ansible/apt.liw.fi.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

- hosts: apt.liw.fi
  remote_user: root
  roles:
    - role: sane_debian_system
    - role: sshd
    - role: unix_users
    - role: apt-repository
  vars:
    ansible_python_interpreter: python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: "{{ inventory_hostname }}"
    sane_debian_system_codename: bookworm

    timezone: Europe/Helsinki

    unix_users_version: 2
    unix_users:
      - username: apt
        comment: Owner of APT repository
      - username: incoming
        comment: APT incoming packages
        authorized_keys: |
          {{ apt_uploader_ssh_pub_keys }}
      - username: liw
        comment: Lars Wirzenius
        sudo: yes

    sshd_version: 1

    apt_uploader_ssh_pub_keys: |
      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP
    apt_admin_email: liw@liw.fi
    apt_domain: apt.liw.fi
    apt_distributions:
      - codename: unstable
        description: builds for unstable
    apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}"
    apt_signing_key_pub: "{{ lookup('pipe', 'pass show apt.liw.fi-signing-key') }}"
    apt_signing_key_fingerprint: |
      {{ lookup('pipe', 'pass show apt.liw.fi-signing-key | gpg --show-keys --with-colons | grep "^fpr:" | head -n1 | cut -d: -f10') }}
    apt_index_content: |
      {{ lookup('file', 'apt.liw.fi.html') }}