--- - hosts: torwaechter connection: local pre_tasks: - name: Create go directories file: path: .cache/openwrt/tuer/{{ item }} state: directory with_items: [ gopath, gocache ] - name: Clone necessary git repositories git: repo: https://github.com/realraum/{{ item }}.git dest: .cache/openwrt/tuer/{{ item }} update: True with_items: [ door_and_sensors ] - name: Download dependencies command: go get -d ./... args: chdir: .cache/openwrt/tuer/door_and_sensors/{{ item }} environment: GOCACHE: "{{ playbook_dir }}/.cache/openwrt/tuer/gocache" GOPATH: "{{ playbook_dir }}/.cache/openwrt/tuer/gopath" with_items: [ door_client, door_daemon, update-keys ] - name: Cross-compile Go binaries command: go build -ldflags "-s" args: chdir: .cache/openwrt/tuer/door_and_sensors/{{ item }} environment: GOCACHE: "{{ playbook_dir }}/.cache/openwrt/tuer/gocache" GOPATH: "{{ playbook_dir }}/.cache/openwrt/tuer/gopath" GO386: 387 CGO_ENABLED: 0 GOOS: linux GOARCH: 386 with_items: [ door_client, door_daemon, update-keys ] roles: - role: openwrt-image delegate_to: localhost vars: openwrt_arch: x86 openwrt_target: geode openwrt_output_image_suffixes: - combined-ext4.img.gz - combined-squashfs.img openwrt_packages_remove: - ppp - ppp-mod-pppoe - dnsmasq - firewall - odhcpd openwrt_packages_add: - flashrom - haveged - htop - hwclock - ip - less - nano - tcpdump openwrt_packages_extra: - "-dropbear" - git - kmod-usb-acm - openssh-server - openssh-sftp-server - screen - sudo - usbutils openwrt_mixin: # Go binaries /usr/local/bin/door_client: mode: '0755' file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_client/door_client" /usr/local/bin/door_daemon: mode: '0755' file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_daemon/door_daemon" /usr/local/bin/update-keys: mode: '0755' file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/update-keys/update-keys" /usr/local/bin/authorized_keys.sh: mode: '0755' file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh" /usr/local/bin/update-keys-from-stdin.sh: mode: '0755' file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh" /etc/ssh/sshd_config: content: | Port 22000 AllowUsers root tuerctl tuergit AuthenticationMethods publickey AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no UsePrivilegeSeparation sandbox Subsystem sftp /usr/libexec/sftp-server Match User tuerctl AuthorizedKeysFile /dev/null AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh AuthorizedKeysCommandUser tuergit /etc/ssh/authorized_keys.d/root: content: |- {% for key in noc_ssh_keys %} {{ key }} {% endfor %} /etc/ssh/authorized_keys.d/tuergit: content: |- {% for key in noc_ssh_keys %} {{ key }} {% endfor %} openwrt_uci: system: - name: system options: hostname: '{{ inventory_hostname }}' timezone: 'CET-1CEST,M3.5.0,M10.5.0/3' ttylogin: '0' log_size: '64' urandom_seed: '0' - name: timeserver 'ntp' options: enabled: '1' enable_server: '0' server: - '0.lede.pool.ntp.org' - '1.lede.pool.ntp.org' - '2.lede.pool.ntp.org' - '3.lede.pool.ntp.org' network: - name: globals 'globals' options: ula_prefix: fdc9:e01f:83db::/48 - name: interface 'loopback' options: ifname: lo proto: static ipaddr: 127.0.0.1 netmask: 255.0.0.0 - name: interface 'lan' options: ifname: eth0 accept_ra: 0 proto: static ipaddr: 192.168.33.7 netmask: 255.255.255.0 gateway: 192.168.33.1 dns: 192.168.33.1 dns_search: realraum.at openwrt_mounts: - path: /run src: none fstype: tmpfs opts: nosuid,nodev,noexec,noatime openwrt_users: tuerd: {} tuergit: home: /home/tuergit shell: /usr/bin/git-shell tuerctl: shell: /bin/false # TODO fixme