--- /dev/null
+---
+openwrt_arch: x86
+openwrt_target: geode
+openwrt_output_image_suffixes:
+ - combined-ext4.img.gz
+ - combined-squashfs.img
+
+openwrt_packages_extra:
+ - "-dropbear"
+ - flashrom
+ - git
+ - kmod-usb-acm
+ - openssh-server
+ - openssh-sftp-server
+ - screen
+ - sudo
+ - usbutils
+
+openwrt_mixin:
+ # Go binaries
+ /usr/local/bin/door_client:
+ mode: '0755'
+ file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_client/door_client"
+ /usr/local/bin/door_daemon:
+ mode: '0755'
+ file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_daemon/door_daemon"
+ /usr/local/bin/update-keys:
+ mode: '0755'
+ file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/update-keys/update-keys"
+
+ /usr/local/bin/authorized_keys.sh:
+ mode: '0755'
+ file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh"
+
+ /usr/local/bin/update-keys-from-stdin.sh:
+ mode: '0755'
+ file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh"
+
+ /etc/ssh/sshd_config:
+ content: |
+ Port 22000
+
+ AllowUsers root tuerctl tuergit
+ AuthenticationMethods publickey
+ AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
+
+ AllowAgentForwarding no
+ AllowTcpForwarding no
+ X11Forwarding no
+ UsePrivilegeSeparation sandbox
+
+ Subsystem sftp /usr/libexec/sftp-server
+
+ Match User tuerctl
+ AuthorizedKeysFile /dev/null
+ AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
+ AuthorizedKeysCommandUser tuergit
+
+ /etc/ssh/authorized_keys.d/root:
+ content: |-
+ {% for key in noc_ssh_keys %}
+ {{ key }}
+ {% endfor %}
+
+ /etc/ssh/authorized_keys.d/tuergit:
+ content: |-
+ {% for key in noc_ssh_keys %}
+ {{ key }}
+ {% endfor %}
+
+openwrt_uci:
+ system:
+ - name: system
+ options:
+ hostname: '{{ inventory_hostname }}'
+ timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
+ ttylogin: '0'
+ log_size: '64'
+ urandom_seed: '0'
+
+ - name: timeserver 'ntp'
+ options:
+ enabled: '1'
+ enable_server: '0'
+ server:
+ - '0.lede.pool.ntp.org'
+ - '1.lede.pool.ntp.org'
+ - '2.lede.pool.ntp.org'
+ - '3.lede.pool.ntp.org'
+
+ network:
+ - name: globals 'globals'
+ options:
+ ula_prefix: fdc9:e01f:83db::/48
+
+ - name: interface 'loopback'
+ options:
+ ifname: lo
+ proto: static
+ ipaddr: 127.0.0.1
+ netmask: 255.0.0.0
+
+ - name: interface 'lan'
+ options:
+ ifname: eth0
+ accept_ra: 0
+ proto: static
+ ipaddr: 192.168.33.7
+ netmask: 255.255.255.0
+ gateway: 192.168.33.1
+ dns: 192.168.33.1
+ dns_search: realraum.at
+
+
+openwrt_mounts:
+ - path: /run
+ src: none
+ fstype: tmpfs
+ opts: nosuid,nodev,noexec,noatime
+
+openwrt_users:
+ tuerd: {}
+ tuergit:
+ home: /home/tuergit
+ shell: /usr/bin/git-shell
+ tuerctl:
+ shell: /bin/false # TODO fixme
roles:
- role: openwrt-image
delegate_to: localhost
- vars:
- openwrt_arch: x86
- openwrt_target: geode
- openwrt_output_image_suffixes:
- - combined-ext4.img.gz
- - combined-squashfs.img
- openwrt_packages_remove:
- - ppp
- - ppp-mod-pppoe
- - dnsmasq
- - firewall
- - odhcpd
- openwrt_packages_add:
- - flashrom
- - haveged
- - htop
- - hwclock
- - ip
- - less
- - nano
- - tcpdump
- openwrt_packages_extra:
- - "-dropbear"
- - git
- - kmod-usb-acm
- - openssh-server
- - openssh-sftp-server
- - screen
- - sudo
- - usbutils
-
- openwrt_mixin:
- # Go binaries
- /usr/local/bin/door_client:
- mode: '0755'
- file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_client/door_client"
- /usr/local/bin/door_daemon:
- mode: '0755'
- file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/door_daemon/door_daemon"
- /usr/local/bin/update-keys:
- mode: '0755'
- file: "{{ playbook_dir }}/.cache/openwrt/tuer/door_and_sensors/update-keys/update-keys"
-
- /usr/local/bin/authorized_keys.sh:
- mode: '0755'
- file: "{{ playbook_dir }}/files/tuer/authorized_keys.sh"
-
- /usr/local/bin/update-keys-from-stdin.sh:
- mode: '0755'
- file: "{{ playbook_dir }}/files/tuer/update-keys-from-stdin.sh"
-
- /etc/ssh/sshd_config:
- content: |
- Port 22000
-
- AllowUsers root tuerctl tuergit
- AuthenticationMethods publickey
- AuthorizedKeysFile /etc/ssh/authorized_keys.d/%u
-
- AllowAgentForwarding no
- AllowTcpForwarding no
- X11Forwarding no
- UsePrivilegeSeparation sandbox
-
- Subsystem sftp /usr/libexec/sftp-server
-
- Match User tuerctl
- AuthorizedKeysFile /dev/null
- AuthorizedKeysCommand /usr/local/bin/authorized_keys.sh
- AuthorizedKeysCommandUser tuergit
-
-
- /etc/ssh/authorized_keys.d/root:
- content: |-
- {% for key in noc_ssh_keys %}
- {{ key }}
- {% endfor %}
-
- /etc/ssh/authorized_keys.d/tuergit:
- content: |-
- {% for key in noc_ssh_keys %}
- {{ key }}
- {% endfor %}
-
- openwrt_uci:
- system:
- - name: system
- options:
- hostname: '{{ inventory_hostname }}'
- timezone: 'CET-1CEST,M3.5.0,M10.5.0/3'
- ttylogin: '0'
- log_size: '64'
- urandom_seed: '0'
-
- - name: timeserver 'ntp'
- options:
- enabled: '1'
- enable_server: '0'
- server:
- - '0.lede.pool.ntp.org'
- - '1.lede.pool.ntp.org'
- - '2.lede.pool.ntp.org'
- - '3.lede.pool.ntp.org'
-
- network:
- - name: globals 'globals'
- options:
- ula_prefix: fdc9:e01f:83db::/48
-
- - name: interface 'loopback'
- options:
- ifname: lo
- proto: static
- ipaddr: 127.0.0.1
- netmask: 255.0.0.0
-
- - name: interface 'lan'
- options:
- ifname: eth0
- accept_ra: 0
- proto: static
- ipaddr: 192.168.33.7
- netmask: 255.255.255.0
- gateway: 192.168.33.1
- dns: 192.168.33.1
- dns_search: realraum.at
-
-
- openwrt_mounts:
- - path: /run
- src: none
- fstype: tmpfs
- opts: nosuid,nodev,noexec,noatime
-
- openwrt_users:
- tuerd: {}
- tuergit:
- home: /home/tuergit
- shell: /usr/bin/git-shell
- tuerctl:
- shell: /bin/false # TODO fixme
projects / noc.git / commitdiff