X-Git-Url: https://git.realraum.at/?a=blobdiff_plain;f=ansible%2Ftuer.yml;fp=ansible%2Ftuer.yml;h=0d26eb3560a28711110ab980855fa379bfa0f259;hb=47fbe911e347274a0522c1cdb8e5d0d5a2f695f4;hp=853a0cff8eb1cb637783179a1f35b94bd495226f;hpb=f8daca62b6517dd17d40a3a0342cbd5c8ec7b6f8;p=noc.git diff --git a/ansible/tuer.yml b/ansible/tuer.yml index 853a0cf..0d26eb3 100644 --- a/ansible/tuer.yml +++ b/ansible/tuer.yml @@ -40,144 +40,3 @@ roles: - role: openwrt-image delegate_to: localhost - vars: - openwrt_arch: x86 - openwrt_target: geode - openwrt_output_image_suffixes: - - combined-ext4.img.gz - - combined-squashfs.img - openwrt_packages_remove: - - ppp - - ppp-mod-pppoe - - dnsmasq - - firewall - - odhcpd - openwrt_packages_add: - - flashrom - - haveged - - htop - - hwclock - - ip - - less - - nano - - tcpdump - openwrt_packages_extra: - - "-dropbear" - - git - - kmod-usb-acm - - openssh-server - - openssh-sftp-server - - screen - - sudo - - usbutils - - openwrt_mixin: - # Go binaries - /usr/local/bin/door_client: - mode: '0755' - file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_client/door_client" - /usr/local/bin/door_daemon: - mode: '0755' - file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_daemon/door_daemon" - /usr/local/bin/update-keys: - mode: '0755' - file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/update-keys/update-keys" - - /usr/local/bin/authorized_keys.sh: - mode: '0755' - file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh" - - /usr/local/bin/update-keys-from-stdin.sh: - mode: '0755' - file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh" - - /etc/ssh/sshd_config: - content: | - Port 22000 - - AllowUsers root tuerctl tuergit - AuthenticationMethods publickey - AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u - - AllowAgentForwarding no - AllowTcpForwarding no - X11Forwarding no - UsePrivilegeSeparation sandbox - - Subsystem sftp /usr/libexec/sftp-server - - Match User tuerctl - AuthorizedKeysFile /dev/null - AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh - AuthorizedKeysCommandUser tuergit - - - /etc/ssh/authorized_keys.d/root: - content: |- - {% for key in noc_ssh_keys %} - {{ key }} - {% endfor %} - - /etc/ssh/authorized_keys.d/tuergit: - content: |- - {% for key in noc_ssh_keys %} - {{ key }} - {% endfor %} - - openwrt_uci: - system: - - name: system - options: - hostname: '{{ inventory_hostname }}' - timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' - ttylogin: '0' - log_size: '64' - urandom_seed: '0' - - - name: timeserver 'ntp' - options: - enabled: '1' - enable_server: '0' - server: - - '0.lede.pool.ntp.org' - - '1.lede.pool.ntp.org' - - '2.lede.pool.ntp.org' - - '3.lede.pool.ntp.org' - - network: - - name: globals 'globals' - options: - ula_prefix: fdc9:e01f:83db::/48 - - - name: interface 'loopback' - options: - ifname: lo - proto: static - ipaddr: 127.0.0.1 - netmask: 255.0.0.0 - - - name: interface 'lan' - options: - ifname: eth0 - accept_ra: 0 - proto: static - ipaddr: 192.168.33.7 - netmask: 255.255.255.0 - gateway: 192.168.33.1 - dns: 192.168.33.1 - dns_search: realraum.at - - - openwrt_mounts: - - path: /run - src: none - fstype: tmpfs - opts: nosuid,nodev,noexec,noatime - - openwrt_users: - tuerd: {} - tuergit: - home: /home/tuergit - shell: /usr/bin/git-shell - tuerctl: - shell: /bin/false # TODO fixme