Use vault for site-specific variables.
This commit is contained in:
Andreas B. Mundt
parent
0b413b7835
commit
79ec9e57f2
4 changed files with 182 additions and 69 deletions
|
|
@ -1,4 +1,21 @@
|
|||
## This playbook deploys a KDE desktop machine for LinuxMuster.
|
||||
#
|
||||
# Use the following in the installer's preseed file:
|
||||
#
|
||||
# d-i preseed/late_command string \
|
||||
# mkdir -p /target/home/ansible/.ssh && \
|
||||
# echo "ssh-ed25519 A...YOUR.KEY...Z" >> /target/home/ansible/.ssh/authorized_keys ; \
|
||||
# in-target chown -R ansible:ansible /home/ansible/.ssh/ ; \
|
||||
# in-target chmod -R og= /home/ansible/.ssh/ ; \
|
||||
# if [ -n "$playbook" ] ; then \
|
||||
# mkdir -v /target/dev/shm ; \
|
||||
# in-target mount -v -t tmpfs tmpfs /dev/shm ; \
|
||||
# echo "$vaultpw" > /target/dev/shm/vaultpw ; \
|
||||
# in-target ansible-pull --verbose --purge --extra-vars="run_in_installer=true" \
|
||||
# --vault-password-file /dev/shm/vaultpw \
|
||||
# -i localhost, --url=git://ansible.example.org/.git -C YOUR_BRANCH $playbook ; \
|
||||
# fi
|
||||
#
|
||||
---
|
||||
- name: apply configuration to the machines
|
||||
hosts: all
|
||||
|
|
@ -26,35 +43,29 @@
|
|||
value: True
|
||||
vtype: boolean
|
||||
|
||||
vars_files: lmn-vault
|
||||
vars:
|
||||
domain: "{{ ansible_domain }}"
|
||||
kerberize_uris: steinbeis.schule
|
||||
apt_conf: Acquire::http::Proxy "http://aptcache.pn.steinbeis.schule:3142/";
|
||||
ntp_serv: server.pn.steinbeis.schule
|
||||
proxy: http://firewall.pn.steinbeis.schule:3128
|
||||
no_proxy: firewall.pn.steinbeis.schule,server.pn.steinbeis.schule,idam.steinbeis.schule,dw.steinbeis.schule,.pn.steinbeis.schule,.steinbeis.schule
|
||||
kerberize_uris: "{{ vault_kerberize_uris }}" ## example.org
|
||||
apt_conf: "{{ vault_apt_conf }}" ## Acquire::http::Proxy "http://aptcache.example.org:3142/";
|
||||
ntp_serv: "{{ vault_ntp_serv }}" ## ntp.example.org
|
||||
proxy: "{{ vault_proxy }}" ## http://firewall.example.org:3128
|
||||
no_proxy: "{{ vault_no_proxy }}" ## firewall.example.org,server.example.org,idam.example.org,dw.example.org
|
||||
|
||||
## PAM mount nextcloud, remove or leave empty to skip:
|
||||
web_dav: https://nc.steinbeis.schule/remote.php/dav/files/%(USER)
|
||||
web_dav: "{{ vault_web_dav }}" ## https://nc.example.org/remote.php/dav/files/%(USER)
|
||||
|
||||
## Local mirror for mscorefonts. Remove or leave empty to use no mirror:
|
||||
mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/
|
||||
mirror_msfonts: "{{ vault_mirror_msfonts }}" ## http://livebox.example.org/mscorefonts/
|
||||
|
||||
## Local mirror for libdvdcss. Remove or leave empty to use no mirror:
|
||||
mirror_dvdcss: http://livebox.pn.steinbeis.schule/libdvdcss/
|
||||
mirror_dvdcss: "{{ vault_mirror_dvdcss }}" ## http://livebox.example.org/libdvdcss/
|
||||
|
||||
rsyncsecret: Muster!
|
||||
keys2deploy:
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0 andi@netboot'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM andi@yogi'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7 raphael@uranus'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA raphael@pluto'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy sascha@america'
|
||||
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMR4TP7jE+wS7zcH0iUBmlxCbvy9saYeEjonX/0yYfEJ daniel@NB-20-DW'
|
||||
rsyncsecret: "{{ vault_rsyncsecret }}"
|
||||
keys2deploy: "{{ vault_keys2deploy }}" ## ['ssh-ed25519 AAAAC…uYlnS0', 'ssh-ed25519 AAAA…KTM']
|
||||
|
||||
## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
|
||||
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
|
||||
grub_pwd: "{{ vault_grub_pwd }}"
|
||||
nfs4: false
|
||||
extra_pkgs:
|
||||
- vim
|
||||
|
|
@ -78,16 +89,6 @@
|
|||
- lmn_security
|
||||
|
||||
tasks:
|
||||
- name: Add local user 'virti' in the 'libvirt' group
|
||||
ansible.builtin.user:
|
||||
name: virti
|
||||
password: $y$j9T$DuSvAO63v5LvoJmJ1rB0B0$D4tovIz79AdLHs5I6tYa7rxr3SWknQeUFvGaaKvUpo3
|
||||
comment: Libvirt VM User,,,
|
||||
shell: /bin/bash
|
||||
groups: libvirt
|
||||
append: yes
|
||||
when: false
|
||||
|
||||
## Temporary fixes and quirks:
|
||||
- name: Fix 8086:4909 external graphics card
|
||||
replace:
|
||||
|
|
@ -142,24 +143,3 @@
|
|||
path: /etc/systemd/system.conf
|
||||
line: DefaultTimeoutStopSec=5s
|
||||
insertafter: '^#DefaultTimeoutStopSec=.*'
|
||||
|
||||
## bullseye fixes:
|
||||
- name: Add bookworm firmware repository if needed
|
||||
apt_repository:
|
||||
repo: deb http://deb.debian.org/debian/ bookworm non-free-firmware
|
||||
state: present
|
||||
update_cache: true
|
||||
when: >
|
||||
ansible_board_vendor == "LENOVO" and
|
||||
ansible_board_name == "32CB" and
|
||||
ansible_distribution_release == "bullseye"
|
||||
|
||||
- name: upgrade non-free-firmware packages
|
||||
apt:
|
||||
upgrade: true
|
||||
autoremove: true
|
||||
autoclean: true
|
||||
when: >
|
||||
ansible_board_vendor == "LENOVO" and
|
||||
ansible_board_name == "32CB" and
|
||||
ansible_distribution_release == "bullseye"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue