diff options
author | Lars Wirzenius <liw@liw.fi> | 2024-03-24 14:23:42 +0200 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2024-03-24 14:23:42 +0200 |
commit | 1b124c88c5127a25bc2d89126669b619a5ab6135 (patch) | |
tree | c41a927a5c81f0d414b8fc84855cd9356f530bdf /ansible | |
parent | fbb6f05687fcfcc5fac09b2f6b599c61a48fc335 (diff) | |
download | ansibleness-1b124c88c5127a25bc2d89126669b619a5ab6135.tar.gz |
finntroll: add playbook
Signed-off-by: Lars Wirzenius <liw@liw.fi>
Sponsored-by: author
Diffstat (limited to 'ansible')
-rw-r--r-- | ansible/finntroll.liw.fi.yml | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/ansible/finntroll.liw.fi.yml b/ansible/finntroll.liw.fi.yml new file mode 100644 index 0000000..f91afe7 --- /dev/null +++ b/ansible/finntroll.liw.fi.yml @@ -0,0 +1,136 @@ +- hosts: finntroll.liw.fi + remote_user: root + roles: + - sshd + - sane_debian_system + - self-updating-system + - comfortable-debian-system + - unix_users + - rust-rustup + - radicle_node + tasks: + - name: "install additional packages" + apt: + name: + - jq + - moreutils + - nmap + - psmisc + - ripgrep + - name: "create directory for wumpus files" + file: + state: directory + path: /srv/wumpus + + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: finntroll + sane_debian_system_codename: bookworm + sane_debian_system_timezone: Europe/Helsinki + sane_debian_system_sources_lists: + - repo: | + deb http://security.debian.org/debian-security bookworm-security main contrib non-free + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + - username: _rad + comment: Radicle node + - username: wumpus + comment: Wumpus hunter + + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key finntroll.liw.fi') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 finntroll.liw.fi') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" + + radicle_node_version: 1 + radicle_node_key: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key') }}" + radicle_node_key_pub: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key.pub') }}" + # radicle_node_connections: + # - nid: z6MkhfTshN2uPFBGcxBsZW7Mbof1TgkphBqr5dFTWd1hbNUq + # host: seed.liw.fi + # port: 8776 + radicle_node_repositories: + # heartwood + - rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" + + # pathdedup test repo + - rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" + + # ansibleness + - rid: "rad:z3sckw1Xm8j5URDJz1zeESHfFYDEc" + + # debian-ansible + - rid: "rad:z3LXXus6Wu93LuSuuuSBPcFkDiyCW" + + # html-page + - rid: "rad:z2i9UF8soK1X6L9hae8UcQPSvdHjW" + + # liw-dot-files + - rid: "rad:z2xcsrnG8dC76bkxXsASZbWGH5N2w" + + # radicle-stress-test + - rid: "rad:z2HXqzZMRhZUiYm33pLgYfqBgcGCj" + + # radicle-ci-broker + - rid: "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" + + # radicle-native-ci + - rid: "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" + + # riki + - rid: "rad:zw9BgStPgCkdsMspzs7EGbwnXq3r" + + # wumpus hunter + - rid: "rad:zd4kAF7rQFKbCHAdbcF6zVkx8MyN" + + # missing-dependencies + - rid: "rad:z3PKKNstRjLYqhvGq9rxGy7LoEVr5" + + # vmdb2 + - rid: "rad:z2kxCtBwDQMPcaf9vGTNH5nYkp9qk" + + # vmdb2-web + - rid: "rad:z2mn6wzpVAuJoeWx7TZo33nCHuDfQ" + + # unpack-debian-sources + - rid: "rad:zgYpM7b29D6wTMjEUxxzBjcF9EvK" + radicle_node_domain_name: radicle.liw.fi + radicle_node_ci_domain_name: ci.radicle.liw.fi + radicle_node_ci_broker_config: | + db: /home/_rad/ci-broker.db + report_dir: /srv/http + default_adapter: native + adapters: + native: + command: /bin/radicle-native-ci + env: + RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml + filters: + - !Or + - !And + - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" + - !AnyPatch + - !And + - !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" + - !AnyPatch + - !And + - !Repository "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" + - !AnyPatch + - !And + - !Repository "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" + - !AnyPatch + radicle_node_policy: block + radicle_node_scope: all + + radicle_node_wumpus_domain_name: wumpus.liw.fi + + # radicle_node_backup: /home/liw/data/radicle.liw.fi/. + + rust_rustup_user: _rad |