radicle.liw.fi: add

Signed-off-by: Lars Wirzenius <liw@liw.fi>
Sponsored-by: author

1 files changed, 96 insertions, 0 deletions

diff --git a/ansible/radicle.liw.fi.yml b/ansible/radicle.liw.fi.yml
new file mode 100644
index 0000000..30edb64
--- /dev/null
+++ b/ansible/radicle.liw.fi.yml
@@ -0,0 +1,96 @@
+- hosts: radicle.liw.fi
+  remote_user: root
+  become: yes
+  roles:
+    - role: sane_debian_system
+    - role: sshd
+    - role: comfortable-debian-system
+    - role: unix_users
+    - role: rust-rustup
+    - role: liw
+  tasks:
+    - name: "install important additional packages"
+      apt:
+        name:
+          - moreutils
+          - nmap
+          - ripgrep
+
+    - name: "install radicle using installer"
+      shell: |
+        curl -sSf https://radicle.xyz/install | sudo -u liw bash
+
+    - name: "create directory for Radicle keys"
+      file:
+        state: directory
+        path: /home/liw/.radicle/keys
+        owner: liw
+        group: liw
+
+    - name: "install Radicle private key"
+      copy:
+        content: |
+          {{ lookup('pipe', 'pass show radicle/radicle.liw.fi/key') }}
+        dest: /home/liw/.radicle/keys/radicle
+        owner: liw
+        group: liw
+        mode: 0600
+
+    - name: "install Radicle public key"
+      copy:
+        content: |
+          {{ lookup('pipe', 'pass show radicle/radicle.liw.fi/key.pub') }}
+        dest: /home/liw/.radicle/keys/radicle.pub
+        owner: liw
+        group: liw
+        mode: 0644
+
+    - name: "install systemd unit for Radicle node"
+      copy:
+        content: |
+          [Unit]
+          After=syslog.target network.target
+          Description=Radicle Node
+
+          [Service]
+          Type=simple
+          ExecStart=/home/liw/.radicle/bin/radicle-node --listen 0.0.0.0:8776
+          Environment=RAD_HOME=/home/liw/.radicle
+          KillMode=process
+          Restart=never
+          RestartSec=1
+          User=liw
+          Group=liw
+
+          [Install]
+          WantedBy=default.target
+        dest: /lib/systemd/system/radicle-node.service
+
+    - name: "enable systemd unit for Radicle node"
+      systemd:
+        name: radicle-node
+        state: restarted
+        masked: no
+        enabled: yes
+        daemon_reload: yes
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bookworm
+    sane_debian_system_timezone: Europe/Helsinki
+    sane_debian_system_sources_lists:
+      - repo: |
+          deb http://security.debian.org/debian-security bookworm-security main contrib non-free
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+
+    sshd_version: 1
+
+    rustup_cargo_install: |
+      starship