projects / noc.git / blob
? search:


a1ec1dd99de59e640b996699768d659f9aae477d
[noc.git] / ansible / host_vars / torwaechter / main.yml
1 ---
2 ssh_users_tuergit: "{{ user_groups.noc | union(['fgenesis']) }}"
3
4 openwrt_variant: openwrt
5 openwrt_release: 18.06.4
6 openwrt_arch: x86
7 openwrt_target: geode
8 openwrt_output_image_suffixes:
9   - combined-ext4.img.gz
10   - combined-squashfs.img.gz
11
12 openwrt_packages_extra:
13   - "-dropbear"
14   - hwclock
15   - flashrom
16   - git
17   - kmod-usb-acm
18   - openssh-server
19   - openssh-sftp-server
20   - screen
21   - sudo
22   - usbutils
23   - rsync
24   - lsblk
25
26 openwrt_mixin:
27   /etc/default:
28     dirname:
29   /etc/hotplug.d/tty/:
30     dirname:
31   /etc/hotplug.d/usb/:
32     dirname:
33   /home:
34     dirname:
35   /run:
36     dirname:
37
38   # Go binaries
39   /usr/local/bin/door_client:
40     mode: '0755'
41     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client"
42   /usr/local/bin/door_daemon:
43     mode: '0755'
44     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon"
45   /usr/local/bin/update-keys:
46     mode: '0755'
47     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys"
48
49   # door daemon init scripts and configs
50   /etc/init.d/doord:
51     mode: '0755'
52     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/initscripts/doord.openwrt"
53   /etc/default/door:
54     mode: '0755'
55     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/initscripts/door.default"
56   /etc/default/tuer:
57     link: "./door"
58   /etc/rc.d/S50doord:
59     link: "../init.d/doord"
60
61   # hotplug files
62   /etc/hotplug.d/tty/door.tty:
63     mode: '0755'
64     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/scripts/door.tty"
65   /etc/hotplug.d/usb/door.usb:
66     mode: '0755'
67     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/scripts/door.usb"
68
69   /usr/local/bin/authorized_keys.sh:
70     mode: '0755'
71     file: "{{ global_files_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
72
73   /usr/local/bin/update-keys-from-stdin.sh:
74     mode: '0755'
75     file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
76
77   /etc/ssh/sshd_config:
78     content: |
79       Port 22000
80
81       AllowUsers root tuerctl tuergit
82       AuthenticationMethods publickey
83       AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
84
85       AllowAgentForwarding no
86       AllowTcpForwarding no
87       X11Forwarding no
88       UsePrivilegeSeparation sandbox
89
90       Subsystem sftp /usr/libexec/sftp-server
91
92       Match User tuerctl
93         AuthorizedKeysFile /dev/null
94         AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
95         AuthorizedKeysCommandUser tuergit
96
97   /etc/ssh/authorized_keys.d/root:
98     content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
99
100   /etc/ssh/authorized_keys.d/tuergit:
101     content: "{{ ssh_users_tuergit | user_ssh_keys(users) | join('\n') }}\n"
102
103 openwrt_uci:
104   system:
105     - name: system
106       options:
107         hostname: '{{ inventory_hostname }}'
108         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
109         ttylogin: '0'
110         log_size: '64'
111         urandom_seed: '0'
112
113     - name: timeserver 'ntp'
114       options:
115         enabled: '1'
116         enable_server: '0'
117         server:
118           - '0.lede.pool.ntp.org'
119           - '1.lede.pool.ntp.org'
120           - '2.lede.pool.ntp.org'
121           - '3.lede.pool.ntp.org'
122
123   network:
124     - name: globals 'globals'
125       options:
126         ula_prefix: fdc9:e01f:83db::/48
127
128     - name: interface 'loopback'
129       options:
130         ifname: lo
131         proto: static
132         ipaddr: 127.0.0.1
133         netmask: 255.0.0.0
134
135     - name: interface 'mgmt'
136       options:
137         ifname: eth0
138         accept_ra: 0
139         proto: static
140         ipaddr: "{{ net.mgmt.prefix | ipaddr(100) | ipaddr('address') }}"
141         netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
142         gateway: "{{ net.mgmt.gw }}"
143         dns: "{{ net.mgmt.dns | join(' ') }}"
144         dns_search: realraum.at
145
146
147 openwrt_mounts:
148   - path: /run
149     src: none
150     fstype: tmpfs
151     opts: nosuid,nodev,noexec,noatime
152
153 openwrt_users:
154   tuerd: {}
155   tuergit:
156     home:  /home/tuergit
157     shell: /usr/bin/git-shell
158   tuerctl:
159     shell: /bin/false # TODO fixme
realraum noc documentation and public ressources