From b7945407581b0e37d0f9a53352dea230989b1e78 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Mon, 11 Jul 2022 14:39:49 +0300
Subject: stamina: add

Sponsored-by: author
---
 ansible/stamina.yml | 175 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 175 insertions(+)
 create mode 100644 ansible/stamina.yml

(limited to 'ansible/stamina.yml')

diff --git a/ansible/stamina.yml b/ansible/stamina.yml
new file mode 100644
index 0000000..024ad39
--- /dev/null
+++ b/ansible/stamina.yml
@@ -0,0 +1,175 @@
+- hosts: stamina
+  remote_user: root
+  roles:
+    - sane_debian_system
+    - ssd
+    - comfortable-debian-system
+    - self-updating-system
+    - vmhost-minimal
+    - unix_users
+    - smarthost-client
+  tasks:
+    - apt:
+        name:
+          - jq
+          - vmadm
+          - python3-lxml
+          - systemd-timesyncd
+          - ifupdown
+          - bridge-utils
+    - apt:
+        name: ntp
+        state: absent
+        purge: yes
+    - file:
+        path: /etc/systemd/network/external.network
+        state: absent
+    - copy:
+        content: |
+          auto lo
+          iface lo inet loopback
+        dest: /etc/network/interfaces.d/lo
+    - copy:
+        content: |
+          auto eth0
+          iface eth0 inet manual
+
+          #set up bridge and give it a static ip
+          auto br0
+          iface br0 inet dhcp
+                  bridge_ports eth0
+                  bridge_stp off
+                  bridge_fd 0
+                  bridge_maxwait 0
+        dest: /etc/network/interfaces.d/br0
+    - name: "set permission of /mnt/vms"
+      file:
+        path: /mnt/vms
+        owner: root
+        group: libvirt
+        mode: 0775
+    - name: "clone ansibleness to ~liw"
+      git:
+        repo: git://git.liw.fi/ansibleness
+        dest: /home/liw/ansibleness
+    - name: "clone liw-dot-files to ~liw"
+      git:
+        repo: git://git.liw.fi/liw-dot-files
+        dest: /home/liw/liw-dot-files
+    - name: "set ownership of everything in ~liw/ansibleness and liw-dot-files"
+      args:
+        warn: false
+      shell: |
+        chown -R liw:liw /home/liw/ansibleness /home/liw/liw-dot-files
+    - name: "configure liw dot files"
+      args:
+        warn: false
+      shell: |
+        sudo -u liw -i bash -c "pwd &&  ./liw-dot-files/make-symlinks"
+        sudo -u liw -i bash -c "ln -nsf liw-dot-files/gitconfig-exolobe1 .gitconfig"
+    - name: "create ~liw/base-images"
+      file:
+        state: directory
+        path: /home/liw/base-images
+        owner: liw
+        group: liw
+        mode: 0755
+    - name: "create ~liw/vm"
+      file:
+        state: directory
+        path: /home/liw/vm
+        owner: liw
+        group: liw
+        mode: 0755
+    # - name: "fetch cloud images"
+    #   get_url:
+    #     url: "{{ item.url }}"
+    #     dest: "/home/liw/base-images/{{ item.file }}"
+    #     owner: liw
+    #     group: liw
+    #     mode: 0644
+    #   with_items:
+    #     - url: https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2
+    #       file: bullseye.qcow2
+    #     - url: https://cloud.debian.org/images/cloud/OpenStack/current-10/debian-10-openstack-amd64.qcow2
+    #       file: buster.qcow2
+    - name: "create ~liw/.ssh"
+      file:
+        state: directory
+        path: /home/liw/.ssh
+        owner: liw
+        group: liw
+        mode: 0755
+    - name: install SSH public key for liw
+      copy:
+        content: "{{ liw_personal_ssh_pub }}"
+        dest: /home/liw/.ssh/id_personal.pub
+        owner: liw
+        group: liw
+        mode: 0644
+    - name: "install SSH CA key"
+      copy:
+        content: "{{ lookup('pipe', 'pass show sshca/vmadm-v1') }}"
+        dest: /home/liw/.ssh/vmadm
+        owner: liw
+        group: liw
+        mode: 0600
+    - name: "ensure SSH CA key file ends in a newline"
+      shell: |
+        if [ "$(tail -n1 /home/liw/.ssh/vmadm | wc -l)" = 0 ]
+        then
+            echo >> /home/liw/.ssh/vmadm
+        fi
+    # - name: "create ~liw/.config/vmadm"
+    #   file:
+    #     state: directory
+    #     path: /home/liw/.config/vmadm
+    #     owner: liw
+    #     group: liw
+    #     mode: 0755
+    # - name: "configure vmadm"
+    #   copy:
+    #     src: vmadm.yaml
+    #     dest: /home/liw/.config/vmadm/config.yaml
+    #     owner: liw
+    #     group: liw
+    #     mode: 0644
+    - name: "enable libvirt 'default' network"
+      virt_net:
+        name: default
+        autostart: yes
+        state: active
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname}}"
+    sane_debian_system_codename: bullseye
+    sane_debian_system_sources_lists:
+      - repo: |
+          deb http://security.debian.org/debian-security buster/updates main contrib non-free
+
+      - repo: |
+          deb http://deb.debian.org/debian buster contrib non-free
+
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+        sudo: yes
+        groups:
+          - libvirt
+        authorized_keys: |
+          {{ liw_personal_ssh_pub }}
+      - username: root
+        authorized_keys: |
+          {{ liw_personal_ssh_pub }}
+
+    mailname: "{{ sane_debian_system_hostname }}.liw.fi"
+    relayhost: pieni.net:587
+    smarthost: pieni.net
+    smarthost_user: pienirelay
+    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
-- 
cgit v1.2.1