- hosts: exolobe1 remote_user: liw become: yes roles: - role: sane_debian_system - role: self-updating-system - role: sshd - role: ssd - role: comfortable-debian-system - role: intel-wifi - role: version-controller - role: emacs - role: gnupg-workstation - role: gnome-system - role: ansible - role: vmhost - role: smarthost-client - role: mail-client - role: annexed - role: unix_users # - role: liw - role: rust-rustup - role: riot-host tasks: # Remove ping to force it be reinstalled so that the right # capabilities are set. - apt: name: iputils-ping state: absent - apt: name: - black - build-essential - cachedir - capnproto - clang - daemonize - debhelper - dh-cargo - expect - extrautils - fio - firmware-misc-nonfree - fling - gddrescue - genisoimage - gimp - graphviz - inkscape - iputils-ping - isync - jq - jt - libclang-dev - libdvd-pkg - librsvg2-bin - libsqlite3-dev - libssl-dev - libvirt-dev - linux-perf - liw-automation - llvm - lmodern - nettle-dev - nfs-common - obnam - obnam-benchmark - openpgp-ca - ovmf - pandoc - pandoc-filter-diagram - pavucontrol - pkg-config - plantuml - printer-driver-ptouch - python3 - python3-requests - qemu-user-static - sequoia-chameleon-gnupg - shellcheck - sq-liw - sqlite3 - sshca - subplot - summain - texlive-fonts-recommended - texlive-latex-base - texlive-latex-extra - texlive-latex-recommended - texlive-plain-generic - unicode - usbutils - uuid - validns - vlc - vobcopy - vmdb2 - xpdf - zerofree - name: install command line utilities apt: name: - acpi - apt-file - bc - bind9-host - cryptsetup - curl - debmirror - dnsutils - git-annex - htop - iftop - ikiwiki - info - jt - locales-all - lshw - lvm2 - mmv - moreutils - mosh - mtr - nethogs - nmap - num-utils - oathtool - parted-doc - psmisc - pv - rsync - screen - strace - time - tmux - units - vim - w3m - whois - yaml-mode - zip - lineinfile: path: /etc/gdm3/daemon.conf regexp: WaylandEnable= line: "# WaylandEnable=false" - lineinfile: path: /etc/default/grub regexp: GRUB_ENABLE_CRYPTODISK line: "GRUB_ENABLE_CRYPTODISK=n" - lineinfile: path: /etc/environment regexp: MOZ_ENABLE_WAYLAND line: "MOZ_ENABLE_WAYLAND=1" - shell: | flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo - shell: | env DEBIAN_FRONTEND=noninteractive dpkg-reconfigure libdvd-pkg vars: ansible_python_interpreter: /usr/bin/python3 sane_debian_system_version: 2 sane_debian_system_hostname: "{{ inventory_hostname }}" sane_debian_system_codename: bookworm sane_debian_system_timezone: Europe/Helsinki sane_debian_system_sources_lists: - repo: | deb http://deb.debian.org/debian bookworm contrib non-free non-free-firmware - repo: | deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware - repo: | deb http://security.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware - repo: | deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware - repo: | deb http://code.liw.fi/debian unstable main signing_key: "{{ code_liw_fi_signing_key }}" - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable main signing_key: "{{ ci_prod_signing_key }}" unix_users_version: 2 unix_users: - username: liw comment: Lars Wirzenius sudo: yes # groups: # - audio # - bluetooth # - cdrom # - dialout # - dip # - floppy # - libvirt # - netdev # - plugdev # - scanner # - video mailname: "{{ sane_debian_system_hostname }}.liw.fi" relayhost: pieni.net:587 smarthost: pieni.net smarthost_user: pienirelay smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}" sshd_version: 1 sshd_host_key: "{{ lookup('pipe', 'sshca host private-key exolobe1') }}" sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v5 exolobe1') }}" sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"