ansible/exolobe1.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

- hosts: exolobe1
  remote_user: root
  become: no
  roles:
    - sane_debian_system
    - sshd
    - unix_users
    - gnome-system
    - role: intel-wifi
      tags: wifi
  vars:
    ansible_python_interpreter: /usr/bin/python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: "{{ inventory_hostname }}"
    sane_debian_system_codename: bullseye
    sane_debian_system_timezone: Europe/Helsinki
    sane_debian_system_sources_lists:
      - repo: |
          deb http://deb.debian.org/debian bullseye contrib non-free

      - repo: |
          deb http://security.debian.org/debian-security bullseye-security main contrib non-free

      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
        signing_key: "{{ ci_prod_signing_key }}"

    unix_users_version: 2
    unix_users:
      - username: liw
        comment: Lars Wirzenius
        authorized_keys: |
          {{ liw_personal_ssh_pub }}

    sshd_version: 1
    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key exolobe1') }}"
    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v4 exolobe1') }}"
    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}"

    rustup_cargo_install: |
      starship