diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-04-29 01:33:09 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-04-29 01:33:09 +0200 |
| commit | 5f96a0cd117f3def3d55853d85dc867e26817984 (patch) | |
| tree | 9199fcbf054445b584074f2a4f75e5427ada5e60 | |
| parent | kubeguard: split up role (diff) | |
imprived base role module blacklist config
| -rw-r--r-- | inventory/group_vars/lendwirbel-live-xx/main.yml | 3 | ||||
| -rw-r--r-- | inventory/group_vars/lendwirbel-live/main.yml | 7 | ||||
| -rw-r--r-- | inventory/host_vars/ele-telesto.yml | 2 | ||||
| -rw-r--r-- | inventory/host_vars/lw-telesto.yml | 20 | ||||
| -rw-r--r-- | inventory/host_vars/s2-telesto.yml | 2 | ||||
| -rw-r--r-- | inventory/hosts.ini | 3 | ||||
| -rw-r--r-- | roles/base/defaults/main.yml | 13 | ||||
| -rw-r--r-- | roles/base/tasks/Debian.yml | 11 | ||||
| -rw-r--r-- | roles/base/vars/main.yml | 4 | ||||
| -rw-r--r-- | spreadspace/group_vars/lendwirbel-live.yml | 27 | ||||
| -rw-r--r-- | spreadspace/lw-telesto.yml | 11 | ||||
| -rw-r--r-- | spreadspace/s2-telesto.yml | 2 |
12 files changed, 81 insertions, 24 deletions
diff --git a/inventory/group_vars/lendwirbel-live-xx/main.yml b/inventory/group_vars/lendwirbel-live-xx/main.yml index cf094bd1..6defdb17 100644 --- a/inventory/group_vars/lendwirbel-live-xx/main.yml +++ b/inventory/group_vars/lendwirbel-live-xx/main.yml @@ -1,5 +1,2 @@ --- -acmetool_account_email: equinox@spreadspace.org -# acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" - install_playbook: lendwirbel-live-xx diff --git a/inventory/group_vars/lendwirbel-live/main.yml b/inventory/group_vars/lendwirbel-live/main.yml index 528ce23b..d6de39dc 100644 --- a/inventory/group_vars/lendwirbel-live/main.yml +++ b/inventory/group_vars/lendwirbel-live/main.yml @@ -1,6 +1,13 @@ --- zsh_banner: lendwirbel +acmetool_account_email: equinox@spreadspace.org +# acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" + +apt_repo_blackmagic_auth: + username: "spreadspace" + password: "{{ vault_apt_repo_blackmagic_auth.password }}" + install: cloud: credentials: diff --git a/inventory/host_vars/ele-telesto.yml b/inventory/host_vars/ele-telesto.yml index 54438b1b..7e26d4ac 100644 --- a/inventory/host_vars/ele-telesto.yml +++ b/inventory/host_vars/ele-telesto.yml @@ -1,4 +1,6 @@ --- +base_modules_blacklist: "{{ base_modules_blacklist_all_but_sound }}" + preseed_template_name: "xubuntu-eoan-desktop-with-raid" install: {} diff --git a/inventory/host_vars/lw-telesto.yml b/inventory/host_vars/lw-telesto.yml new file mode 100644 index 00000000..eb412945 --- /dev/null +++ b/inventory/host_vars/lw-telesto.yml @@ -0,0 +1,20 @@ +--- +base_modules_blacklist: "{{ base_modules_blacklist_all_but_sound }}" + +preseed_template_name: "xubuntu-eoan-desktop-with-raid" + +install: {} + +network: + nameservers: 9.9.9.9 + domain: "{{ host_domain }}" + primary: + interface: eno1 + ip: 192.168.32.201 + mask: 255.255.255.0 + gateway: 192.168.32.254 + +admin_user_host: +- "{{ equinox_user }}" + +ssh_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" diff --git a/inventory/host_vars/s2-telesto.yml b/inventory/host_vars/s2-telesto.yml index 8105a76b..13e2e050 100644 --- a/inventory/host_vars/s2-telesto.yml +++ b/inventory/host_vars/s2-telesto.yml @@ -1,4 +1,6 @@ --- +base_modules_blacklist: "{{ base_modules_blacklist_all_but_sound }}" + base_packages_extra_host: - exfat-fuse - exfat-utils diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 7aaf4c97..1d07c4d7 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -95,6 +95,9 @@ s2-helene host_name=helene host_domain=lndwrbl.live env_group=spreadspace +[lendwirbel-live] +lw-telesto host_name=telesto + [lendwirbel-live:children] lendwirbel-live-dist lendwirbel-live-xx diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml index 7bab7577..4962578e 100644 --- a/roles/base/defaults/main.yml +++ b/roles/base/defaults/main.yml @@ -1,9 +1,9 @@ --- base_entropy_generator: haveged -sysctl_config_user: {} +base_sysctl_config_user: {} -modules_blacklist: +base_modules_blacklist_: net: - dccp - sctp @@ -15,14 +15,19 @@ modules_blacklist: - hfs - hfsplus - jffs2 + sound: + - soundcore + - usb-midi misc: - bluetooth - firewire-core - n_hdlc - net-pf-31 - - soundcore - thunderbolt - - usb-midi + +base_modules_blacklist_all: "{{ base_modules_blacklist_ | list }}" +base_modules_blacklist_all_but_sound: "{{ base_modules_blacklist_ | difference(['sound']) | list }}" +base_modules_blacklist: "{{ base_modules_blacklist_full }}" base_packages_extra_host: [] base_packages_extra_group: [] diff --git a/roles/base/tasks/Debian.yml b/roles/base/tasks/Debian.yml index 25195ad2..185c3616 100644 --- a/roles/base/tasks/Debian.yml +++ b/roles/base/tasks/Debian.yml @@ -81,17 +81,18 @@ state: directory - name: disable net/fs/misc kernel modules - loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}" - lineinfile: + copy: + content: | + {% for item in (base_modules_blacklist | map('extract', base_modules_blacklist_) | flatten | sort | list) %} + install {{ item }} /bin/true + {% endfor %} dest: /etc/modprobe.d/disablemod.conf - line: "install {{ item }} /bin/true" - create: yes owner: root group: root mode: 0644 - name: Change various sysctl-settings, look at the sysctl-vars file for documentation - loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}" + loop: "{{ base_sysctl_config | combine(base_sysctl_config_user) | dict2items }}" loop_control: label: "{{ item.key }} = {{ item.value }}" sysctl: diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml index d228b088..9940d7a6 100644 --- a/roles/base/vars/main.yml +++ b/roles/base/vars/main.yml @@ -3,9 +3,9 @@ # These are not meant to be modified by the user # -# To adjust these settings use sysctl_config_user dict +# To adjust these settings use base_sysctl_config_user dict # -sysctl_config: +base_sysctl_config: # Enable RFC-recommended source validation feature. net.ipv4.conf.all.rp_filter: 1 diff --git a/spreadspace/group_vars/lendwirbel-live.yml b/spreadspace/group_vars/lendwirbel-live.yml index 198d3cfe..f2ed315e 100644 --- a/spreadspace/group_vars/lendwirbel-live.yml +++ b/spreadspace/group_vars/lendwirbel-live.yml @@ -1,10 +1,19 @@ $ANSIBLE_VAULT;1.2;AES256;spreadspace -34316134383639356635643636313263633466313436346232383263393736393961343764386662 -6336393866353663383330303030396534393362643631630a316334613635303364303134306435 -61623037663764376561383731343830346236613536326431383963303165303134326634613061 -3035323031303739380a383662383464323635363636386237313831643231346339353265336337 -30616664633066643739383132346537613165623339333037383062326234633137306535326534 -62393437643565616565613038396462643731333663363461636232346336323834616439346130 -34663966376433613335653039346362323332656238626237653533666332653164363531656435 -66326436626633636563646533326131303935623633633032333438613134373437663332356432 -3930 +31393235346232653732396464383938343262666234653334313839653932326435643839636130 +6330633765316637313636636366336133663633646638650a653464376364363864316630313935 +30653362313434356138626239306334326332353736613132636262626561383236333462383766 +3965373465396338340a396135386334356163316263636564633931653166326437646162393336 +31393864353734343232396433643037356665333665303062653439373230386364373736653432 +37343737613161343033303533613262643431303838346264613831643539626363363365626137 +33303130373364353665656565643662346466633131346239613833326461353965663663316330 +36343363636131643733306336326632636366353332656137323165316136393566363132636362 +38313939313236363639613262613137653935373237646339386432363633663133323566656133 +37326361633231383066643963346135353966363938336563373435313937306462343737646435 +39396364653332303933396366623165636139343439333563323964626237313732653365666230 +37326136613461656362376535633165336238316336393662373437383531623833383639636339 +66666232373632626237666462383366613132633465376230616333623934393732613562393834 +35346264393464653731653532373135366231376330653037663065656138326339613364393739 +36643062653061386130346236613761633161333737636364373464373937316131646362623865 +61366661373939376131393830633935376435343366666663663338363536366335613032366361 +66613330326233633834393031323131346435383465343932636632363163666437653863373364 +6361363931316230363337363833373435323936336632323965 diff --git a/spreadspace/lw-telesto.yml b/spreadspace/lw-telesto.yml new file mode 100644 index 00000000..2ca3d128 --- /dev/null +++ b/spreadspace/lw-telesto.yml @@ -0,0 +1,11 @@ +--- +- name: Basic Setup + hosts: lw-telesto + roles: + - role: base + - role: sshd + - role: zsh + - role: admin-user + - role: blackmagic-desktopvideo + - role: apt-repo/spreadspace + - role: ubuntu-ws diff --git a/spreadspace/s2-telesto.yml b/spreadspace/s2-telesto.yml index a547fb25..cb9dc7bd 100644 --- a/spreadspace/s2-telesto.yml +++ b/spreadspace/s2-telesto.yml @@ -6,5 +6,5 @@ - role: sshd - role: zsh - role: admin-user - - role: apt-repo/spreadspace - role: blackmagic-desktopvideo + - role: apt-repo/spreadspace |