blob: 20fafc7850c6dc1a58292c9d7c0d14fbbf6cf9a8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# As long as this is based on bullseye, reboot VM after running the
# playbook.
- hosts: holywood2
remote_user: root
roles:
- sane_debian_system
- sshd
- ssd
- comfortable-debian-system
- version-controller
- unix_users
- apache_server
- role: holywood2
tags: holywood2
- mail-client
- self-updating-system
tasks:
- cron:
name: "scrub file systems"
special_time: weekly
job: "find /mnt/*/* -type f -exec cat '{}' ';' > /dev/null"
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
sane_debian_system_hostname: "{{ inventory_hostname }}"
sane_debian_system_codename: bullseye
sane_debian_system_mirror: deb.debian.org
sane_debian_system_sources_lists:
- repo: deb http://deb.debian.org/debian bullseye main contrib non-free
- repo: deb http://apt.liw.fi/debian unstable main
signing_key: "{{ apt_liw_fi_signing_key }}"
unix_users_version: 2
unix_users:
- username: liw
comment: Lars Wirzenius
sudo: yes
authorized_keys: |
{{ liw_personal_ssh_pub }}
- username: root
ssh_key: "{{ lookup('pipe', 'pass show root_at_holywood2_ssh_key') }}"
ssh_key_pub: "{{ root_at_holywood2_ssh_key_pub }}"
authorized_keys: |
{{ liw_personal_ssh_pub }}
mailname: "{{ sane_debian_system_hostname }}.liw.fi"
relayhost: pieni.net:587
smarthost: pieni.net
smarthost_user: pienirelay
smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
letsencrypt: no
sshd_version: 1
|