refactor: rename files to be clearer

Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2022-02-02 15:20:52 +0200
committer: Lars Wirzenius <liw@liw.fi> 2022-02-02 15:20:52 +0200
commit: 1188a2a6f866a73126afda89d3e788f98c67366d (patch)
tree: 63646691bdfce2cc5fda74f487e3c056c85f45db /installer-ansible.yml
parent: 2016a5bccf3175d42bcd6fa8e81ad88a01f7a8cc (diff)
download: v-i-1188a2a6f866a73126afda89d3e788f98c67366d.tar.gz
1 files changed, 126 insertions, 0 deletions
diff --git a/installer-ansible.yml b/installer-ansible.yml
new file mode 100644
index 0000000..ad0d2f6
--- /dev/null
+++ b/installer-ansible.yml
@@ -0,0 +1,126 @@
+# Ansible playbook to install stuff for v-i.
+# TODO:
+# - maybe install iwlwifi firmware?
+# - install liw-openpgp.pub and a gpg config to use my Yubikey
+
+
+- hosts: image
+  tasks:
+
+    - name: "set /etc/hostname"
+      shell: |
+        echo "{{ hostname }}" > /etc/hostname
+
+    - name: "unset root password"
+      shell: |
+        sed -i '/^root:[^:]*:/s//root::/' /etc/passwd
+
+    - name: "create /root/.ssh"
+      file:
+        state: directory
+        path: /root/.ssh
+        owner: root
+        group: root
+        mode: 0700
+
+    - name: "set root authorized keys"
+      copy:
+        content: |
+          {{ user_pub }}
+        dest: /root/.ssh/authorized_keys
+        owner: root
+        group: root
+        mode: 0600
+
+    - name: "configure keyboard layout"
+      copy:
+        content: |
+          XKBMODEL="pc105"
+          XKBLAYOUT="fi"
+          XKBVARIANT=""
+          XKBOPTIONS=""
+          BACKSPACE="guess"
+        dest: /etc/default/keyboard
+
+    - name: "configure console"
+      copy:
+        content: |
+          ACTIVE_CONSOLES="/dev/tty[1-6]"
+          CHARMAP="UTF-8"
+          CODESET="Lat15"
+          FONTFACE="Fixed"
+          FONTSIZE="8x16"
+          VIDEOMODE=
+        dest: /etc/default/console-setup
+
+    - name: "set default LC_TYPE for all users"
+      shell:
+        echo export LC_CTYPE=fi_FI.UTF8 >> /etc/profile.d/finnish.sh
+
+    - name: "configure Ethernet networking"
+      copy:
+        content: |
+          auto eth0
+          iface eth0 inet dhcp
+          iface eth0 inet6 auto
+        dest: /etc/network/interfaces.d/wired
+
+    - name: "restrict root logins over ssh"
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regex: "#* *PasswordAuthentication"
+        line: "PasswordAuthentication no"
+
+    - name: "copy rootfs tarball"
+      copy:
+        src: "{{ rootfs_tarball }}"
+        dest: /root/rootfs.tar.gz
+
+    - name: "add APT key for CI repo with vmdb2"
+      copy:
+        content: "{{ ci_prod_signing_key }}"
+        dest: /etc/apt/trusted.gpg.d/ci_prod.asc
+
+    - name: "add CI repo with vmdb2 to apt sources"
+      apt_repository:
+        repo: "deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main"
+
+    - name: "install vmdb2"
+      apt:
+        name: vmdb2
+
+  vars:
+    hostname: v-i
+    ansible_python_interpreter: /usr/bin/python3
+    user_pub: |
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems
+    ci_prod_signing_key: |
+        -----BEGIN PGP PUBLIC KEY BLOCK-----
+
+        mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp
+        5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS
+        +T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO
+        HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p
+        JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM
+        jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM
+        3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4
+        6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe
+        UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5
+        TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl
+        kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB
+        tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3
+        LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ
+        CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h
+        dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ
+        LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN
+        31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw
+        P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv
+        2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM
+        cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD
+        SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441
+        6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK
+        Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod
+        GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps
+        GSJSdir7NkZidgwoCPA7BTqsb5LN
+        =dXB0
+        -----END PGP PUBLIC KEY BLOCK-----
author	Lars Wirzenius <liw@liw.fi>	2022-02-02 15:20:52 +0200
committer	Lars Wirzenius <liw@liw.fi>	2022-02-02 15:20:52 +0200
commit	1188a2a6f866a73126afda89d3e788f98c67366d (patch)
tree	63646691bdfce2cc5fda74f487e3c056c85f45db /installer-ansible.yml
parent	2016a5bccf3175d42bcd6fa8e81ad88a01f7a8cc (diff)
download	v-i-1188a2a6f866a73126afda89d3e788f98c67366d.tar.gz