ansible/host_vars/torwaechter/main.yml

   1 ---
   2 ssh_users_tuergit: "{{ user_groups.noc | union(['fgenesis']) }}"
   3
   4 openwrt_variant: openwrt
   5 openwrt_release: 18.06.4
   6 openwrt_arch: x86
   7 openwrt_target: geode
   8 openwrt_output_image_suffixes:
   9   - combined-ext4.img.gz
  10   - combined-squashfs.img.gz
  11
  12 openwrt_packages_extra:
  13   - "-dropbear"
  14   - hwclock
  15   - flashrom
  16   - git
  17   - kmod-usb-acm
  18   - openssh-server
  19   - openssh-sftp-server
  20   - screen
  21   - sudo
  22   - usbutils
  23   - rsync
  24   - lsblk
  25
  26 openwrt_mixin:
  27   /run:
  28     dirname:
  29
  30   # Go binaries
  31   /usr/local/bin/door_client:
  32     mode: '0755'
  33     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client"
  34   /usr/local/bin/door_daemon:
  35     mode: '0755'
  36     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon"
  37   /usr/local/bin/update-keys:
  38     mode: '0755'
  39     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys"
  40
  41   /usr/local/bin/authorized_keys.sh:
  42     mode: '0755'
  43     file: "{{ global_files_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
  44
  45   /usr/local/bin/update-keys-from-stdin.sh:
  46     mode: '0755'
  47     file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
  48
  49   /etc/ssh/sshd_config:
  50     content: |
  51       Port 22000
  52
  53       AllowUsers root tuerctl tuergit
  54       AuthenticationMethods publickey
  55       AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
  56
  57       AllowAgentForwarding no
  58       AllowTcpForwarding no
  59       X11Forwarding no
  60       UsePrivilegeSeparation sandbox
  61
  62       Subsystem sftp /usr/libexec/sftp-server
  63
  64       Match User tuerctl
  65         AuthorizedKeysFile /dev/null
  66         AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
  67         AuthorizedKeysCommandUser tuergit
  68
  69   /etc/ssh/authorized_keys.d/root:
  70     content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
  71
  72   /etc/ssh/authorized_keys.d/tuergit:
  73     content: "{{ ssh_users_tuergit | user_ssh_keys(users) | join('\n') }}\n"
  74
  75 openwrt_uci:
  76   system:
  77     - name: system
  78       options:
  79         hostname: '{{ inventory_hostname }}'
  80         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
  81         ttylogin: '0'
  82         log_size: '64'
  83         urandom_seed: '0'
  84
  85     - name: timeserver 'ntp'
  86       options:
  87         enabled: '1'
  88         enable_server: '0'
  89         server:
  90           - '0.lede.pool.ntp.org'
  91           - '1.lede.pool.ntp.org'
  92           - '2.lede.pool.ntp.org'
  93           - '3.lede.pool.ntp.org'
  94
  95   network:
  96     - name: globals 'globals'
  97       options:
  98         ula_prefix: fdc9:e01f:83db::/48
  99
 100     - name: interface 'loopback'
 101       options:
 102         ifname: lo
 103         proto: static
 104         ipaddr: 127.0.0.1
 105         netmask: 255.0.0.0
 106
 107     - name: interface 'mgmt'
 108       options:
 109         ifname: eth0
 110         accept_ra: 0
 111         proto: static
 112         ipaddr: "{{ net.mgmt.prefix | ipaddr(100) | ipaddr('address') }}"
 113         netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
 114         gateway: "{{ net.mgmt.gw }}"
 115         dns: "{{ net.mgmt.dns | join(' ') }}"
 116         dns_search: realraum.at
 117
 118
 119 openwrt_mounts:
 120   - path: /run
 121     src: none
 122     fstype: tmpfs
 123     opts: nosuid,nodev,noexec,noatime
 124
 125 openwrt_users:
 126   tuerd: {}
 127   tuergit:
 128     home:  /home/tuergit
 129     shell: /usr/bin/git-shell
 130   tuerctl:
 131     shell: /bin/false # TODO fixme