radicle-dev: playbook

Sponsored-by: author

1 files changed, 40 insertions, 0 deletions

diff --git a/ansible/radicle-dev.yml b/ansible/radicle-dev.yml
new file mode 100644
index 0000000..a3fba63
--- /dev/null
+++ b/ansible/radicle-dev.yml
@@ -0,0 +1,40 @@
+- hosts: radicle-dev
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+    - role: sshd
+    - role: comfortable-debian-system
+    - role: unix_users
+    - role: rust-rustup
+    - role: liw
+  tasks:
+    - apt:
+        name:
+          - build-essential
+          - debhelper
+          - dh-cargo
+          - python3
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bookworm
+    sane_debian_system_timezone: Europe/Helsinki
+    sane_debian_system_sources_lists:
+      - repo: |
+          deb http://security.debian.org/debian-security bookworm-security main contrib non-free
+
+      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
+        signing_key: "{{ ci_prod_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key radicle-dev') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 radicle-dev') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"