blob: 98b42b6200457540c9d0941724dc19694287a3ec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
# Ansible playbook to install stuff for v-i.
# TODO:
# - maybe install iwlwifi firmware?
# - install liw-openpgp.pub and a gpg config to use my Yubikey
- hosts: image
tasks:
- name: "set /etc/hostname"
shell: |
echo "{{ hostname }}" > /etc/hostname
- name: "unset root password"
shell: |
sed -i '/^root:[^:]*:/s//root::/' /etc/passwd
- name: "create /root/.ssh"
file:
state: directory
path: /root/.ssh
owner: root
group: root
mode: 0700
- name: "enable v-i-config service"
shell: |
install -d /etc/systemd/system/ssh.service.wants
ln -nsf /etc/systemd/system/v-i-config.service /etc/systemd/system/ssh.service.wants/v-i-config.service
- name: "configure keyboard layout"
copy:
content: |
XKBMODEL="pc105"
XKBLAYOUT="fi"
XKBVARIANT=""
XKBOPTIONS=""
BACKSPACE="guess"
dest: /etc/default/keyboard
- name: "configure console"
copy:
content: |
ACTIVE_CONSOLES="/dev/tty[1-6]"
CHARMAP="UTF-8"
CODESET="Lat15"
FONTFACE="Fixed"
FONTSIZE="8x16"
VIDEOMODE=
dest: /etc/default/console-setup
- name: "set default LC_TYPE for all users"
shell:
echo export LC_CTYPE=fi_FI.UTF8 >> /etc/profile.d/finnish.sh
- name: "configure Ethernet networking"
copy:
content: |
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 auto
dest: /etc/network/interfaces.d/wired
- name: "restrict root logins over ssh"
lineinfile:
path: /etc/ssh/sshd_config
regex: "#* *PasswordAuthentication"
line: "PasswordAuthentication no"
- name: "copy rootfs tarball"
copy:
src: "{{ rootfs_tarball }}"
dest: /root/rootfs.tar.gz
- name: "add APT key for CI repo with vmdb2"
copy:
content: "{{ ci_prod_signing_key }}"
dest: /etc/apt/trusted.gpg.d/ci_prod.asc
- name: "add CI repo with vmdb2 to apt sources"
apt_repository:
repo: "deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main"
- name: "install vmdb2"
apt:
name: vmdb2
vars:
hostname: v-i
ansible_python_interpreter: /usr/bin/python3
ci_prod_signing_key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFrLO7kBEADdz6mHstYmKU5Dp6OSjxWtWaqTDOX1sJdmmaIK/9EKVIH0Maxp
5kvVO5G6mULLAjv/kLG0MxasHPrq8I2A/y8AqKAGVL8QelwLjQMIFZ30/VbGQPHS
+T5TZXEnoQtNce1GUhFwJ38ZyjjwHBFV9tSec7rZ2Q3YeM3nNnGPf6DacXGfEOPO
HIN4sXAN2hzNXNjKRzTIvxQseb6nr7afUh/SlZ3yhQOCrIzmYlD7tP9WJe7ofL0p
JY4pDQYw8rT6nC2BE/ioemh84kERCT1vCe+OVFlSRuMlqfEv+ZpKQ+itOmPDQ/lM
jpUm1K2hrW/lWpxT/ZxHKo/w1K36J5WshgMZxfUu5BMCL9LMqMcrXNhNjDMfxDMM
3yBPOvQ4ls6fecOZ/bsFo1p8VzMk/w/eG8vPs5yuNa5XxN95yFMXoOHGb5Xbu8D4
6yiW+Af70LbiSNpGdmNdneiGB2fY38NxBukPw5u3S5qG8HedSmMr1RvSr5kHoAAe
UbOY+BYaaKsTAT7+1skUW1o3FJSqoRKCHAzTsMWC6zzhR8hRn7jVrrguH1hGbqq5
TZSCFQZExuTJ7uXrTLG0WoBXIjB5wWNcSeXn8myUWYB51nJNF4tJBouZOz9JwWGl
kiAQkrHnBttLQWdW9FyjbIoTZMtpvVx+m6ObGTGdGL1cNlLAvWprMXGc+QARAQAB
tDJJY2sgQVBUIHJlcG9zaXRvcnkgc2lnbmluZyBrZXkgKDIwMTgpIDxsaXdAbGl3
LmZpPokCTgQTAQgAOBYhBKL1uyDoXyxUH3O717Wr+TZVS6PGBQJayzu5AhsDBQsJ
CAcCBhUICQoLAgQWAgMBAh4BAheAAAoJELWr+TZVS6PGB5QQANTcikhRUHwt9N4h
dGc/Hp6CbqdshMoWlwpFskttoVDxQG5OAobuZl5XyzGcmja1lT85RGkZFfbca0IZ
LnXOLLSAu51QBkXNaj4OhjK/0uQ+ITrvL6RQSXNgHiUTR/W2XD1GIUq6nBqe2GSN
31S1baYKKVj5QIMsi7Dq8ls3BBXuPCE+xTSaNmGWjes2t9pPidcRvxsksCLY1qgw
P1GFXBeMkBQ29kBP87SUL15SIk7OiQLlEURCy5iRls5rt/YEsdEpRWIb0Tm5Nrjv
2M3VM+iBhfNXTwj0rJ34mlycF1qQmA7YcTEobT7z587GPY0VWzBpQUnEQj7rQWPM
cDYY0b+I6kQ8VKOaL4wVAtE98d7HzFIrIrwhTKufnrWrVDPYsmLZ+LPC1jiF7JBD
SR6Vftb+SdDR9xoE1yRuXbC6IfoW+5/qQNrdQ2mm9BFw5jOonBqchs18HTTf3441
6SWwP9fY3Vi+IZphPPi0Gf85oMStgnv/Wnw6LacEL32ek39Desero/D8iGLZernK
Q2mC9mua5A/bYGVhsNWyURNFkKdbFa+/wW3NfdKYyZnsSfo+jJ2luNewrhAY7Kod
GWXTer9RxzTGA3EXFGvNr+BBOOxSj0SfWTl0Olo7J5dnxof+jLAUS1VHpceHGHps
GSJSdir7NkZidgwoCPA7BTqsb5LN
=dXB0
-----END PGP PUBLIC KEY BLOCK-----
|
