projects / noc.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
torwaechter is moved to new mgmt vlan
[noc.git] / ansible / host_vars / torwaechter / main.yml
1 ---
2 openwrt_arch: x86
3 openwrt_target: geode
4 openwrt_output_image_suffixes:
5   - combined-ext4.img.gz
6   - combined-squashfs.img
7
8 openwrt_packages_extra:
9   - "-dropbear"
10   - flashrom
11   - git
12   - kmod-usb-acm
13   - openssh-server
14   - openssh-sftp-server
15   - screen
16   - sudo
17   - usbutils
18
19 openwrt_mixin:
20   # Go binaries
21   /usr/local/bin/door_client:
22     mode: '0755'
23     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_client/door_client"
24   /usr/local/bin/door_daemon:
25     mode: '0755'
26     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/door_daemon/door_daemon"
27   /usr/local/bin/update-keys:
28     mode: '0755'
29     file: "{{ global_cache_dir }}/{{ inventory_hostname }}/door_and_sensors/update-keys/update-keys"
30
31   /usr/local/bin/authorized_keys.sh:
32     mode: '0755'
33     file: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/authorized_keys.sh"
34
35   /usr/local/bin/update-keys-from-stdin.sh:
36     mode: '0755'
37     file: "{{ global_artifacts_dir }}/{{ inventory_hostname }}/update-keys-from-stdin.sh"
38
39   /etc/ssh/sshd_config:
40     content: |
41       Port 22000
42
43       AllowUsers root tuerctl tuergit
44       AuthenticationMethods publickey
45       AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
46
47       AllowAgentForwarding no
48       AllowTcpForwarding no
49       X11Forwarding no
50       UsePrivilegeSeparation sandbox
51
52       Subsystem sftp /usr/libexec/sftp-server
53
54       Match User tuerctl
55         AuthorizedKeysFile /dev/null
56         AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
57         AuthorizedKeysCommandUser tuergit
58
59   /etc/ssh/authorized_keys.d/root:
60     content: |-
61       {% for key in noc_ssh_keys %}
62       {{ key }}
63       {% endfor %}
64
65   /etc/ssh/authorized_keys.d/tuergit:
66     content: |-
67       {% for key in noc_ssh_keys %}
68       {{ key }}
69       {% endfor %}
70
71 openwrt_uci:
72   system:
73     - name: system
74       options:
75         hostname: '{{ inventory_hostname }}'
76         timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
77         ttylogin: '0'
78         log_size: '64'
79         urandom_seed: '0'
80
81     - name: timeserver 'ntp'
82       options:
83         enabled: '1'
84         enable_server: '0'
85         server:
86           - '0.lede.pool.ntp.org'
87           - '1.lede.pool.ntp.org'
88           - '2.lede.pool.ntp.org'
89           - '3.lede.pool.ntp.org'
90
91   network:
92     - name: globals 'globals'
93       options:
94         ula_prefix: fdc9:e01f:83db::/48
95
96     - name: interface 'loopback'
97       options:
98         ifname: lo
99         proto: static
100         ipaddr: 127.0.0.1
101         netmask: 255.0.0.0
102
103     - name: interface 'lan'
104       options:
105         ifname: eth0
106         accept_ra: 0
107         proto: static
108         ipaddr: 192.168.32.100
109         netmask: 255.255.255.0
110         gateway: 192.168.32.254
111         dns: 192.168.32.254
112         dns_search: realraum.at
113
114
115 openwrt_mounts:
116   - path: /run
117     src: none
118     fstype: tmpfs
119     opts: nosuid,nodev,noexec,noatime
120
121 openwrt_users:
122   tuerd: {}
123   tuergit:
124     home:  /home/tuergit
125     shell: /usr/bin/git-shell
126   tuerctl:
127     shell: /bin/false # TODO fixme
realraum noc documentation and public ressources