blob: ac4d72fb88e762d5a939abee08a75d9647458f61 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
- hosts: holywood2
remote_user: root
roles:
- sane_debian_system
- sshd
- ssd
- comfortable-debian-system
- version-controller
- unix_users
- apache_server
- role: holywood2
tags: holywood2
- smarthost-client
- self-updating-system
tasks:
- cron:
name: "scrub file systems"
special_time: weekly
job: "find /mnt/*/* -type f -exec cat '{}' ';' > /dev/null"
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
sane_debian_system_hostname: holywood2
sane_debian_system_codename: bullseye
sane_debian_system_mirror: deb.debian.org
sane_debian_system_sources_lists:
- repo: deb http://deb.debian.org/debian bullseye main contrib non-free
- repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
signing_key: "{{ ci_prod_signing_key }}"
unix_users_version: 2
unix_users:
- username: liw
comment: Lars Wirzenius
sudo: yes
authorized_keys: |
{{ liw_personal_ssh_pub }}
- username: root
ssh_key: "{{ lookup('pipe', 'pass show root_at_holywood2_ssh_key') }}"
ssh_key_pub: "{{ root_at_holywood2_ssh_key_pub }}"
authorized_keys: |
{{ liw_personal_ssh_pub }}
mailname: "{{ sane_debian_system_hostname }}.liw.fi"
relayhost: pieni.net:587
smarthost: pieni.net
smarthost_user: pienirelay
smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
letsencrypt: no
sshd_version: 1
sshd_host_key: "{{ lookup('pipe', 'sshca host private-key holywood2') }}"
sshd_host_cert: "{{ lookup('pipe', 'sshca host certify liw.fi/ca/host/v4 holywood2') }}"
sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v3') }}"
|