finntroll: add playbook

Signed-off-by: Lars Wirzenius <liw@liw.fi> Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2024-03-24 14:23:42 +0200
committer: Lars Wirzenius <liw@liw.fi> 2024-03-24 14:23:42 +0200
commit: 1b124c88c5127a25bc2d89126669b619a5ab6135 (patch)
tree: c41a927a5c81f0d414b8fc84855cd9356f530bdf /ansible
parent: fbb6f05687fcfcc5fac09b2f6b599c61a48fc335 (diff)
download: ansibleness-1b124c88c5127a25bc2d89126669b619a5ab6135.tar.gz
1 files changed, 136 insertions, 0 deletions
diff --git a/ansible/finntroll.liw.fi.yml b/ansible/finntroll.liw.fi.yml
new file mode 100644
index 0000000..f91afe7
--- /dev/null
+++ b/ansible/finntroll.liw.fi.yml
@@ -0,0 +1,136 @@
+- hosts: finntroll.liw.fi
+  remote_user: root
+  roles:
+    - sshd
+    - sane_debian_system
+    - self-updating-system
+    - comfortable-debian-system
+    - unix_users
+    - rust-rustup
+    - radicle_node
+  tasks:
+    - name: "install additional packages"
+      apt:
+        name:
+          - jq
+          - moreutils
+          - nmap
+          - psmisc
+          - ripgrep
+    - name: "create directory for wumpus files"
+      file:
+        state: directory
+        path: /srv/wumpus
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: finntroll
+    sane_debian_system_codename: bookworm
+    sane_debian_system_timezone: Europe/Helsinki
+    sane_debian_system_sources_lists:
+      - repo: |
+          deb http://security.debian.org/debian-security bookworm-security main contrib non-free
+      - repo: deb http://apt.liw.fi/debian unstable main
+        signing_key: "{{ apt_liw_fi_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+      - username: _rad
+        comment: Radicle node
+      - username: wumpus
+        comment: Wumpus hunter
+
+    sshd_version: 1
+    sshd_host_key: "{{ lookup('pipe', 'sshca host private-key finntroll.liw.fi') }}"
+    sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 finntroll.liw.fi') }}"
+    sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
+
+    radicle_node_version: 1
+    radicle_node_key: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key') }}"
+    radicle_node_key_pub: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key.pub') }}"
+    # radicle_node_connections:
+    #   - nid: z6MkhfTshN2uPFBGcxBsZW7Mbof1TgkphBqr5dFTWd1hbNUq
+    #     host: seed.liw.fi
+    #     port: 8776
+    radicle_node_repositories:
+      # heartwood
+      - rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5"
+
+      # pathdedup test repo
+      - rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs"
+
+      # ansibleness
+      - rid: "rad:z3sckw1Xm8j5URDJz1zeESHfFYDEc"
+
+      # debian-ansible
+      - rid: "rad:z3LXXus6Wu93LuSuuuSBPcFkDiyCW"
+
+      # html-page
+      - rid: "rad:z2i9UF8soK1X6L9hae8UcQPSvdHjW"
+
+      # liw-dot-files
+      - rid: "rad:z2xcsrnG8dC76bkxXsASZbWGH5N2w"
+
+      # radicle-stress-test
+      - rid: "rad:z2HXqzZMRhZUiYm33pLgYfqBgcGCj"
+
+      # radicle-ci-broker
+      - rid: "rad:zwTxygwuz5LDGBq255RA2CbNGrz8"
+
+      # radicle-native-ci
+      - rid: "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE"
+
+      # riki
+      - rid: "rad:zw9BgStPgCkdsMspzs7EGbwnXq3r"
+
+      # wumpus hunter
+      - rid: "rad:zd4kAF7rQFKbCHAdbcF6zVkx8MyN"
+
+      # missing-dependencies
+      - rid: "rad:z3PKKNstRjLYqhvGq9rxGy7LoEVr5"
+
+      # vmdb2
+      - rid: "rad:z2kxCtBwDQMPcaf9vGTNH5nYkp9qk"
+
+      # vmdb2-web
+      - rid: "rad:z2mn6wzpVAuJoeWx7TZo33nCHuDfQ"
+
+      # unpack-debian-sources
+      - rid: "rad:zgYpM7b29D6wTMjEUxxzBjcF9EvK"
+    radicle_node_domain_name: radicle.liw.fi
+    radicle_node_ci_domain_name: ci.radicle.liw.fi
+    radicle_node_ci_broker_config: |
+      db: /home/_rad/ci-broker.db
+      report_dir: /srv/http
+      default_adapter: native
+      adapters:
+        native:
+          command: /bin/radicle-native-ci
+          env:
+            RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml
+      filters:
+        - !Or
+          - !And
+            - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs"
+            - !AnyPatch
+          - !And
+            - !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5"
+            - !AnyPatch
+          - !And
+            - !Repository "rad:zwTxygwuz5LDGBq255RA2CbNGrz8"
+            - !AnyPatch
+          - !And
+            - !Repository "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE"
+            - !AnyPatch
+    radicle_node_policy: block
+    radicle_node_scope: all
+
+    radicle_node_wumpus_domain_name: wumpus.liw.fi
+
+    # radicle_node_backup: /home/liw/data/radicle.liw.fi/.
+
+    rust_rustup_user: _rad
author	Lars Wirzenius <liw@liw.fi>	2024-03-24 14:23:42 +0200
committer	Lars Wirzenius <liw@liw.fi>	2024-03-24 14:23:42 +0200
commit	1b124c88c5127a25bc2d89126669b619a5ab6135 (patch)
tree	c41a927a5c81f0d414b8fc84855cd9356f530bdf /ansible
parent	fbb6f05687fcfcc5fac09b2f6b599c61a48fc335 (diff)
download	ansibleness-1b124c88c5127a25bc2d89126669b619a5ab6135.tar.gz