ansible/host_vars/torwaechter/main.yml

   1 ---
   2 openwrt_arch: x86
   3 openwrt_target: geode
   4 openwrt_output_image_suffixes:
   5   - combined-ext4.img.gz
   6   - combined-squashfs.img
   7
   8 openwrt_packages_extra:
   9   - "-dropbear"
  10   - hwclock
  11   - flashrom
  12   - git
  13   - kmod-usb-acm
  14   - openssh-server
  15   - openssh-sftp-server
  16   - screen
  17   - sudo
  18   - usbutils
  19
  20 openwrt_mixin:
  21   # Go binaries
  22   /usr/local/bin/door_client:
  23     mode: '0755'
  24     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client"
  25   /usr/local/bin/door_daemon:
  26     mode: '0755'
  27     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon"
  28   /usr/local/bin/update-keys:
  29     mode: '0755'
  30     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys"
  31
  32   /usr/local/bin/authorized_keys.sh:
  33     mode: '0755'
  34     file: "{{ global_files_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
  35
  36   /usr/local/bin/update-keys-from-stdin.sh:
  37     mode: '0755'
  38     file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
  39
  40   /etc/ssh/sshd_config:
  41     content: |
  42       Port 22000
  43
  44       AllowUsers root tuerctl tuergit
  45       AuthenticationMethods publickey
  46       AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
  47
  48       AllowAgentForwarding no
  49       AllowTcpForwarding no
  50       X11Forwarding no
  51       UsePrivilegeSeparation sandbox
  52
  53       Subsystem sftp /usr/libexec/sftp-server
  54
  55       Match User tuerctl
  56         AuthorizedKeysFile /dev/null
  57         AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
  58         AuthorizedKeysCommandUser tuergit
  59
  60   /etc/ssh/authorized_keys.d/root:
  61     content: |-
  62       {% for key in noc_ssh_keys %}
  63       {{ key }}
  64       {% endfor %}
  65
  66   /etc/ssh/authorized_keys.d/tuergit:
  67     content: |-
  68       {% for key in noc_ssh_keys %}
  69       {{ key }}
  70       {% endfor %}
  71
  72 openwrt_uci:
  73   system:
  74     - name: system
  75       options:
  76         hostname: '{{ inventory_hostname }}'
  77         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
  78         ttylogin: '0'
  79         log_size: '64'
  80         urandom_seed: '0'
  81
  82     - name: timeserver 'ntp'
  83       options:
  84         enabled: '1'
  85         enable_server: '0'
  86         server:
  87           - '0.lede.pool.ntp.org'
  88           - '1.lede.pool.ntp.org'
  89           - '2.lede.pool.ntp.org'
  90           - '3.lede.pool.ntp.org'
  91
  92   network:
  93     - name: globals 'globals'
  94       options:
  95         ula_prefix: fdc9:e01f:83db::/48
  96
  97     - name: interface 'loopback'
  98       options:
  99         ifname: lo
 100         proto: static
 101         ipaddr: 127.0.0.1
 102         netmask: 255.0.0.0
 103
 104     - name: interface 'mgmt'
 105       options:
 106         ifname: eth0
 107         accept_ra: 0
 108         proto: static
 109         ipaddr: "{{ net.mgmt.prefix | ipaddr(100) | ipaddr('address') }}"
 110         netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
 111         gateway: "{{ net.mgmt.gw }}"
 112         dns: "{{ net.mgmt.dns | join(' ') }}"
 113         dns_search: realraum.at
 114
 115
 116 openwrt_mounts:
 117   - path: /run
 118     src: none
 119     fstype: tmpfs
 120     opts: nosuid,nodev,noexec,noatime
 121
 122 openwrt_users:
 123   tuerd: {}
 124   tuergit:
 125     home:  /home/tuergit
 126     shell: /usr/bin/git-shell
 127   tuerctl:
 128     shell: /bin/false # TODO fixme