ansible/host_vars/torwaechter/main.yml

   1 ---
   2 ssh_users_tuergit: "{{ user_groups.noc | union(['fgenesis']) }}"
   3
   4 openwrt_variant: openwrt
   5 openwrt_release: 18.06.4
   6 openwrt_arch: x86
   7 openwrt_target: geode
   8 openwrt_output_image_suffixes:
   9   - combined-ext4.img.gz
  10   - combined-squashfs.img.gz
  11
  12 openwrt_packages_extra:
  13   - "-dropbear"
  14   - hwclock
  15   - flashrom
  16   - git
  17   - kmod-usb-acm
  18   - openssh-server
  19   - openssh-sftp-server
  20   - screen
  21   - sudo
  22   - usbutils
  23   - rsync
  24   - lsblk
  25
  26 openwrt_mixin:
  27   ## this file will not be created because there is no file, link or content field below it
  28   ## but it will force the creation of /home
  29   /home/.placeholder: {}
  30   /run:
  31     link: "/var/run"
  32
  33   # Go binaries
  34   /usr/local/bin/door_client:
  35     mode: '0755'
  36     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client"
  37   /usr/local/bin/door_daemon:
  38     mode: '0755'
  39     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon"
  40   /usr/local/bin/update-keys:
  41     mode: '0755'
  42     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys"
  43
  44   # door daemon init scripts and configs
  45   /etc/init.d/doord:
  46     mode: '0755'
  47     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/initscripts/doord.openwrt"
  48   /etc/default/door:
  49     mode: '0755'
  50     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/initscripts/door.default"
  51   /etc/default/tuer:
  52     link: "./door"
  53   /etc/rc.d/S50doord:
  54     link: "../init.d/doord"
  55
  56   # hotplug files
  57   /etc/hotplug.d/tty/door.tty:
  58     mode: '0755'
  59     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/scripts/door.tty"
  60   /etc/hotplug.d/usb/door.usb:
  61     mode: '0755'
  62     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/scripts/door.usb"
  63
  64   /usr/local/bin/authorized_keys.sh:
  65     mode: '0755'
  66     file: "{{ global_files_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
  67
  68   /usr/local/bin/update-keys-from-stdin.sh:
  69     mode: '0755'
  70     file: "{{ global_files_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
  71
  72   /etc/ssh/sshd_config:
  73     content: |
  74       Port 22000
  75
  76       AllowUsers root tuerctl tuergit
  77       AuthenticationMethods publickey
  78       AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
  79
  80       AllowAgentForwarding no
  81       AllowTcpForwarding no
  82       X11Forwarding no
  83       UsePrivilegeSeparation sandbox
  84
  85       Subsystem sftp /usr/libexec/sftp-server
  86
  87       Match User tuerctl
  88         AuthorizedKeysFile /dev/null
  89         AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
  90         AuthorizedKeysCommandUser tuergit
  91
  92   /etc/ssh/authorized_keys.d/root:
  93     content: "{{ ssh_users_root | user_ssh_keys(users) | join('\n') }}\n"
  94
  95   /etc/ssh/authorized_keys.d/tuergit:
  96     content: "{{ ssh_users_tuergit | user_ssh_keys(users) | join('\n') }}\n"
  97
  98 openwrt_uci:
  99   system:
 100     - name: system
 101       options:
 102         hostname: '{{ inventory_hostname }}'
 103         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
 104         ttylogin: '0'
 105         log_size: '64'
 106         urandom_seed: '0'
 107
 108     - name: timeserver 'ntp'
 109       options:
 110         enabled: '1'
 111         enable_server: '0'
 112         server:
 113           - '0.lede.pool.ntp.org'
 114           - '1.lede.pool.ntp.org'
 115           - '2.lede.pool.ntp.org'
 116           - '3.lede.pool.ntp.org'
 117
 118   network:
 119     - name: globals 'globals'
 120       options:
 121         ula_prefix: fdc9:e01f:83db::/48
 122
 123     - name: interface 'loopback'
 124       options:
 125         ifname: lo
 126         proto: static
 127         ipaddr: 127.0.0.1
 128         netmask: 255.0.0.0
 129
 130     - name: interface 'mgmt'
 131       options:
 132         ifname: eth0
 133         accept_ra: 0
 134         proto: static
 135         ipaddr: "{{ net.mgmt.prefix | ipaddr(100) | ipaddr('address') }}"
 136         netmask: "{{ net.mgmt.prefix | ipaddr('netmask') }}"
 137         gateway: "{{ net.mgmt.gw }}"
 138         dns: "{{ net.mgmt.dns | join(' ') }}"
 139         dns_search: realraum.at
 140
 141
 142 # does not work, using symlink to /var/run instead for now
 143 openwrt_mounts:
 144   - path: /run
 145     src: none
 146     fstype: tmpfs
 147     opts: nosuid,nodev,noexec,noatime
 148
 149 openwrt_users:
 150   tuerd: {}
 151   tuergit:
 152     home:  /home/tuergit
 153     shell: /usr/bin/git-shell
 154   tuerctl:
 155     shell: /bin/false # TODO fixme