From 386ac0306caab2ee1f9aed4aee108799a7697b6d Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 4 Sep 2022 15:13:06 +0300
Subject: x220: make it into a Puomi router

Sponsored-by: author
---
 ansible/x220.yml | 173 +++++--------------------------------------------------
 1 file changed, 16 insertions(+), 157 deletions(-)

diff --git a/ansible/x220.yml b/ansible/x220.yml
index c5ae1eb..7899f59 100644
--- a/ansible/x220.yml
+++ b/ansible/x220.yml
@@ -2,175 +2,34 @@
   remote_user: root
   roles:
     - role: sane_debian_system
+    - role: sshd
     - role: ssd
-    - role: comfortable-debian-system
-    - role: chaoskey-host
-    - role: intel-wifi
-    - role: version-controller
-    - role: emacs
-    - role: gnupg-workstation
-    - role: gnome-system
-    - role: ansible
     - role: unix_users
     - role: thinkpad
-  tasks:
-    - apt:
-        name:
-          - ssh
-          - build-essential
-          - hugo
-
-    - name: install command line utilities
-      apt:
-        name:
-        - locales-all
-        - psmisc
-        - mosh
-        - rsync
-        - vim
-        - screen
-        - tmux
-        - strace
-        - gddrescue
-        - pv
-        - moreutils
-        - bind9-host
-        - dnsutils
-        - lshw
-        - curl
-    #    - extrautils
-    #    - liw-automation
-    #    - copyright-statement-lint
-        - bc
-        - yaml-mode
-        - ikiwiki
-        - taskwarrior
-        - zip
-    #    - cachedir
-        - debmirror
-        - git-annex
-        - iftop
-        - info
-    #    - jt
-        - kpartx
-        - lftp
-        - mediainfo
-        - mmv
-        - mtr
-        - num-utils
-        - parted-doc
-        - trickle
-        - units
-        - w3m
-        - youtube-dl
-        - signing-party
-        - sshfs
-        - dict
-        - dictd
-        - dict-foldoc
-        - dict-gcide
-        - dict-jargon
-        - dict-vera
-        - dict-wn
-        - gnuplot
-        - acpi
-        - nmap
-        - nethogs
-        - time
-        - restic
-        - apt-file
-        - whois
-        - oathtool
-        - htop
-        - smartmontools
-        - bonnie++
-        - mdadm
-        - hddtemp
-        - parted
-        - lvm2
-        - cryptsetup
-
-    - name: configure dict
-      copy:
-        content: |
-          server localhost
-        dest: /etc/dictd/dict.conf
-
-    - lineinfile:
-        path: /etc/xdg/autostart/gnome-keyring-ssh.desktop
-        line: Hidden=true
-
-    - lineinfile:
-        path: /etc/X11/Xsession.options
-        line: use-ssh-agent
-        state: absent
-
-    - file:
-        state: directory
-        path: /home/liw/.config/autostart
-        owner: liw
-        group: liw
-
-    - copy:
-        content: |
-          [Desktop Entry]
-          Type=Application
-          Name=gpg-agent
-          Comment=gpg-agent
-          Exec=/usr/bin/gpg-agent --daemon
-          OnlyShowIn=GNOME;Unity;MATE;
-          X-GNOME-Autostart-Phase=PreDisplayServer
-          X-GNOME-AutoRestart=false
-          X-GNOME-Autostart-Notify=true
-          X-GNOME-Bugzilla-Bugzilla=GNOME
-          X-GNOME-Bugzilla-Product=gnome-keyring
-          X-GNOME-Bugzilla-Component=general
-          X-GNOME-Bugzilla-Version=3.20.0
-        dest: /home/liw/.config/autostart/gpg-agent.desktop
-        owner: liw
-        group: liw
-
+    - role: puomi
   vars:
     ansible_python_interpreter: /usr/bin/python3
 
     sane_debian_system_version: 2
-    sane_debian_system_hostname: x220
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
     sane_debian_system_codename: bullseye
     sane_debian_system_timezone: Europe/Helsinki
-    sane_debian_system_sources_lists:
-      - repo: |
-          deb http://deb.debian.org/debian bullseye contrib non-free
-
-      - repo: |
-          deb-src http://deb.debian.org/debian bullseye main contrib non-free
-
-      - repo: |
-          deb http://security.debian.org/debian-security bullseye-security main contrib non-free
-
-      - repo: |
-          deb http://code.liw.fi/debian unstable main
-        signing_key: "{{ code_liw_fi_signing_key }}"
-
-      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
-        signing_key: "{{ ci_prod_signing_key }}"
-
-      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable main
-        signing_key: "{{ ci_prod_signing_key }}"
 
     unix_users_version: 2
     unix_users:
       - username: liw
         comment: Lars Wirzenius
-        sudo: yes
-        groups:
-          - dialout
-        authorized_keys: |
-          {{ liw_personal_ssh_pub }}
-
-    mailname: exolobe1.liw.fi
 
-    hostname: "{{ sane_debian_system_hostname }}"
-    relayhost: pieni.net:587
-    smarthost: pieni.net
-    smarthost_user: pienirelay
-    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key x220') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v4 x220') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}"
+
+    puomi_lan_ip: 10.3.3.1
+    puomi_dhcp_start: 10.3.3.10
+    puomi_dhcp_end: 10.3.3.250
+    puomi_dhcp_netmask: 255.255.255.0
+    puomi_dhcp_lease: 1h
+    puomi_essid: Valkama3
+    puomi_wifi_country_code: FI
+    puomi_wifi_passphrase: Oomam2ah
-- 
cgit v1.2.1