Further splitting into the correct parts

2026-01-23 09:43:39 +01:00 · 2026-01-23 09:43:39 +01:00 · 58696d94b1
commit 58696d94b1
parent e68507ccac
4 changed files with 33 additions and 27 deletions
--- a/ansible/phiax.nl/testicle/inventory/main.yaml
+++ b/ansible/phiax.nl/testicle/inventory/main.yaml
@ -1,5 +1,13 @@
 raspberries:
  hosts:
    app-octoprint.phiax.nl:
+      ansible_user: pi
    sensor-adsb.phiax.nl:
-    
+      ansible_user: pi
+      ansible_ssh_private_key_file: /ssh/id_rsa
+    yoshimo.phiax.nl:
+      ansible_user: phiax
+      ansible_ssh_private_key_file: /ssh/id_rsa
+    app-sonosbridge.phiax.nl:
+      ansible_user: phiax
+      ansible_ssh_private_key_file: /ssh/id_rsa
--- a/ansible/phiax.nl/testicle/playbooks/install_raspberry.yaml
+++ b/ansible/phiax.nl/testicle/playbooks/install_raspberry.yaml
@ -1,29 +1,24 @@
 ---
-# Notice that "# noqa: package-latest" is included in this file. This disabled a specific check for the Ansible linter,
-# see: https://ansible.readthedocs.io/projects/lint/usage/#muting-warnings-to-avoid-false-positives.
-# For a purely reproducible build this would be a good suggestion but I'm willing to take the risk with the Pi.
 - name: Install raspberry pi
  hosts: all
-  # vars_files:
-  #   - vault.yml
-  #   - versions.yml
  roles:
-    # These roles are disabled after they have being applied once for performance reasons, it should be safe to enable them again.
-    # Notice that this role changes some settings on reruns (on the "Change various sysctl-settings" task), doesn't seem problematic though.
    - role: devsec.hardening.ssh_hardening
      become: true
-    - role: packages
+    - role: roles/system/ohmyzsh
      become: true
+      vars:
+        target_user: "phiax"
+        ohmyzsh_theme: "agnoster"
+        ohmyzsh_plugins:
+          - git
+          - zsh-autosuggestions
+        http_fetcher: "curl"
+    - role: roles/system/multitail
+      become: true
+      
  vars:
    # devsec.hardening.ssh_hardening vars:
-    ssh_client_port: 22 # Default, but duplicated here for documentation purpose. Not changed because its only accessible via LAN.
-    ssh_client_password_login: false # Default, but duplicated here for documentation purpose.
+    ssh_client_port: 22
+    ssh_client_password_login: false
    ssh_allow_tcp_forwarding: true
-  tasks:
-    # This task can be handy for debugging gathered facts, uncomment it if necessary:
-    # - name: Store gathered facts in local file
-    #   delegate_to: localhost
-    #   ansible.builtin.copy:
-    #     dest: './.ansible_facts.json'
-    #     content: "{{ ansible_facts }}"
-    #     mode: "0600"
+  tasks: