blob: 3e094c3e4ec27bd63fd0a7059330f8bb944e074b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
- hosts: irc.liw.fi
remote_user: root
roles:
- role: sane_debian_system
- role: sshd
- role: comfortable-debian-system
- role: unix_users
- role: self-updating-system
- role: irc-client
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
sane_debian_system_hostname: irc
sane_debian_system_codename: bookworm
sane_debian_system_mirror: deb.debian.org
unix_users_version: 2
unix_users:
- username: root
authorized_keys: |
{{ liw_personal_ssh_pub }}
- username: liw
comment: Lars Wirzenius
authorized_keys: |
{{ liw_personal_ssh_pub }}
- username: liwmf
comment: Lars Wirzenius
authorized_keys: |
{{ liw_personal_ssh_pub }}
# We must define the sshd variables here. The defaults from the
# "all" group assume sshca knows the host by the
# sane_debian_system_hostname name, which isn't true for this
# host.
sshd_version: 1
sshd_host_key: "{{ lookup('pipe', 'sshca host private-key irc.liw.fi') }}"
sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 irc.liw.fi') }}"
sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
|