# As long as this is based on bullseye, reboot VM after running the
# playbook.

- hosts: holywood2
  remote_user: root
  roles:
    - sane_debian_system
    - sshd
    - ssd
    - comfortable-debian-system
    - version-controller
    - unix_users
    - apache_server
    - role: holywood2
      tags: holywood2
    - mail-client
    - self-updating-system
  tasks:
    - cron:
        name: "scrub file systems"
        special_time: weekly
        job: "find /mnt/*/* -type f -exec cat '{}' ';' > /dev/null"
  vars:
    ansible_python_interpreter: /usr/bin/python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: "{{ inventory_hostname }}"
    sane_debian_system_codename: bullseye
    sane_debian_system_mirror: deb.debian.org
    sane_debian_system_sources_lists:
      - repo: deb http://deb.debian.org/debian bullseye main contrib non-free

      - repo: deb http://apt.liw.fi/debian unstable main
        signing_key: "{{ apt_liw_fi_signing_key }}"

    unix_users_version: 2
    unix_users:
      - username: liw
        comment: Lars Wirzenius
        sudo: yes
        authorized_keys: |
          {{ liw_personal_ssh_pub }}
      - username: root
        ssh_key: "{{ lookup('pipe', 'pass show root_at_holywood2_ssh_key') }}"
        ssh_key_pub: "{{ root_at_holywood2_ssh_key_pub }}"
        authorized_keys: |
          {{ liw_personal_ssh_pub }}

    mailname: "{{ sane_debian_system_hostname }}.liw.fi"
    relayhost: pieni.net:587
    smarthost: pieni.net
    smarthost_user: pienirelay
    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"

    letsencrypt: no

    sshd_version: 1