summaryrefslogtreecommitdiff
path: root/ansible/finntroll.liw.fi.yml
diff options
context:
space:
mode:
Diffstat (limited to 'ansible/finntroll.liw.fi.yml')
-rw-r--r--ansible/finntroll.liw.fi.yml205
1 files changed, 205 insertions, 0 deletions
diff --git a/ansible/finntroll.liw.fi.yml b/ansible/finntroll.liw.fi.yml
new file mode 100644
index 0000000..ffcc3e5
--- /dev/null
+++ b/ansible/finntroll.liw.fi.yml
@@ -0,0 +1,205 @@
+- hosts: finntroll.liw.fi
+ remote_user: root
+ roles:
+ - sshd
+ - sane_debian_system
+ - self-updating-system
+ - comfortable-debian-system
+ - unix_users
+ - rust-rustup
+ - radicle_node
+ tasks:
+ - name: "install additional packages"
+ apt:
+ name:
+ - jq
+ - moreutils
+ - nmap
+ - psmisc
+ - ripgrep
+ - sqlite3
+ - wumpus-hunter
+
+ - name: "create directory for wumpus files"
+ file:
+ state: directory
+ path: /srv/wumpus
+ owner: wumpus
+ group: wumpus
+
+ - name: "create directory for temporary wumpus files"
+ file:
+ state: directory
+ path: /srv/tmp
+ owner: wumpus
+ group: wumpus
+
+ - name: "install wumpus hunter config"
+ copy:
+ content: |
+ description: |
+ Results of running the Radicle heartwood tests
+ repeatedly. Report number of successful and fail test
+ runs per commit. Keep logs of each test run for each
+ commit.
+ repository_url: https://seed.radicle.xyz/z3gqcJUoA1n9HaHKufZs5FCSGazv5.git
+ git_ref: master
+ command: |
+ cargo test --locked --workspace
+ dest: /home/wumpus/wumpus.yaml
+ owner: wumpus
+ group: wumpus
+
+ - name: "install service unit for wumpus hunter"
+ copy:
+ content: |
+ [Unit]
+ Description=Wumpus hunter
+ After=network.target network-online.target
+ Requires=network-online.target
+
+ [Service]
+ User=wumpus
+ Group=wumpus
+ ExecStart=/usr/bin/wumpus-hunter run --logs /srv/wumpus /home/wumpus/wumpus.yaml
+ Environment=RUST_BACKTRACE=1 WUMPUS_LOG=info PATH=/home/wumpus/.cargo/bin:/bin:/sbin TMPDIR=/srv/tmp
+ KillMode=process
+ Restart=always
+ RestartSec=3
+
+ [Install]
+ WantedBy=multi-user.target
+ dest: /etc/systemd/system/wumpus-hunter.service
+
+ - name: "(re)start systemd unit for Radicle node"
+ systemd:
+ name: wumpus-hunter
+ state: restarted
+ masked: no
+ enabled: yes
+ daemon_reload: yes
+
+ vars:
+ ansible_python_interpreter: /usr/bin/python3
+
+ sane_debian_system_version: 2
+ sane_debian_system_hostname: finntroll
+ sane_debian_system_codename: bookworm
+ sane_debian_system_timezone: Europe/Helsinki
+ sane_debian_system_sources_lists:
+ - repo: |
+ deb http://security.debian.org/debian-security bookworm-security main contrib non-free
+ - repo: deb http://apt.liw.fi/debian unstable main
+ signing_key: "{{ apt_liw_fi_signing_key }}"
+
+ unix_users_version: 2
+ unix_users:
+ - username: liw
+ comment: Lars Wirzenius
+ - username: _rad
+ comment: Radicle node
+ - username: wumpus
+ comment: Wumpus hunter
+
+ sshd_version: 1
+ sshd_host_key: "{{ lookup('pipe', 'sshca host private-key finntroll.liw.fi') }}"
+ sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 finntroll.liw.fi') }}"
+ sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
+
+ radicle_node_version: 1
+ radicle_node_key: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key') }}"
+ radicle_node_key_pub: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key.pub') }}"
+ # radicle_node_connections:
+ # - nid: z6MkhfTshN2uPFBGcxBsZW7Mbof1TgkphBqr5dFTWd1hbNUq
+ # host: seed.liw.fi
+ # port: 8776
+ radicle_node_repositories:
+ # Radicle work
+ - rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood
+ - rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" # pathdedup test repo
+ - rid: "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" # radicle-ci-broker
+ - rid: "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" # radicle-native-ci
+ - rid: "rad:z2HXqzZMRhZUiYm33pLgYfqBgcGCj" # radicle-stress-test
+ - rid: "rad:zd4kAF7rQFKbCHAdbcF6zVkx8MyN" # wumpus hunter
+
+ # Personal, Subplot
+ - rid: "rad:zjxyd2A1A7FnxtC69qDfoAajfTHo" # subplot
+ - rid: "rad:z2M6WnwXyFcdQNj6M5pav3BnyTBfz" # subplot-web
+
+ # Personal, Obnam
+ - rid: "rad:zhmWact4xuWp1XSwPER79oPUGW9S" # cachedir
+ - rid: "rad:z2iicxsVP46kyA7rzFXrQHrk88cAo" # obnam2
+ - rid: "rad:z2aq8B4ui77q8msEtUaGYXeSwNYuc" # obnam-web
+ - rid: "rad:z3ZFpLzEYTmjzDqSTxf2bZchktBH1" # obnam-benchmark
+ - rid: "rad:z2bB6gdePNQ9jyMK487mu4CraYewX" # obnam-benchmark-results
+ - rid: "rad:z3NGfAXUfSehZbf8f6VGad9KHCrb5" # obnam-benchmark-specs
+ - rid: "rad:z3cL5uBuhFK5FWkc5RYecAoBXNz8d" # summain
+
+ # Personal, other
+ - rid: "rad:z4AmsrmyEsdZWh9KLSRbReDM9nnbe" # 256.liw.fi
+ - rid: "rad:z3sckw1Xm8j5URDJz1zeESHfFYDEc" # ansibleness
+ - rid: "rad:z2aW1bujxH96GsWdKBcFqDpzSNnUS" # clab
+ - rid: "rad:z3LXXus6Wu93LuSuuuSBPcFkDiyCW" # debian-ansible
+ - rid: "rad:z355dPnbvpPxC3FoT38pjs9AzspQB" # early-linux-history-talk
+ - rid: "rad:z3pQaQ5fBe9CZY9g9vzXLWPEnwXVB" # extrautils
+ - rid: "rad:zN4j1nt4y1xtoz9Tat6asyfJDyc2" # gtdfh
+ - rid: "rad:z2i9UF8soK1X6L9hae8UcQPSvdHjW" # html-page
+ - rid: "rad:z2wZYvawkpUTnfrCL5iHaufpCdXyk" # jt
+ - rid: "rad:zUcMk9QpMdyty6tABQ6Cje21xAro" # liw-automation
+ - rid: "rad:z4Az1APNZyfFVkTzneyfq6SBPKqtV" # linux-news
+ - rid: "rad:z2xcsrnG8dC76bkxXsASZbWGH5N2w" # liw-dot-files
+ - rid: "rad:z3PKKNstRjLYqhvGq9rxGy7LoEVr5" # missing-dependencies
+ - rid: "rad:z2tnM99uips8nguhcg12hLX5yC3t7" # pandoc-filter-diagram
+ - rid: "rad:z3uBEubocQ9kJANPvMAo6z5ZhhaFh" # pathdedup (real)
+ - rid: "rad:zRGTo2HYeSsNojTQg93anVtn5Gcw" # puomi
+ - rid: "rad:z3GDoHhm4t58pciEoXZBPA76Qtzqz" # puomi-web
+ - rid: "rad:zw9BgStPgCkdsMspzs7EGbwnXq3r" # riki
+ - rid: "rad:z2oUkTnZgqvEER9WZdZLU19rqv7rX" # riki-web
+ - rid: "rad:z4PiGKYWcz3XPzLf91DAgSHxjNvg8" # roadmap
+ - rid: "rad:z24MZ7A64C7c9MmcNfR2X7GtQUk14" # sshca
+ - rid: "rad:z2S7Wn8ZWBKQUQkUNikpZiuFFJZDv" # sshca-web
+ - rid: "rad:zgYpM7b29D6wTMjEUxxzBjcF9EvK" # unpack-debian-sources
+ - rid: "rad:z37yxMDoGWhErwFt55n4jDCiQwxLm" # v-i
+ - rid: "rad:z4DNcHPHUoCytkihDY4vDp4KvGxh3" # v-i-web
+ - rid: "rad:z3U5PDwEqz64be8vfqEyyj2rkfd1s" # vmadm
+ - rid: "rad:z2qboj3zYdhQBKo8yGxMfwvhj7HfN" # vmadm-web
+ - rid: "rad:z2kxCtBwDQMPcaf9vGTNH5nYkp9qk" # vmdb2
+ - rid: "rad:z2mn6wzpVAuJoeWx7TZo33nCHuDfQ" # vmdb2-web
+ radicle_node_domain_name: radicle.liw.fi
+ radicle_node_ci_domain_name: ci.radicle.liw.fi
+ radicle_node_ci_broker_config: |
+ db: /home/_rad/ci-broker.db
+ report_dir: /srv/http
+ default_adapter: native
+ adapters:
+ native:
+ command: /bin/radicle-native-ci
+ env:
+ RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml
+ sensitive_env: {}
+ filters:
+ - !Or
+ - !And
+ - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" # pathdeup-messy-test-repo
+ - !AnyPatch
+ - !And
+ - !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood
+ - !AnyPatch
+ - !And
+ - !Repository "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" # radicle-ci-broker
+ - !Or
+ - !Branch main
+ - !AnyPatch
+ - !And
+ - !Repository "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" # radicle-native-ci
+ - !Or
+ - !Branch main
+ - !AnyPatch
+ radicle_node_policy: block
+ radicle_node_scope: all
+
+ radicle_node_wumpus_domain_name: wumpus.liw.fi
+
+ # radicle_node_backup: /home/liw/data/radicle.liw.fi/.
+
+ rust_rustup_user: _rad
generated by cgit v1.2.1 (git 2.18.0) at 2024-05-11 07:29:27 +0000