diff options
Diffstat (limited to 'ansible/finntroll.liw.fi.yml')
-rw-r--r-- | ansible/finntroll.liw.fi.yml | 205 |
1 files changed, 205 insertions, 0 deletions
diff --git a/ansible/finntroll.liw.fi.yml b/ansible/finntroll.liw.fi.yml new file mode 100644 index 0000000..ffcc3e5 --- /dev/null +++ b/ansible/finntroll.liw.fi.yml @@ -0,0 +1,205 @@ +- hosts: finntroll.liw.fi + remote_user: root + roles: + - sshd + - sane_debian_system + - self-updating-system + - comfortable-debian-system + - unix_users + - rust-rustup + - radicle_node + tasks: + - name: "install additional packages" + apt: + name: + - jq + - moreutils + - nmap + - psmisc + - ripgrep + - sqlite3 + - wumpus-hunter + + - name: "create directory for wumpus files" + file: + state: directory + path: /srv/wumpus + owner: wumpus + group: wumpus + + - name: "create directory for temporary wumpus files" + file: + state: directory + path: /srv/tmp + owner: wumpus + group: wumpus + + - name: "install wumpus hunter config" + copy: + content: | + description: | + Results of running the Radicle heartwood tests + repeatedly. Report number of successful and fail test + runs per commit. Keep logs of each test run for each + commit. + repository_url: https://seed.radicle.xyz/z3gqcJUoA1n9HaHKufZs5FCSGazv5.git + git_ref: master + command: | + cargo test --locked --workspace + dest: /home/wumpus/wumpus.yaml + owner: wumpus + group: wumpus + + - name: "install service unit for wumpus hunter" + copy: + content: | + [Unit] + Description=Wumpus hunter + After=network.target network-online.target + Requires=network-online.target + + [Service] + User=wumpus + Group=wumpus + ExecStart=/usr/bin/wumpus-hunter run --logs /srv/wumpus /home/wumpus/wumpus.yaml + Environment=RUST_BACKTRACE=1 WUMPUS_LOG=info PATH=/home/wumpus/.cargo/bin:/bin:/sbin TMPDIR=/srv/tmp + KillMode=process + Restart=always + RestartSec=3 + + [Install] + WantedBy=multi-user.target + dest: /etc/systemd/system/wumpus-hunter.service + + - name: "(re)start systemd unit for Radicle node" + systemd: + name: wumpus-hunter + state: restarted + masked: no + enabled: yes + daemon_reload: yes + + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: finntroll + sane_debian_system_codename: bookworm + sane_debian_system_timezone: Europe/Helsinki + sane_debian_system_sources_lists: + - repo: | + deb http://security.debian.org/debian-security bookworm-security main contrib non-free + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + - username: _rad + comment: Radicle node + - username: wumpus + comment: Wumpus hunter + + sshd_version: 1 + sshd_host_key: "{{ lookup('pipe', 'sshca host private-key finntroll.liw.fi') }}" + sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 finntroll.liw.fi') }}" + sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}" + + radicle_node_version: 1 + radicle_node_key: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key') }}" + radicle_node_key_pub: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key.pub') }}" + # radicle_node_connections: + # - nid: z6MkhfTshN2uPFBGcxBsZW7Mbof1TgkphBqr5dFTWd1hbNUq + # host: seed.liw.fi + # port: 8776 + radicle_node_repositories: + # Radicle work + - rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood + - rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" # pathdedup test repo + - rid: "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" # radicle-ci-broker + - rid: "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" # radicle-native-ci + - rid: "rad:z2HXqzZMRhZUiYm33pLgYfqBgcGCj" # radicle-stress-test + - rid: "rad:zd4kAF7rQFKbCHAdbcF6zVkx8MyN" # wumpus hunter + + # Personal, Subplot + - rid: "rad:zjxyd2A1A7FnxtC69qDfoAajfTHo" # subplot + - rid: "rad:z2M6WnwXyFcdQNj6M5pav3BnyTBfz" # subplot-web + + # Personal, Obnam + - rid: "rad:zhmWact4xuWp1XSwPER79oPUGW9S" # cachedir + - rid: "rad:z2iicxsVP46kyA7rzFXrQHrk88cAo" # obnam2 + - rid: "rad:z2aq8B4ui77q8msEtUaGYXeSwNYuc" # obnam-web + - rid: "rad:z3ZFpLzEYTmjzDqSTxf2bZchktBH1" # obnam-benchmark + - rid: "rad:z2bB6gdePNQ9jyMK487mu4CraYewX" # obnam-benchmark-results + - rid: "rad:z3NGfAXUfSehZbf8f6VGad9KHCrb5" # obnam-benchmark-specs + - rid: "rad:z3cL5uBuhFK5FWkc5RYecAoBXNz8d" # summain + + # Personal, other + - rid: "rad:z4AmsrmyEsdZWh9KLSRbReDM9nnbe" # 256.liw.fi + - rid: "rad:z3sckw1Xm8j5URDJz1zeESHfFYDEc" # ansibleness + - rid: "rad:z2aW1bujxH96GsWdKBcFqDpzSNnUS" # clab + - rid: "rad:z3LXXus6Wu93LuSuuuSBPcFkDiyCW" # debian-ansible + - rid: "rad:z355dPnbvpPxC3FoT38pjs9AzspQB" # early-linux-history-talk + - rid: "rad:z3pQaQ5fBe9CZY9g9vzXLWPEnwXVB" # extrautils + - rid: "rad:zN4j1nt4y1xtoz9Tat6asyfJDyc2" # gtdfh + - rid: "rad:z2i9UF8soK1X6L9hae8UcQPSvdHjW" # html-page + - rid: "rad:z2wZYvawkpUTnfrCL5iHaufpCdXyk" # jt + - rid: "rad:zUcMk9QpMdyty6tABQ6Cje21xAro" # liw-automation + - rid: "rad:z4Az1APNZyfFVkTzneyfq6SBPKqtV" # linux-news + - rid: "rad:z2xcsrnG8dC76bkxXsASZbWGH5N2w" # liw-dot-files + - rid: "rad:z3PKKNstRjLYqhvGq9rxGy7LoEVr5" # missing-dependencies + - rid: "rad:z2tnM99uips8nguhcg12hLX5yC3t7" # pandoc-filter-diagram + - rid: "rad:z3uBEubocQ9kJANPvMAo6z5ZhhaFh" # pathdedup (real) + - rid: "rad:zRGTo2HYeSsNojTQg93anVtn5Gcw" # puomi + - rid: "rad:z3GDoHhm4t58pciEoXZBPA76Qtzqz" # puomi-web + - rid: "rad:zw9BgStPgCkdsMspzs7EGbwnXq3r" # riki + - rid: "rad:z2oUkTnZgqvEER9WZdZLU19rqv7rX" # riki-web + - rid: "rad:z4PiGKYWcz3XPzLf91DAgSHxjNvg8" # roadmap + - rid: "rad:z24MZ7A64C7c9MmcNfR2X7GtQUk14" # sshca + - rid: "rad:z2S7Wn8ZWBKQUQkUNikpZiuFFJZDv" # sshca-web + - rid: "rad:zgYpM7b29D6wTMjEUxxzBjcF9EvK" # unpack-debian-sources + - rid: "rad:z37yxMDoGWhErwFt55n4jDCiQwxLm" # v-i + - rid: "rad:z4DNcHPHUoCytkihDY4vDp4KvGxh3" # v-i-web + - rid: "rad:z3U5PDwEqz64be8vfqEyyj2rkfd1s" # vmadm + - rid: "rad:z2qboj3zYdhQBKo8yGxMfwvhj7HfN" # vmadm-web + - rid: "rad:z2kxCtBwDQMPcaf9vGTNH5nYkp9qk" # vmdb2 + - rid: "rad:z2mn6wzpVAuJoeWx7TZo33nCHuDfQ" # vmdb2-web + radicle_node_domain_name: radicle.liw.fi + radicle_node_ci_domain_name: ci.radicle.liw.fi + radicle_node_ci_broker_config: | + db: /home/_rad/ci-broker.db + report_dir: /srv/http + default_adapter: native + adapters: + native: + command: /bin/radicle-native-ci + env: + RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml + sensitive_env: {} + filters: + - !Or + - !And + - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" # pathdeup-messy-test-repo + - !AnyPatch + - !And + - !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood + - !AnyPatch + - !And + - !Repository "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" # radicle-ci-broker + - !Or + - !Branch main + - !AnyPatch + - !And + - !Repository "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" # radicle-native-ci + - !Or + - !Branch main + - !AnyPatch + radicle_node_policy: block + radicle_node_scope: all + + radicle_node_wumpus_domain_name: wumpus.liw.fi + + # radicle_node_backup: /home/liw/data/radicle.liw.fi/. + + rust_rustup_user: _rad |