std.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105

# Ansible playbook to install stuff for a standard install with v-i.
# You should inspect the user_* variables at the end, and override
# them with "ansible_vars" in the system spec file. v-i sets the
# hostname variable automatically.

- hosts: image
  tasks:
    - name: "set /etc/hostname"
      copy:
        content: |
          {{ hostname }}
        dest: /etc/hostname

    - name: "lock root password"
      shell: |
        passwd -l root

    - name: "create ~root/.ssh"
      when: user_pub is defined
      file:
        state: directory
        path: /root/.ssh
        owner: root
        group: root
        mode: 0700

    - name: "set ~root/.ssh/authorized keys"
      when: user_pub is defined
      copy:
        content: |
          {{ user_pub }}
        dest: /root/.ssh/authorized_keys
        owner: root
        group: root
        mode: 0600

    - name: "install user CA public key"
      when: user_ca_pubkey is defined
      copy:
        content: |
          {{ user_ca_pubkey }}
        dest: /etc/ssh/user_ca_keys

    - name: "configure sshd to accept CA for users"
      when: user_ca_pubkey is defined
      copy:
        content: TrustedUserCAKeys /etc/ssh/user_ca_keys
        dest: /etc/ssh/sshd_config.d/userca.conf

    - name: "configure keyboard layout"
      copy:
        content: |
          XKBMODEL="{{ user_keyboard_model }}"
          XKBLAYOUT="{{ user_keyboard_layout }}"
          XKBVARIANT=""
          XKBOPTIONS=""
          BACKSPACE="guess"
        dest: /etc/default/keyboard

    - name: "configure console"
      copy:
        content: |
          ACTIVE_CONSOLES="/dev/tty[1-6]"
          CHARMAP="UTF-8"
          CODESET="{{ user_console_codeset }}"
          FONTFACE="Fixed"
          FONTSIZE="8x16"
          VIDEOMODE=
        dest: /etc/default/console-setup

    - name: "set default locales for all users"
      copy:
        content: |
          {{ user_locale }}
        dest: /etc/profile.d/locale.sh

    - name: "remove ifupdown"
      apt:
        name: ifupdown
        state: absent

    - name: "configure networkd"
      copy:
        content: |
          [Match]
          Name=eth0

          [Network]
          DHCP=yes
        dest: /etc/systemd/network/external.network

    - name: "enable networkd"
      systemd:
        name: systemd-networkd
        enabled: yes

  vars:
    ansible_python_interpreter: /usr/bin/python3

    # You may want to override these.
    user_locale: |
      export LC_CTYPE=fi_FI.UTF8
    user_keyboard_model: pc105
    user_keyboard_layout: fi
    user_console_codeset: Lat15