2 ssh_keys_tuergit: "{{ ssh_keys_root }}"
6 openwrt_output_image_suffixes:
8 - combined-squashfs.img
10 openwrt_packages_extra:
24 /usr/local/bin/door_client:
26 file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client"
27 /usr/local/bin/door_daemon:
29 file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon"
30 /usr/local/bin/update-keys:
32 file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys"
34 /usr/local/bin/authorized_keys.sh:
36 file: "{{ global_files_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
38 /usr/local/bin/update-keys-from-stdin.sh:
40 file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
46 AllowUsers root tuerctl tuergit
47 AuthenticationMethods publickey
48 AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
50 AllowAgentForwarding no
53 UsePrivilegeSeparation sandbox
55 Subsystem sftp /usr/libexec/sftp-server
58 AuthorizedKeysFile /dev/null
59 AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
60 AuthorizedKeysCommandUser tuergit
62 /etc/ssh/authorized_keys.d/root:
64 {% for key in ssh_keys_root %}
68 /etc/ssh/authorized_keys.d/tuergit:
70 {% for key in ssh_keys_tuergit %}
78 hostname: '{{ inventory_hostname }}'
79 timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
84 - name: timeserver 'ntp'
89 - '0.lede.pool.ntp.org'
90 - '1.lede.pool.ntp.org'
91 - '2.lede.pool.ntp.org'
92 - '3.lede.pool.ntp.org'
95 - name: globals 'globals'
97 ula_prefix: fdc9:e01f:83db::/48
99 - name: interface 'loopback'
106 - name: interface 'mgmt'
111 ipaddr: "{{ net.mgmt.prefix | ipaddr(100) | ipaddr('address') }}"
112 netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
113 gateway: "{{ net.mgmt.gw }}"
114 dns: "{{ net.mgmt.dns | join(' ') }}"
115 dns_search: realraum.at
122 opts: nosuid,nodev,noexec,noatime
128 shell: /usr/bin/git-shell
130 shell: /bin/false # TODO fixme