diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-02-02 15:20:52 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-02-02 15:20:52 +0200 |
commit | 1188a2a6f866a73126afda89d3e788f98c67366d (patch) | |
tree | 63646691bdfce2cc5fda74f487e3c056c85f45db /installer-ansible.yml | |
parent | 2016a5bccf3175d42bcd6fa8e81ad88a01f7a8cc (diff) | |
download | v-i-1188a2a6f866a73126afda89d3e788f98c67366d.tar.gz |
refactor: rename files to be clearer
Sponsored-by: author
Diffstat (limited to 'installer-ansible.yml')
-rw-r--r-- | installer-ansible.yml | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/installer-ansible.yml b/installer-ansible.yml new file mode 100644 index 0000000..ad0d2f6 --- /dev/null +++ b/installer-ansible.yml @@ -0,0 +1,126 @@ +# Ansible playbook to install stuff for v-i. +# TODO: +# - maybe install iwlwifi firmware? +# - install liw-openpgp.pub and a gpg config to use my Yubikey + + +- hosts: image + tasks: + + - name: "set /etc/hostname" + shell: | + echo "{{ hostname }}" > /etc/hostname + + - name: "unset root password" + shell: | + sed -i '/^root:[^:]*:/s//root::/' /etc/passwd + + - name: "create /root/.ssh" + file: + state: directory + path: /root/.ssh + owner: root + group: root + mode: 0700 + + - name: "set root authorized keys" + copy: + content: | + {{ user_pub }} + dest: /root/.ssh/authorized_keys + owner: root + group: root + mode: 0600 + + - name: "configure keyboard layout" + copy: + content: | + XKBMODEL="pc105" + XKBLAYOUT="fi" + XKBVARIANT="" + XKBOPTIONS="" + BACKSPACE="guess" + dest: /etc/default/keyboard + + - name: "configure console" + copy: + content: | + ACTIVE_CONSOLES="/dev/tty[1-6]" + CHARMAP="UTF-8" + CODESET="Lat15" + FONTFACE="Fixed" + FONTSIZE="8x16" + VIDEOMODE= + dest: /etc/default/console-setup + + - name: "set default LC_TYPE for all users" + shell: + echo export LC_CTYPE=fi_FI.UTF8 >> /etc/profile.d/finnish.sh + + - name: "configure Ethernet networking" + copy: + content: | + auto eth0 + iface eth0 inet dhcp + iface eth0 inet6 auto + dest: /etc/network/interfaces.d/wired + + - name: "restrict root logins over ssh" + lineinfile: + path: /etc/ssh/sshd_config + regex: "#* *PasswordAuthentication" + line: "PasswordAuthentication no" + + - name: "copy rootfs tarball" + copy: + src: "{{ rootfs_tarball }}" + dest: /root/rootfs.tar.gz + + - name: "add APT key for CI repo with vmdb2" + copy: + content: "{{ ci_prod_signing_key }}" + dest: /etc/apt/trusted.gpg.d/ci_prod.asc + + - name: "add CI repo with vmdb2 to apt sources" + apt_repository: + repo: "deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main" + + - name: "install vmdb2" + apt: + name: vmdb2 + + vars: + hostname: v-i + ansible_python_interpreter: /usr/bin/python3 + user_pub: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems + ci_prod_signing_key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp + 5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS + +T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO + HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p + JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM + jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM + 3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4 + 6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe + UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5 + TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl + kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB + tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3 + LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ + CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h + dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ + LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN + 31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw + P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv + 2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM + cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD + SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441 + 6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK + Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod + GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps + GSJSdir7NkZidgwoCPA7BTqsb5LN + =dXB0 + -----END PGP PUBLIC KEY BLOCK----- |