- hosts: exolobe5 remote_user: root roles: - sane_debian_system - ssd - comfortable-debian-system - self-updating-system - vmhost-minimal - unix_users - smarthost-client tasks: - apt: name: - jq - vmadm - python3-lxml - systemd-timesyncd - ifupdown - bridge-utils - apt: name: ntp state: absent purge: yes - file: path: /etc/systemd/network/external.network state: absent - copy: content: | auto lo iface lo inet loopback dest: /etc/network/interfaces.d/lo - copy: content: | iface eth0 inet manual auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_hw eth0 up ip route delete 10.1.1.1 dev eth0 up ip route delete 10.1.1.0/24 dev eth0 up ip route delete default via 10.1.1.1 dev eth0 dest: /etc/network/interfaces.d/br0 - name: "set permission of /mnt/vms" file: path: /mnt/vms owner: root group: libvirt mode: 0775 - name: "clone ansibleness to ~liw" git: repo: git://git.liw.fi/ansibleness dest: /home/liw/ansibleness - name: "clone liw-dot-files to ~liw" git: repo: git://git.liw.fi/liw-dot-files dest: /home/liw/liw-dot-files - name: "set ownership of everything in ~liw/ansibleness and liw-dot-files" args: warn: false shell: | chown -R liw:liw /home/liw/ansibleness /home/liw/liw-dot-files - name: "configure liw dot files" shell: | sudo -u liw -i bash -c "pwd && ./liw-dot-files/make-symlinks" sudo -u liw -i bash -c "ln -nsf liw-dot-files/gitconfig-exolobe1 .gitconfig" - name: "create ~liw/base-images" file: state: directory path: /home/liw/base-images owner: liw group: liw mode: 0755 - name: "create ~liw/vm" file: state: directory path: /home/liw/vm owner: liw group: liw mode: 0755 - name: "fetch cloud images" get_url: url: "{{ item.url }}" dest: "/home/liw/base-images/{{ item.file }}" owner: liw group: liw mode: 0644 with_items: - url: https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 file: bullseye.qcow2 - url: https://cloud.debian.org/images/cloud/OpenStack/current-10/debian-10-openstack-amd64.qcow2 file: buster.qcow2 - name: "create ~liw/.ssh" file: state: directory path: /home/liw/.ssh owner: liw group: liw mode: 0755 - name: install SSH public key for liw copy: content: "{{ liw_personal_ssh_pub }}" dest: /home/liw/.ssh/id_personal.pub owner: liw group: liw mode: 0644 - name: "install SSH CA key" copy: content: "{{ lookup('pipe', 'pass show sshca/vmadm-v1') }}" dest: /home/liw/.ssh/vmadm owner: liw group: liw mode: 0600 - name: "ensure SSH CA key file ends in a newline" shell: | if [ "$(tail -n1 /home/liw/.ssh/vmadm | wc -l)" = 0 ] then echo >> /home/liw/.ssh/vmadm fi - name: "create ~liw/.config/vmadm" file: state: directory path: /home/liw/.config/vmadm owner: liw group: liw mode: 0755 - name: "configure vmadm" copy: src: vmadm.yaml dest: /home/liw/.config/vmadm/config.yaml owner: liw group: liw mode: 0644 - name: "enable libvirt 'default' network" virt_net: name: default autostart: yes state: active vars: ansible_python_interpreter: /usr/bin/python3 sane_debian_system_version: 2 sane_debian_system_hostname: exolobe5 sane_debian_system_codename: bullseye sane_debian_system_sources_lists: - repo: | deb http://security.debian.org/debian-security buster/updates main contrib non-free - repo: | deb http://deb.debian.org/debian buster contrib non-free - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" unix_users_version: 2 unix_users: - username: liw comment: Lars Wirzenius sudo: yes groups: - libvirt authorized_keys: | {{ liw_personal_ssh_pub }} - username: root authorized_keys: | {{ liw_personal_ssh_pub }} mailname: "{{ sane_debian_system_hostname }}.liw.fi" relayhost: pieni.net:587 smarthost: pieni.net smarthost_user: pienirelay smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"