From 0461f36853595f5500cd203ba61bfbdbed6ad239 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 24 Mar 2024 08:11:39 +0200
Subject: kea updates for Puomi testing

---
 ansible/kea.yml | 69 +++++++++++++--------------------------------------------
 1 file changed, 15 insertions(+), 54 deletions(-)

(limited to 'ansible')

diff --git a/ansible/kea.yml b/ansible/kea.yml
index 8841b9b..b21f6be 100644
--- a/ansible/kea.yml
+++ b/ansible/kea.yml
@@ -3,74 +3,35 @@
   become: no
   roles:
     - role: sane_debian_system
-      tags: [sane]
     - comfortable-debian-system
-    - gnome-system
-    - mail-client
     - intel-wifi
-    - self-updating-system
     - ssd
+    - sshd
     - unix_users
-  tasks:
-    - lineinfile:
-        path: /etc/gdm3/daemon.conf
-        regex: WaylandEnable
-        line: WaylandEnable=false
-    - apt:
-        name:
-          - flatpak
-          - gnome-software-plugin-flatpak
-          - cups
-          - nfs-common
-          - ufw
-    - apt:
-        deb: https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
-    - shell:
-         flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
-    - ufw:
-        state: enabled
-        policy: deny
-    - ufw:
-        port: ssh
-        rule: allow
+    - puomi
   vars:
     ansible_python_interpreter: /usr/bin/python3
 
     sane_debian_system_version: 2
-    sane_debian_system_hostname: kea
-    sane_debian_system_codename: bullseye
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bookworm
     sane_debian_system_timezone: Europe/Helsinki
     sane_debian_system_sources_lists:
       - repo: |
-          deb http://deb.debian.org/debian bullseye contrib non-free
+          deb http://deb.debian.org/debian bookworm contrib non-free
 
       - repo: |
-          deb-src http://deb.debian.org/debian bullseye main contrib non-free
-
-      - repo: |
-          deb http://security.debian.org/debian-security bullseye-security main contrib non-free
+          deb http://security.debian.org/debian-security bookworm-security main contrib non-free
 
     unix_users_version: 2
     unix_users:
-      - username: soile
-        comment: Soile Mottisenkangas
-        groups:
-          - audio
-          - bluetooth
-          - cdrom
-          - dialout
-          - dip
-          - floppy
-          - netdev
-          - plugdev
-          - scanner
-          - video
-        authorized_keys: |
-          {{ liw_personal_ssh_pub }}
+      - username: liw
+        comment: Lars Wirzenius
+
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key kea') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 kea') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
 
-    mailname: kea.liw.fi
-    hostname: "{{ sane_debian_system_hostname }}"
-    relayhost: pieni.net:587
-    smarthost: pieni.net
-    smarthost_user: pienirelay
-    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
+    puomi_version: 1
+    puomi_lan_ip: 10.2.0.1
-- 
cgit v1.2.1