blob: 024ad39c35dd39f2c0b89222c5f1ad667be628d6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
|
- hosts: stamina
remote_user: root
roles:
- sane_debian_system
- ssd
- comfortable-debian-system
- self-updating-system
- vmhost-minimal
- unix_users
- smarthost-client
tasks:
- apt:
name:
- jq
- vmadm
- python3-lxml
- systemd-timesyncd
- ifupdown
- bridge-utils
- apt:
name: ntp
state: absent
purge: yes
- file:
path: /etc/systemd/network/external.network
state: absent
- copy:
content: |
auto lo
iface lo inet loopback
dest: /etc/network/interfaces.d/lo
- copy:
content: |
auto eth0
iface eth0 inet manual
#set up bridge and give it a static ip
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
dest: /etc/network/interfaces.d/br0
- name: "set permission of /mnt/vms"
file:
path: /mnt/vms
owner: root
group: libvirt
mode: 0775
- name: "clone ansibleness to ~liw"
git:
repo: git://git.liw.fi/ansibleness
dest: /home/liw/ansibleness
- name: "clone liw-dot-files to ~liw"
git:
repo: git://git.liw.fi/liw-dot-files
dest: /home/liw/liw-dot-files
- name: "set ownership of everything in ~liw/ansibleness and liw-dot-files"
args:
warn: false
shell: |
chown -R liw:liw /home/liw/ansibleness /home/liw/liw-dot-files
- name: "configure liw dot files"
args:
warn: false
shell: |
sudo -u liw -i bash -c "pwd && ./liw-dot-files/make-symlinks"
sudo -u liw -i bash -c "ln -nsf liw-dot-files/gitconfig-exolobe1 .gitconfig"
- name: "create ~liw/base-images"
file:
state: directory
path: /home/liw/base-images
owner: liw
group: liw
mode: 0755
- name: "create ~liw/vm"
file:
state: directory
path: /home/liw/vm
owner: liw
group: liw
mode: 0755
# - name: "fetch cloud images"
# get_url:
# url: "{{ item.url }}"
# dest: "/home/liw/base-images/{{ item.file }}"
# owner: liw
# group: liw
# mode: 0644
# with_items:
# - url: https://cloud.debian.org/images/cloud/bullseye/latest/debian-11-generic-amd64.qcow2
# file: bullseye.qcow2
# - url: https://cloud.debian.org/images/cloud/OpenStack/current-10/debian-10-openstack-amd64.qcow2
# file: buster.qcow2
- name: "create ~liw/.ssh"
file:
state: directory
path: /home/liw/.ssh
owner: liw
group: liw
mode: 0755
- name: install SSH public key for liw
copy:
content: "{{ liw_personal_ssh_pub }}"
dest: /home/liw/.ssh/id_personal.pub
owner: liw
group: liw
mode: 0644
- name: "install SSH CA key"
copy:
content: "{{ lookup('pipe', 'pass show sshca/vmadm-v1') }}"
dest: /home/liw/.ssh/vmadm
owner: liw
group: liw
mode: 0600
- name: "ensure SSH CA key file ends in a newline"
shell: |
if [ "$(tail -n1 /home/liw/.ssh/vmadm | wc -l)" = 0 ]
then
echo >> /home/liw/.ssh/vmadm
fi
# - name: "create ~liw/.config/vmadm"
# file:
# state: directory
# path: /home/liw/.config/vmadm
# owner: liw
# group: liw
# mode: 0755
# - name: "configure vmadm"
# copy:
# src: vmadm.yaml
# dest: /home/liw/.config/vmadm/config.yaml
# owner: liw
# group: liw
# mode: 0644
- name: "enable libvirt 'default' network"
virt_net:
name: default
autostart: yes
state: active
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
sane_debian_system_hostname: "{{ inventory_hostname}}"
sane_debian_system_codename: bullseye
sane_debian_system_sources_lists:
- repo: |
deb http://security.debian.org/debian-security buster/updates main contrib non-free
- repo: |
deb http://deb.debian.org/debian buster contrib non-free
- repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
signing_key: "{{ ci_prod_signing_key }}"
unix_users_version: 2
unix_users:
- username: liw
comment: Lars Wirzenius
sudo: yes
groups:
- libvirt
authorized_keys: |
{{ liw_personal_ssh_pub }}
- username: root
authorized_keys: |
{{ liw_personal_ssh_pub }}
mailname: "{{ sane_debian_system_hostname }}.liw.fi"
relayhost: pieni.net:587
smarthost: pieni.net
smarthost_user: pienirelay
smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
|