2 ssh_users_tuergit: "{{ user_groups.noc | union(['fgenesis']) }}"
4 openwrt_variant: openwrt
5 openwrt_release: 18.06.4
8 openwrt_output_image_suffixes:
10 - combined-squashfs.img.gz
12 openwrt_packages_extra:
26 /usr/local/bin/door_client:
28 file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client"
29 /usr/local/bin/door_daemon:
31 file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon"
32 /usr/local/bin/update-keys:
34 file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys"
36 /usr/local/bin/authorized_keys.sh:
38 file: "{{ global_files_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
40 /usr/local/bin/update-keys-from-stdin.sh:
42 file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
48 AllowUsers root tuerctl tuergit
49 AuthenticationMethods publickey
50 AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
52 AllowAgentForwarding no
55 UsePrivilegeSeparation sandbox
57 Subsystem sftp /usr/libexec/sftp-server
60 AuthorizedKeysFile /dev/null
61 AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
62 AuthorizedKeysCommandUser tuergit
64 /etc/ssh/authorized_keys.d/root:
65 content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
67 /etc/ssh/authorized_keys.d/tuergit:
68 content: "{{ ssh_users_tuergit | user_ssh_keys(users) | join('\n') }}\n"
74 hostname: '{{ inventory_hostname }}'
75 timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
80 - name: timeserver 'ntp'
85 - '0.lede.pool.ntp.org'
86 - '1.lede.pool.ntp.org'
87 - '2.lede.pool.ntp.org'
88 - '3.lede.pool.ntp.org'
91 - name: globals 'globals'
93 ula_prefix: fdc9:e01f:83db::/48
95 - name: interface 'loopback'
102 - name: interface 'mgmt'
107 ipaddr: "{{ net.mgmt.prefix | ipaddr(100) | ipaddr('address') }}"
108 netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
109 gateway: "{{ net.mgmt.gw }}"
110 dns: "{{ net.mgmt.dns | join(' ') }}"
111 dns_search: realraum.at
118 opts: nosuid,nodev,noexec,noatime
124 shell: /usr/bin/git-shell
126 shell: /bin/false # TODO fixme