true
diff --git a/v-i/qotom-spec.yaml b/v-i/qotom-spec.yaml
index 23e722b..7f593d0 100644
--- a/v-i/qotom-spec.yaml
+++ b/v-i/qotom-spec.yaml
@@ -1,15 +1,8 @@
 hostname: qotom
 drive: /dev/sda
+extra_playbooks:
+  - puomi-playbook.yml
+ansible_vars_files:
+  - hostid.yml
 ansible_vars:
-  host_key: |
-    -----BEGIN OPENSSH PRIVATE KEY-----
-    b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-    QyNTUxOQAAACBb1EpgwZ1snHx38tQIWjg5O/cnpVWipTZpGcWQHtcmjwAAAIjOAeqazgHq
-    mgAAAAtzc2gtZWQyNTUxOQAAACBb1EpgwZ1snHx38tQIWjg5O/cnpVWipTZpGcWQHtcmjw
-    AAAEBhCtpBXjQkLAgy7exucw1mx8BvwkmxQq3fy6CxaoMRtlvUSmDBnWycfHfy1AhaODk7
-    9yelVaKlNmkZxZAe1yaPAAAAAAECAwQF
-    -----END OPENSSH PRIVATE KEY-----
-  host_cert: |
-    ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIAkqeged+VrqZU6pZk12HGRHwth898vCWDtgjETR7WPdAAAAIFvUSmDBnWycfHfy1AhaODk79yelVaKlNmkZxZAe1yaPAAAAAAAAAAAAAAACAAAAIWhvc3QgY2VydGlmaWNhdGUgZm9yIC1ucW90b20gb25seQAAAAkAAAAFcW90b20AAAAAYwDyuAAAAABjAQE0AAAAAAAAAAAAAAAAAAAASgAAABpzay1zc2gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACDeJ1TbK+3I9g06kkVHB3IeEWOikNT4BAd1S0NFgwfjNwAAAARzc2g6AAAAZwAAABpzay1zc2gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAAEAvJcz09YMhOI7yLJCw47zoQ74q4ye4nMQ0yZ1T5SDSiSzkHYjtdth6VM82CyOOyprpRkQIC7cZil973Llk7vwKAQAAA10= /tmp/.tmpYrs8LV/sub.pub
-  user_pub: |
-   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+      passwordless_root: true
diff --git a/v-i/solace-spec.yaml b/v-i/solace-spec.yaml
index e518e73..925c5d4 100644
--- a/v-i/solace-spec.yaml
+++ b/v-i/solace-spec.yaml
@@ -1,6 +1,8 @@
 hostname: solace
-luks: asdf
 drive: /dev/nvme0n1
-ansible_vars:
-  user_pub: |
-   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+extra_lvs:
+  - name: home
+    size: 300G
+    mounted: /home
+ansible_vars_files:
+  - hostid.yml
diff --git a/v-i/stamina-spec.yaml b/v-i/stamina-spec.yaml
index 3eb2cf6..6a9aede 100644
--- a/v-i/stamina-spec.yaml
+++ b/v-i/stamina-spec.yaml
@@ -6,6 +6,5 @@ extra_lvs:
   - name: vms
     size: 500G
     mounted: /mnt/vms
-ansible_vars:
-  user_pub: |
-   ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+ansible_vars_files:
+  - hostid.yml
diff --git a/v-i/tursas-playbook.yml b/v-i/tursas-playbook.yml
new file mode 100644
index 0000000..bfec369
--- /dev/null
+++ b/v-i/tursas-playbook.yml
@@ -0,0 +1,6 @@
+- hosts: image
+  tasks:
+    - lineinfile:
+        path: /etc/systemd/network/external.network
+        regex: "^Name=eth"
+        line: "Name=eth?"
diff --git a/v-i/tursas-spec.yaml b/v-i/tursas-spec.yaml
new file mode 100644
index 0000000..c764796
--- /dev/null
+++ b/v-i/tursas-spec.yaml
@@ -0,0 +1,13 @@
+hostname: tursas
+# luks: asdf
+drive: /dev/nvme0n1
+extra_lvs:
+  - name: home
+    size: 10G
+    mounted: /home
+ansible_vars:
+  passwordless_root: true
+ansible_vars_files:
+  - hostid.yml
+extra_playbooks:
+  - tursas-playbook.yml
diff --git a/v-i/upliw-spec.yaml b/v-i/upliw-spec.yaml
new file mode 100644
index 0000000..aead751
--- /dev/null
+++ b/v-i/upliw-spec.yaml
@@ -0,0 +1,9 @@
+hostname: upliw0
+luks: asdf
+drive: /dev/nvme0n1
+extra_lvs:
+  - name: home
+    size: 100G
+    mounted: /home
+ansible_vars_files:
+  - hostid.yml
diff --git a/v-i/x220-puomi-spec.yaml b/v-i/x220-puomi-spec.yaml
new file mode 100644
index 0000000..98d32fb
--- /dev/null
+++ b/v-i/x220-puomi-spec.yaml
@@ -0,0 +1,8 @@
+hostname: x220
+drive: /dev/sda
+extra_playbooks:
+  - puomi-playbook.yml
+ansible_vars_files:
+  - hostid.yml
+ansible_vars:
+      passwordless_root: true
diff --git a/v-i/x220-spec.yaml b/v-i/x220-spec.yaml
index 3ef3296..1dfb393 100644
--- a/v-i/x220-spec.yaml
+++ b/v-i/x220-spec.yaml
@@ -1,8 +1,10 @@
 hostname: x220
-luks: asdf
-drive: /dev/sdb
-ansible_vars:
-  user_ca_pubkey: |
-    sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAnrswi6ZNElxSgt6ak5hjSNIkVte11ht7BG3qpBJU4hAAAABHNzaDo= 
+drive: /dev/sda
+extra_lvs:
+  - name: home
+    size: 20G
+    mounted: /home
 ansible_vars_files:
   - hostid.yml
+ansible_vars:
+      passwordless_root: true