blob: 9a46c1c6a567fe12c81e3bbf2f9a7eebcd201252 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
# Ansible playbook to install stuff for a standard install with v-i.
# You should inspect the user_* variables at the end, and override
# them with "ansible_vars" in the system spec file. v-i sets the
# hostname variable automatically.
- hosts: image
tasks:
- name: "set /etc/hostname"
copy:
content: |
{{ hostname }}
dest: /etc/hostname
- name: "lock root password"
shell: |
passwd -l root
- name: "create ~root/.ssh"
when: user_pub is defined
file:
state: directory
path: /root/.ssh
owner: root
group: root
mode: 0700
- name: "set ~root/.ssh/authorized keys"
when: user_pub is defined
copy:
content: |
{{ user_pub }}
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: 0600
- name: "install user CA public key"
when: user_ca_pubkey is defined
copy:
content: |
{{ user_ca_pubkey }}
dest: /etc/ssh/user_ca_keys
- name: "configure sshd to accept CA for users"
when: user_ca_pubkey is defined
copy:
content: |
TrustedUserCAKeys /etc/ssh/user_ca_keys
dest: /etc/ssh/sshd_config.d/userca.conf
- name: "install host key"
when: host_key is defined
copy:
content: |
{{ host_key }}
dest: /etc/ssh/ssh_host_ed25519_key
mode: 0600
- name: "install host cert"
when: host_cert is defined
copy:
content: |
{{ host_cert }}
dest: /etc/ssh/ssh_host_ed25519_key-cert.pub
mode: 0644
- name: "configue sshd to use host cert"
when: host_cert is defined
copy:
content: |
HostKey /etc/ssh/ssh_host_ed25519_key
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
dest: /etc/ssh/sshd_config.d/host_cert.conf
- name: "configure keyboard layout"
copy:
content: |
XKBMODEL="{{ user_keyboard_model }}"
XKBLAYOUT="{{ user_keyboard_layout }}"
XKBVARIANT=""
XKBOPTIONS=""
BACKSPACE="guess"
dest: /etc/default/keyboard
- name: "configure console"
copy:
content: |
ACTIVE_CONSOLES="/dev/tty[1-6]"
CHARMAP="UTF-8"
CODESET="{{ user_console_codeset }}"
FONTFACE="Fixed"
FONTSIZE="8x16"
VIDEOMODE=
dest: /etc/default/console-setup
- name: "set default locales for all users"
copy:
content: |
{{ user_locale }}
dest: /etc/profile.d/locale.sh
- name: "remove ifupdown"
apt:
name: ifupdown
state: absent
- name: "configure networkd"
copy:
content: |
[Match]
Name=eth0
[Network]
DHCP=yes
dest: /etc/systemd/network/external.network
- name: "enable networkd"
systemd:
name: systemd-networkd
enabled: yes
vars:
ansible_python_interpreter: /usr/bin/python3
# You may want to override these.
user_locale: |
export LC_CTYPE=fi_FI.UTF8
user_keyboard_model: pc105
user_keyboard_layout: fi
user_console_codeset: Lat15
|
