310 lines
8.7 KiB
YAML
310 lines
8.7 KiB
YAML
# @TODO create inventory group variables akin to structure of sukaato group's for homeserver
|
|
# <str<vault>> representing password for Linux root user account of VPS
|
|
password: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
32333335343939653231313938666134306338356633393035363039373465386165313666383262
|
|
6465313738316635633332623765336563626165336330370a616634393266366430363663333066
|
|
63373165346236386632393866316164623133373761303262643734356433646661636533666266
|
|
3834643765613937300a326365643961626236386261303933643965333565623836313231346537
|
|
3030
|
|
# <str> representing hostname for LAN server; same as host or group variable name
|
|
instance: armitage
|
|
# <str<enum>> representing Linux distro or OS image to be used for VPS
|
|
# operating_system: "tftp://hikiki.local:69/debian.iso"
|
|
operating_system: ~
|
|
# <list[<str>]> of control node or local SSH key basenames
|
|
ssh_keys:
|
|
- ed25519@sukaato.hikiki
|
|
- ecdsa@sukaato.hikiki
|
|
# <list<dict>> list of administrative users (in Linux, users that can use "sudo")
|
|
admins:
|
|
- username: admin # <str> arbitrary valid user name
|
|
services: ~ # <list[<str>]> if linux system user, assocated servce
|
|
# <list[<str>]> list of control node or local SSH key basenames for this user
|
|
ssh_keys:
|
|
- ecdsa-37851076-sk@sukaato.hikiki
|
|
- ecdsa-37851072-sk@sukaato.hikiki
|
|
# <str<vault?>> hashed (and maybe salted) password
|
|
password: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
33663131343861303735643439393165356231366338346538333537643464343761373139303364
|
|
6630303563346437373161626662313432306138353132350a353334356139376662333562353834
|
|
36326461613664616565373835303636636533616462303732633461343130346134366662373566
|
|
6431623034653363310a303665636366353535313436666532623737373930356364616339313633
|
|
34663839656637373031393031656332393761623161643730326563323863363461333864353338
|
|
30633964353339323465643064636538346464343035626461333366303835333039653661383030
|
|
62656663336536373262623062633563646434646431303137306438633937323764633334396539
|
|
64353734613662663063343966356562326661626436663430623430663766343030646333306634
|
|
32353839313235313339353431323837356537336231366564313431313462613333
|
|
# @TODO change 'key' attributes of package entres under 'mngr' section below to 'signkey'
|
|
# and edit 'roles/init-server/install-pks.yml' accordngly
|
|
# <dict[<str>:<dict>]> package groups
|
|
pkgs:
|
|
# <dict[<str>:<dict>]> representing package groups installed by package manager via repositories
|
|
mngr:
|
|
# <list[<dict>]> representing system-level or essential packages
|
|
core:
|
|
- name: neovim
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: flatpak
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: snapd
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: git
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: fail2ban
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: crowdsec
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: glow
|
|
uri: ~
|
|
key: "https://repo.charm.sh/apt/gpg.key"
|
|
key_path: /etc/apt/keyrings/charm.gpg
|
|
src_entry: "deb [signed-by=/etc/apt/keyrings/charm.gpg] https://repo.charm.sh/apt/ * *"
|
|
src_path: /etc/apt/sources.list.d/charm.list
|
|
- name: vim-vimwiki
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: pandoc
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: tor
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: i2pd
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: radicle
|
|
uri: ~
|
|
key: "https://radicle.dev/apt/radicle-archive-keyring.deb"
|
|
key_path: "{{ ansible_facts['user_dir'] }}/.local_pkgs/"
|
|
src_entry: "deb [signed-by=/usr/share/radicle/radicle-archive-keyring.asc] https://radicle.dev/apt release main"
|
|
src_path: /etc/apt/sources.list
|
|
# - name: syncthing
|
|
# uri: ~
|
|
# key: ~
|
|
# key_path: ~
|
|
# src_entry: ~
|
|
# src_path: ~
|
|
userspace:
|
|
- name: podman
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: podman-compose
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: distrobox
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: proftpd-core
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: proftpd-doc
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: proftpd-mod-crypto
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: proftpd-mod-ldap
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: proftpd-mod-sqlite
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: aria2
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: syncplay-server
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: caddy
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: erlang
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: erlang-hex
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: elixir
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: python3.13
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: python3-venv
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: python3-pip
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: golang
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: hugo
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: yt-dlp
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: syncthing-discosrv
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: syncthing-relaysrv
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
handler: ~
|
|
- name: avahi-daemon
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
- name: avahi-utils
|
|
uri: ~
|
|
key: ~
|
|
key_path: ~
|
|
src_entry: ~
|
|
src_path: ~
|
|
# <dict[<str>:<dict>]> representing package groups installed by shell scripts
|
|
script:
|
|
# <list[<dict>]> representing user-level or supplemental shell script installations
|
|
userspace:
|
|
- name: nvm
|
|
src: "https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.4/install.sh"
|
|
pre: ~
|
|
post: ~
|
|
- name: rustup
|
|
src: "https://sh.rustup.rs"
|
|
pre: ~
|
|
post: ~
|
|
- name: julia
|
|
src: "https://install.julialang.org"
|
|
pre: ~
|
|
post: ~
|
|
- name: uv
|
|
src: "https://astral.sh/uv/install.sh"
|
|
pre: ~
|
|
post: ~
|
|
# <dict[<str>:<dict>]> representing package groups installed from source archives
|
|
archive:
|
|
# <list[<dict>]> representing user-level or supplemental source archives
|
|
userspace:
|
|
- name: surge
|
|
# @NOTE https://github.com/SurgeDM/Surge
|
|
src: "https://github.com/SurgeDM/Surge/releases/download/v0.8.6/Surge_0.8.6_linux_amd64.tar.gz"
|
|
deploy: ~
|
|
pre: ~
|
|
post: ~
|
|
# <dict[<str>:<dict>]> representing package groups installed from source git repositories
|
|
git_repos:
|
|
userspace:
|
|
- name: quartz
|
|
src: "https://github.com/jackyzha0/quartz.git"
|
|
branch: main
|
|
deploy: ~
|
|
pre: ~
|
|
post: ~
|
|
core_pkgs: "{{ (pkgs.mngr.core | default([])) + (pkgs.script.core | default([])) + (pkgs.archive.core | default([])) + (pkgs.git_repos.core | default([])) + (pkgs.containers.core | default([])) + (pkgs.snaps.core | default([])) + (pkgs.flatpaks.core | default([])) }}" |