- hosts: stamina remote_user: root roles: - sane_debian_system - ssd - comfortable-debian-system - self-updating-system - vmhost-minimal - unix_users - smarthost-client tasks: - apt: name: - jq - vmadm - python3-lxml - systemd-timesyncd - ifupdown - bridge-utils - apt: name: ntp state: absent purge: yes - file: path: /etc/systemd/network/external.network state: absent - copy: content: | auto lo iface lo inet loopback dest: /etc/network/interfaces.d/lo - copy: content: | auto eth0 iface eth0 inet manual #set up bridge and give it a static ip auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0 dest: /etc/network/interfaces.d/br0 - name: "set permission of /mnt/vms" file: path: /mnt/vms owner: root group: libvirt mode: 0775 - name: "clone ansibleness to ~liw" git: repo: git://git.liw.fi/ansibleness dest: /home/liw/ansibleness - name: "clone liw-dot-files to ~liw" git: repo: git://git.liw.fi/liw-dot-files dest: /home/liw/liw-dot-files - name: "set ownership of everything in ~liw/ansibleness and liw-dot-files" args: warn: false shell: | chown -R liw:liw /home/liw/ansibleness /home/liw/liw-dot-files - name: "configure liw dot files" args: warn: false shell: | sudo -u liw -i bash -c "pwd && ./liw-dot-files/make-symlinks" sudo -u liw -i bash -c "ln -nsf liw-dot-files/gitconfig-exolobe1 .gitconfig" - name: "create ~liw/base-images" file: state: directory path: /home/liw/base-images owner: liw group: liw mode: 0755 - name: "create ~liw/vm" file: state: directory path: /home/liw/vm owner: liw group: liw mode: 0755 # - name: "fetch cloud images" # get_url: # url: "{{ item.url }}" # dest: "/home/liw/base-images/{{ item.file }}" # owner: liw # group: liw # mode: 0644 # with_items: # - url: https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2 # file: bullseye.qcow2 # - url: https://cloud.debian.org/images/cloud/OpenStack/current-10/debian-10-openstack-amd64.qcow2 # file: buster.qcow2 - name: "create ~liw/.ssh" file: state: directory path: /home/liw/.ssh owner: liw group: liw mode: 0755 - name: install SSH public key for liw copy: content: "{{ liw_personal_ssh_pub }}" dest: /home/liw/.ssh/id_personal.pub owner: liw group: liw mode: 0644 - name: "install SSH CA key" copy: content: "{{ lookup('pipe', 'pass show sshca/vmadm-v1') }}" dest: /home/liw/.ssh/vmadm owner: liw group: liw mode: 0600 - name: "ensure SSH CA key file ends in a newline" shell: | if [ "$(tail -n1 /home/liw/.ssh/vmadm | wc -l)" = 0 ] then echo >> /home/liw/.ssh/vmadm fi # - name: "create ~liw/.config/vmadm" # file: # state: directory # path: /home/liw/.config/vmadm # owner: liw # group: liw # mode: 0755 # - name: "configure vmadm" # copy: # src: vmadm.yaml # dest: /home/liw/.config/vmadm/config.yaml # owner: liw # group: liw # mode: 0644 - name: "enable libvirt 'default' network" virt_net: name: default autostart: yes state: active vars: ansible_python_interpreter: /usr/bin/python3 sane_debian_system_version: 2 sane_debian_system_hostname: "{{ inventory_hostname}}" sane_debian_system_codename: bullseye sane_debian_system_sources_lists: - repo: | deb http://security.debian.org/debian-security buster/updates main contrib non-free - repo: | deb http://deb.debian.org/debian buster contrib non-free - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main signing_key: "{{ ci_prod_signing_key }}" unix_users_version: 2 unix_users: - username: liw comment: Lars Wirzenius sudo: yes groups: - libvirt authorized_keys: | {{ liw_personal_ssh_pub }} - username: root authorized_keys: | {{ liw_personal_ssh_pub }} mailname: "{{ sane_debian_system_hostname }}.liw.fi" relayhost: pieni.net:587 smarthost: pieni.net smarthost_user: pienirelay smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"