blob: 441b246bc703ab98dc5f240809f1f52f08043eaf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
|
- hosts: private
remote_user: root
become: no
roles:
- role: sane_debian_system
- role: self-updating-system
- role: comfortable-debian-system
- role: version-controller
- role: emacs
- role: smarthost-client
- role: mail-client
- role: annexed
- role: unix_users
- role: liw
- role: rust-rustup
tasks:
# Remove ping to force it be reinstalled so that the right
# capabilities are set.
- apt:
name: iputils-ping
state: absent
- apt:
name:
- build-essential
- extrautils
- iputils-ping
- jq
- jt
- liw-automation
- pandoc-filter-diagram
- python3
- shellcheck
- subplot
- summain
- texlive-fonts-recommended
- texlive-latex-base
- texlive-latex-extra
- texlive-latex-recommended
- texlive-plain-generic
- name: install command line utilities
apt:
name:
- bc
- bind9-host
- curl
- dnsutils
- htop
- iftop
- ikiwiki
- info
- jt
- locales-all
- lvm2
- mmv
- moreutils
- mosh
- mtr
- nethogs
- nmap
- num-utils
- psmisc
- pv
- rsync
- screen
- strace
- time
- units
- vim
- w3m
- whois
- yaml-mode
- zip
- name: "Install ewww"
apt:
name:
- ewww
- psmisc
- curl
- rsync
state: present
- name: "Create /srv/http"
file:
state: directory
path: /srv/http
owner: _ewww
group: _ewww
mode: 0755
- name: "Create ewww config directory"
file:
state: directory
path: /etc/ewww
- name: "Install ewww config"
copy:
content: |
webroot: /srv/http
listen: "0.0.0.0:443"
tls_cert: /etc/ewww/tls.pem
tls_key: /etc/ewww/tls.key
dest: /etc/ewww/ewww.yaml
- name: "Install TLS cert"
copy:
content: |
-----BEGIN CERTIFICATE-----
MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx
EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz
NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7
uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z
Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO
FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH
pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk
zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC
AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX
h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob
7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk
xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa
WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP
NdZiSNvGZAbEnmMnNCEYMO3wVA==
-----END CERTIFICATE-----
dest: /etc/ewww/tls.pem
- name: "Install TLS key"
copy:
content: |
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP
+3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D
LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ
GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H
i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi
qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj
ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG
qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1
iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T
AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K
EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7
vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU
PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I
E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm
uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco
eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g
T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci
gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW
GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf
psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj
DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R
Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra
udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e
4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI
cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g==
-----END RSA PRIVATE KEY-----
dest: /etc/ewww/tls.key
- name: "Enable and start ewww service"
systemd:
name: ewww
state: restarted
enabled: yes
daemon_reload: yes
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
sane_debian_system_hostname: "{{ inventory_hostname }}"
sane_debian_system_codename: bullseye
sane_debian_system_timezone: Europe/Helsinki
sane_debian_system_sources_lists:
- repo: |
deb http://deb.debian.org/debian bullseye contrib non-free
- repo: |
deb-src http://deb.debian.org/debian bullseye main contrib non-free
- repo: |
deb http://security.debian.org/debian-security bullseye-security main contrib non-free
- repo: |
deb http://code.liw.fi/debian unstable main
signing_key: "{{ code_liw_fi_signing_key }}"
- repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
signing_key: "{{ ci_prod_signing_key }}"
- repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable main
signing_key: "{{ ci_prod_signing_key }}"
unix_users_version: 2
unix_users:
- username: _ewww
comment: Static web site content
- username: liw
comment: Lars Wirzenius
sudo: yes
mailname: "{{ sane_debian_system_hostname }}.liw.fi"
relayhost: pieni.net:587
smarthost: pieni.net
smarthost_user: pienirelay
smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"
rustup_cargo_install: |
bat \
difftastic \
ripgrep \
starship \
zoxide \
ytop
|