# Ansible playbook to install stuff for v-i.
# TODO:
# - maybe install iwlwifi firmware?
# - install liw-openpgp.pub and a gpg config to use my Yubikey


- hosts: image
  tasks:

    - name: "set /etc/hostname"
      shell: |
        echo "{{ hostname }}" > /etc/hostname

    - name: "unset root password"
      shell: |
        sed -i '/^root:[^:]*:/s//root::/' /etc/passwd

    - name: "create /root/.ssh"
      file:
        state: directory
        path: /root/.ssh
        owner: root
        group: root
        mode: 0700

    - name: "configure keyboard layout"
      copy:
        content: |
          XKBMODEL="pc105"
          XKBLAYOUT="fi"
          XKBVARIANT=""
          XKBOPTIONS=""
          BACKSPACE="guess"
        dest: /etc/default/keyboard

    - name: "configure console"
      copy:
        content: |
          ACTIVE_CONSOLES="/dev/tty[1-6]"
          CHARMAP="UTF-8"
          CODESET="Lat15"
          FONTFACE="Fixed"
          FONTSIZE="8x16"
          VIDEOMODE=
        dest: /etc/default/console-setup

    - name: "set default LC_TYPE for all users"
      shell:
        echo export LC_CTYPE=fi_FI.UTF8 >> /etc/profile.d/finnish.sh

    - name: "configure Ethernet networking"
      copy:
        content: |
          auto eth0
          iface eth0 inet dhcp
          iface eth0 inet6 auto
        dest: /etc/network/interfaces.d/wired

    - name: "restrict root logins over ssh"
      lineinfile:
        path: /etc/ssh/sshd_config
        regex: "#* *PasswordAuthentication"
        line: "PasswordAuthentication no"

    - name: "copy rootfs tarball"
      copy:
        src: "{{ rootfs_tarball }}"
        dest: /root/rootfs.tar.gz

    - name: "add APT key for CI repo with vmdb2"
      copy:
        content: "{{ ci_prod_signing_key }}"
        dest: /etc/apt/trusted.gpg.d/ci_prod.asc

    - name: "add CI repo with vmdb2 to apt sources"
      apt_repository:
        repo: "deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main"

    - name: "install vmdb2"
      apt:
        name: vmdb2

  vars:
    hostname: v-i
    ansible_python_interpreter: /usr/bin/python3
    ci_prod_signing_key: |
        -----BEGIN PGP PUBLIC KEY BLOCK-----

        mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp
        5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS
        +T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO
        HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p
        JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM
        jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM
        3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4
        6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe
        UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5
        TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl
        kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB
        tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3
        LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ
        CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h
        dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ
        LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN
        31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw
        P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv
        2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM
        cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD
        SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441
        6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK
        Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod
        GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps
        GSJSdir7NkZidgwoCPA7BTqsb5LN
        =dXB0
        -----END PGP PUBLIC KEY BLOCK-----