ansible/host_vars/torwaechter/main.yml

   1 ---
   2 ssh_users_tuergit: "{{ user_groups.noc | union(['fgenesis','d3','ruru']) }}"
   3
   4 openwrt_arch: x86
   5 openwrt_target: geode
   6 openwrt_output_image_suffixes:
   7   - combined-ext4.img.gz
   8   - combined-squashfs.img
   9
  10 openwrt_packages_extra:
  11   - "-dropbear"
  12   - hwclock
  13   - flashrom
  14   - git
  15   - kmod-usb-acm
  16   - openssh-server
  17   - openssh-sftp-server
  18   - screen
  19   - sudo
  20   - usbutils
  21
  22 openwrt_mixin:
  23   # Go binaries
  24   /usr/local/bin/door_client:
  25     mode: '0755'
  26     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client"
  27   /usr/local/bin/door_daemon:
  28     mode: '0755'
  29     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon"
  30   /usr/local/bin/update-keys:
  31     mode: '0755'
  32     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys"
  33
  34   /usr/local/bin/authorized_keys.sh:
  35     mode: '0755'
  36     file: "{{ global_files_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
  37
  38   /usr/local/bin/update-keys-from-stdin.sh:
  39     mode: '0755'
  40     file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
  41
  42   /etc/ssh/sshd_config:
  43     content: |
  44       Port 22000
  45
  46       AllowUsers root tuerctl tuergit
  47       AuthenticationMethods publickey
  48       AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
  49
  50       AllowAgentForwarding no
  51       AllowTcpForwarding no
  52       X11Forwarding no
  53       UsePrivilegeSeparation sandbox
  54
  55       Subsystem sftp /usr/libexec/sftp-server
  56
  57       Match User tuerctl
  58         AuthorizedKeysFile /dev/null
  59         AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
  60         AuthorizedKeysCommandUser tuergit
  61
  62   /etc/ssh/authorized_keys.d/root:
  63     content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
  64
  65   /etc/ssh/authorized_keys.d/tuergit:
  66     content: "{{ ssh_users_tuergit | user_ssh_keys(users) | join('\n') }}\n"
  67
  68 openwrt_uci:
  69   system:
  70     - name: system
  71       options:
  72         hostname: '{{ inventory_hostname }}'
  73         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
  74         ttylogin: '0'
  75         log_size: '64'
  76         urandom_seed: '0'
  77
  78     - name: timeserver 'ntp'
  79       options:
  80         enabled: '1'
  81         enable_server: '0'
  82         server:
  83           - '0.lede.pool.ntp.org'
  84           - '1.lede.pool.ntp.org'
  85           - '2.lede.pool.ntp.org'
  86           - '3.lede.pool.ntp.org'
  87
  88   network:
  89     - name: globals 'globals'
  90       options:
  91         ula_prefix: fdc9:e01f:83db::/48
  92
  93     - name: interface 'loopback'
  94       options:
  95         ifname: lo
  96         proto: static
  97         ipaddr: 127.0.0.1
  98         netmask: 255.0.0.0
  99
 100     - name: interface 'mgmt'
 101       options:
 102         ifname: eth0
 103         accept_ra: 0
 104         proto: static
 105         ipaddr: "{{ net.mgmt.prefix | ipaddr(100) | ipaddr('address') }}"
 106         netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
 107         gateway: "{{ net.mgmt.gw }}"
 108         dns: "{{ net.mgmt.dns | join(' ') }}"
 109         dns_search: realraum.at
 110
 111
 112 openwrt_mounts:
 113   - path: /run
 114     src: none
 115     fstype: tmpfs
 116     opts: nosuid,nodev,noexec,noatime
 117
 118 openwrt_users:
 119   tuerd: {}
 120   tuergit:
 121     home:  /home/tuergit
 122     shell: /usr/bin/git-shell
 123   tuerctl:
 124     shell: /bin/false # TODO fixme