diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-01-07 15:06:29 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-01-07 18:52:02 +0200 |
commit | 2c3f88259122323eb73eb40f4dec9d66483d926c (patch) | |
tree | ca22c3b0740bb2db51f1775d80dec57b7317140f /v-i.yml | |
parent | 79dd4f5367ca66df6c2c56b751b4582554e39032 (diff) | |
download | v-i-2c3f88259122323eb73eb40f4dec9d66483d926c.tar.gz |
feat: make v-i script support my standard base install
Also, put as many packages as possible inside the cached portion, for speed.
Sponsored-by: author
Diffstat (limited to 'v-i.yml')
-rw-r--r-- | v-i.yml | 131 |
1 files changed, 0 insertions, 131 deletions
diff --git a/v-i.yml b/v-i.yml deleted file mode 100644 index 541d045..0000000 --- a/v-i.yml +++ /dev/null @@ -1,131 +0,0 @@ -# Ansible playbook to install stuff for v-i. -# TODO: -# - maybe install iwlwifi firmware? -# - install liw-openpgp.pub and a gpg config to use my Yubikey - - -- hosts: image - tasks: - - - name: "set /etc/hostname" - shell: | - echo "{{ hostname }}" > /etc/hostname - - - name: "unset root password" - shell: | - sed -i '/^root:[^:]*:/s//root::/' /etc/passwd - - - name: "create /root/.ssh" - file: - state: directory - path: /root/.ssh - owner: root - group: root - mode: 0700 - - - name: "set root authorized keys" - copy: - content: | - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP liw personal systems - dest: /root/.ssh/authorized_keys - owner: root - group: root - mode: 0600 - - - name: "configure keyboard layout" - copy: - content: | - XKBMODEL="pc105" - XKBLAYOUT="fi" - XKBVARIANT="" - XKBOPTIONS="" - BACKSPACE="guess" - dest: /etc/default/keyboard - - - name: "configure console" - copy: - content: | - ACTIVE_CONSOLES="/dev/tty[1-6]" - CHARMAP="UTF-8" - CODESET="Lat15" - FONTFACE="Fixed" - FONTSIZE="8x16" - VIDEOMODE= - dest: /etc/default/console-setup - - - name: "set default LC_TYPE for all users" - shell: - echo export LC_CTYPE=fi_FI.UTF8 >> /etc/profile.d/finnish.sh - - - name: "configure Ethernet networking" - copy: - content: | - auto eth0 - iface eth0 inet dhcp - iface eth0 inet6 auto - dest: /etc/network/interfaces.d/wired - - - name: "restrict root logins over ssh" - lineinfile: - path: /etc/ssh/sshd_config - regex: "#* *PasswordAuthentication" - line: "PasswordAuthentication no" - - - name: "copy rootfs tarball" - copy: - src: "{{ rootfs_tarball }}" - dest: /root/rootfs.tar.gz - - - name: "add my ssh pub key to root's authorized keys" - authorized_key: - user: root - key: "{{ user_pub }}" - - - name: "add APT key for CI repo with vmdb2" - copy: - content: "{{ ci_prod_signing_key }}" - dest: /etc/apt/trusted.gpg.d/ci_prod.asc - - - name: "add CI repo with vmdb2 to apt sources" - apt_repository: - repo: "deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main" - - - name: "install vmdb2" - apt: - name: vmdb2 - - vars: - hostname: v-i - ansible_python_interpreter: /usr/bin/python3 - user_pub: | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAlECa3tbFGXhB3Zh/4/GhM11THOThVfiuLqqJ2dpWHEClzpKJHpzzwWt7g9z/MMQNMsUJLy+okz+De6hdjjmYJ9kG9Sr3H4YKq6itGQMj7L/cH3WS3ynp0uy0oW3hf932vDZKQ8iy9vczXH+ERYl+4TYae1Jp4Hyf4/2IYxEfuhKctvSvqySST3Qk9JNZ71HFGOWhjH/MmoCLoT1v+HkqmHdYf/GMKGRo3gqCEGgCgNErYYIyKm3OF3dHXK+hyGLE/cZNu6fU5woW3rvtUCFt08Ri2pm0cnXXJn9jQIMxfS5Kkf64svwgzKmPqgX1f4flopYPlsBXduCgzbJvj+lpgauAk/i1A5B01CFa9sI4C6pHZmwk1qxRwN+4IXL2CQt+tDgYC84ZDDd8R7cNyL22a3KhMQmdHtvog1beAa3Ab+J+cafkXXN+Es9f1wQjzk7DiHupmJIVofBvPP+cRcB46rwha6ati8Fa5QkT9rXFNqQsKk7jq8TIi54Bm15OOa0jInGG3TM17b9Ftu2WTJSAaqgBnDfZiInK7HEvC6K/IBljrN3oGagmFZPrAvzw7d6C2/nKFAQtfoMcE5oWVDrJyjsmJ8oaru0E8rwj7mMvyKPgEMnXTGXLWDgEo50+i291m4bkCxVwiOPbPRvdMll1Y8qfBAPT76sY4Ikgcw/2iw== openpgp:0xBBE80E50 - ci_prod_signing_key: | - -----BEGIN PGP PUBLIC KEY BLOCK----- - - mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp - 5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS - +T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO - HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p - JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM - jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM - 3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4 - 6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe - UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5 - TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl - kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB - tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3 - LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ - CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h - dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ - LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN - 31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw - P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv - 2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM - cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD - SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441 - 6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK - Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod - GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps - GSJSdir7NkZidgwoCPA7BTqsb5LN - =dXB0 - -----END PGP PUBLIC KEY BLOCK----- |