summaryrefslogtreecommitdiff
path: root/ansible/upliw0-private.yml
blob: 441b246bc703ab98dc5f240809f1f52f08043eaf (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210

- hosts: private
  remote_user: root
  become: no
  roles:
    - role: sane_debian_system
    - role: self-updating-system
    - role: comfortable-debian-system
    - role: version-controller
    - role: emacs
    - role: smarthost-client
    - role: mail-client
    - role: annexed
    - role: unix_users
    - role: liw
    - role: rust-rustup

  tasks:
    # Remove ping to force it be reinstalled so that the right
    # capabilities are set.
    - apt:
        name: iputils-ping
        state: absent

    - apt:
        name:
          - build-essential
          - extrautils
          - iputils-ping
          - jq
          - jt
          - liw-automation
          - pandoc-filter-diagram
          - python3
          - shellcheck
          - subplot
          - summain
          - texlive-fonts-recommended
          - texlive-latex-base
          - texlive-latex-extra
          - texlive-latex-recommended
          - texlive-plain-generic

    - name: install command line utilities
      apt:
        name:
        - bc
        - bind9-host
        - curl
        - dnsutils
        - htop
        - iftop
        - ikiwiki
        - info
        - jt
        - locales-all
        - lvm2
        - mmv
        - moreutils
        - mosh
        - mtr
        - nethogs
        - nmap
        - num-utils
        - psmisc
        - pv
        - rsync
        - screen
        - strace
        - time
        - units
        - vim
        - w3m
        - whois
        - yaml-mode
        - zip

    - name: "Install ewww"
      apt:
        name:
          - ewww
          - psmisc
          - curl
          - rsync
        state: present
    - name: "Create /srv/http"
      file:
        state: directory
        path: /srv/http
        owner: _ewww
        group: _ewww
        mode: 0755
    - name: "Create ewww config directory"
      file:
        state: directory
        path: /etc/ewww
    - name: "Install ewww config"
      copy:
        content: |
          webroot: /srv/http
          listen: "0.0.0.0:443"
          tls_cert: /etc/ewww/tls.pem
          tls_key: /etc/ewww/tls.key
        dest: /etc/ewww/ewww.yaml
    - name: "Install TLS cert"
      copy:
        content: |
          -----BEGIN CERTIFICATE-----
          MIICrzCCAZcCFFusxXoXXAVCzpfNK5VlnS8vFnY/MA0GCSqGSIb3DQEBCwUAMBQx
          EjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0yMTA3MjIwNzMzNThaFw0yMjA3MjIwNzMz
          NThaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEP
          ADCCAQoCggEBALhfy48gwIslLt5nCDSaPZeg52TwlZ8gWotnoprcv3cgTllDD/t7
          uLwRrYFJl2AheaNRP+ZOgXYzuS+pOz7YCdLg6bc1d8Dto69gQy848GnTtHINgy3Z
          Ag0L5d2B8/PcpEagFe2z1cCDzxNxkhjWisb0Rm1AOJcNxQWvICw428wwWEr6SRiO
          FHTht5UG0oClK88cJSwBnzNSS9Q30q42JfUmua1Dd0PS3FOMibtzMB9aBATeR4uH
          pQ1qCGU197er0PVfxWYrm8LEyZFQHRviwiaLNMtMRQuOp2rDF3kV/aZuw+aUYqpk
          zz+H3g0lxU3vYp/NmSRvC7y4HFxr7xlu6DECAwEAATANBgkqhkiG9w0BAQsFAAOC
          AQEAgpZ0dd+W4v7P6uFZ3R4rbRrHUQEOlFFMUrkf6EyT9xeIk7XjO6+RYbVP6tWX
          h4T9sEIFypAtR/47JEhFKYzncPBygUQfzXH5hW0JgviMQ8nNQz6NUJ5vPpeI4Tob
          7uipx46Lq6nF6h9DbMK/03M7ZeybEa+nknDtry5hKTVzi+xSkVQX1/xgOBY0hhUk
          xcLCULujN2Lp262aP9hIuI/vaXo5HOh+BavsSauVUsRjScz/8Lgn+q4qRajcgnRa
          WvK5nH/Ok4am5F9LDcwZOyUXrV+VB9CcbhnzinMuPwCdhPvMr+F7zQP9YXbOeOlP
          NdZiSNvGZAbEnmMnNCEYMO3wVA==
          -----END CERTIFICATE-----
        dest: /etc/ewww/tls.pem
    - name: "Install TLS key"
      copy:
        content: |
          -----BEGIN RSA PRIVATE KEY-----
          MIIEpAIBAAKCAQEAuF/LjyDAiyUu3mcINJo9l6DnZPCVnyBai2eimty/dyBOWUMP
          +3u4vBGtgUmXYCF5o1E/5k6BdjO5L6k7PtgJ0uDptzV3wO2jr2BDLzjwadO0cg2D
          LdkCDQvl3YHz89ykRqAV7bPVwIPPE3GSGNaKxvRGbUA4lw3FBa8gLDjbzDBYSvpJ
          GI4UdOG3lQbSgKUrzxwlLAGfM1JL1DfSrjYl9Sa5rUN3Q9LcU4yJu3MwH1oEBN5H
          i4elDWoIZTX3t6vQ9V/FZiubwsTJkVAdG+LCJos0y0xFC46nasMXeRX9pm7D5pRi
          qmTPP4feDSXFTe9in82ZJG8LvLgcXGvvGW7oMQIDAQABAoIBAQCTKyP441PNvahj
          ripGkreHSNBrKf7EPbcIf3iz1HCgThE7/uPLAT68IAA2qt9BxHarfjdbRl7gUvkG
          qja4OwncYdssemlUfluhqVz3XKPKVUo7n72N4yJX959L6GcpyHz4QuA+FMYSHSQ1
          iPntCZNMq79rhU+mgz85AkjUA66ulKzkFwYRL6oRJ+fxwYKTCcnRAUbUaihDXb5T
          AV4wDPMKLse70KL42SPTrQFzTqguDlXzPlKvqOEi2lZkNkiMr8wdN/xZlzLre89K
          EM/mczCnYnI17dkFrdF+9Wsr63o24H+vUQ3IWIDnVP+dgMXonvCz2Z8mawlb5tt7
          vuY4b9KBAoGBAOczO740Q/mDk2iQI4Kt+o1unRwz34AEge0hm7kVUb7g2iV9sqNU
          PovFjIvfCpWTmxVj6NQHyHbKDUfnnYzrpYHuMu2mL5E/1w+WqO1xPgoS287Xs/0I
          E6N/BozDW4kMgBID0U2qz0JBrDMDFlL/yoziec6kv8f8uvRlQKtSdVSFAoGBAMwm
          uDCShE4RcCr0PgAhiCSllJF03AVbLioTqdXwiHbIVvu5XvUClgOuI0eUDzU0Dsco
          eWVaMQYx2Gt26sPPE52duZQNZ8JOZVq8/eSoycxYBn+hxYsjWqR9VvAZ4UMQvQ9g
          T8La/NJTmzGVqpSD6XA176umCmgB/oeEaNZvchq9AoGAUfmbdDxJ4b1iVc/Nl3ci
          gGU49Zf65gQzISYqdbx2aIyHLIXeAgVLy/k2dR2XPiPA+BudoRhFXsETZmxcM2wW
          GfSgQB0Nfp25HkDYEqB1U9MN9tAKdGwZsn3Gj8Bwwy4Ydsq9uqEWrbJlYQz2LGWf
          psZiU/+cNEeK7j68aEJrcZUCgYAu7zvrVtP6CsJJ7csPRqZBHpwwcLhgtty/KbQj
          DmChRl/REYYGOCj7AZ70xtJUPfqjyOdX6MtajD0gP7+rcsEkvG0833QaVOGyYb7R
          Qgja5OXhk/SRj3g4VuSU4K5MN93vWgocVzJGvJfyZ2FHMaiKdqv6P3sm/EZjK4ra
          udZ21QKBgQDXmMP5sPHBtpHyXybIHk+nJICOtsKAJklXA1msgCk8OqDyPXX3qh8e
          4vFU4tgRN1nBMmEG5ROTtING1dQ5+X3aqXOJIO+asE1FkQA1kUhFKg2OSo15liPI
          cB5//DSHki2Mh1iZxPfZnvFYpEOl9pmedSJ4tlltzKQSY//6kGJ49g==
          -----END RSA PRIVATE KEY-----
        dest: /etc/ewww/tls.key
    - name: "Enable and start ewww service"
      systemd:
        name: ewww
        state: restarted
        enabled: yes
        daemon_reload: yes

  vars:
    ansible_python_interpreter: /usr/bin/python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: "{{ inventory_hostname }}"
    sane_debian_system_codename: bullseye
    sane_debian_system_timezone: Europe/Helsinki
    sane_debian_system_sources_lists:
      - repo: |
          deb http://deb.debian.org/debian bullseye contrib non-free

      - repo: |
          deb-src http://deb.debian.org/debian bullseye main contrib non-free

      - repo: |
          deb http://security.debian.org/debian-security bullseye-security main contrib non-free

      - repo: |
          deb http://code.liw.fi/debian unstable main
        signing_key: "{{ code_liw_fi_signing_key }}"

      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
        signing_key: "{{ ci_prod_signing_key }}"

      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable main
        signing_key: "{{ ci_prod_signing_key }}"

    unix_users_version: 2
    unix_users:
      - username: _ewww
        comment: Static web site content
      - username: liw
        comment: Lars Wirzenius
        sudo: yes

    mailname: "{{ sane_debian_system_hostname }}.liw.fi"
    relayhost: pieni.net:587
    smarthost: pieni.net
    smarthost_user: pienirelay
    smarthost_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"

    rustup_cargo_install: |
      bat \
      difftastic \
      ripgrep \
      starship \
      zoxide \
      ytop
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-17 14:18:38 +0000