1 files changed, 195 insertions, 0 deletions

diff --git a/ansible/radicle-liw3.yaml b/ansible/radicle-liw3.yaml
new file mode 100644
index 0000000..0ad8a4e
--- /dev/null
+++ b/ansible/radicle-liw3.yaml
@@ -0,0 +1,195 @@
+- hosts: radicle-liw3
+  remote_user: debian
+  become: yes
+  roles:
+    - role: sane_debian_system
+    - role: sshd
+    - role: comfortable-debian-system
+    - role: unix_users
+    - role: rust-rustup
+    - role: liw
+  tasks:
+    - name: "install important additional packages"
+      apt:
+        name:
+          - moreutils
+          - nmap
+          - ripgrep
+
+    - name: "install radicle using installer"
+      shell: |
+        curl -sSf https://radicle.xyz/install | sudo -u liw bash
+
+    - name: "create directory for Radicle keys"
+      file:
+        state: directory
+        path: /home/liw/.radicle/keys
+        owner: liw
+        group: liw
+
+    - name: "install Radicle private key"
+      copy:
+        content: |
+          {{ lookup('pipe', 'pass show radicle/radicle-liw3/key') }}
+        dest: /home/liw/.radicle/keys/radicle
+        owner: liw
+        group: liw
+        mode: 0600
+
+    - name: "install Radicle public key"
+      copy:
+        content: |
+          {{ lookup('pipe', 'pass show radicle/radicle-liw3/key.pub') }}
+        dest: /home/liw/.radicle/keys/radicle.pub
+        owner: liw
+        group: liw
+        mode: 0644
+
+    - name: "install script to install Radicle CI stuff"
+      copy:
+        content: |
+          #!/bin/bash
+          set -xeuo pipefail
+
+          clone_install() {
+                  local url dir root
+                  url="$1"
+                  dir="$2"
+                  root="$3"
+
+                  if [ ! -e "$dir" ]; then
+                          git clone "$url" "$dir"
+                  else
+                          (cd "$dir" && git pull)
+                  fi
+
+                  (cd "$dir" && cargo install --path=. --root="$root")
+          }
+
+          clone_install https://radicle.liw.fi/zwTxygwuz5LDGBq255RA2CbNGrz8.git radicle-ci-broker "$(pwd)/root"
+          clone_install https://radicle.liw.fi/z3qg5TKmN83afz2fj9z3fQjU8vaYE.git radicle-native-ci "$(pwd)/root"
+
+          install root/bin/* $HOME/bin
+        dest: /home/liw/install-radicle-ci
+        owner: liw
+        group: liw
+        mode: 0755
+
+    - name: "install Radicle CI stuff"
+      shell: |
+        sudo -i -u liw bash -c 'cd /home/liw && install -d bin && ./install-radicle-ci'
+
+    - name: "install systemd unit for Radicle node"
+      copy:
+        content: |
+          [Unit]
+          After=syslog.target network.target
+          Description=Radicle Node
+
+          [Service]
+          Type=simple
+          ExecStart=/home/liw/.radicle/bin/radicle-node --listen 0.0.0.0:8776
+          Environment=RAD_HOME=/home/liw/.radicle
+          KillMode=process
+          Restart=never
+          RestartSec=1
+          User=liw
+          Group=liw
+
+          [Install]
+          WantedBy=default.target
+        dest: /lib/systemd/system/radicle-node.service
+
+    - name: "enable systemd unit for Radicle node"
+      systemd:
+        name: radicle-node
+        state: restarted
+        masked: no
+        enabled: yes
+        daemon_reload: yes
+
+    - name: "install Radicle CI broker config"
+      copy:
+        content: |
+          default_adapter: native
+          adapters:
+            native:
+              command: /home/liw/bin/radicle-native-ci
+              env:
+                RADICLE_NATIVE_CI: /home/liw/native-ci.yaml
+          filters:
+            - !And
+              - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs"
+              - !AnyPatch
+        dest: /home/liw/ci-broker.yaml
+        owner: liw
+        group: liw
+        mode: 0644
+
+    - name: "create state directory for Radicle native CI"
+      file:
+        state: directory
+        path: /home/liw/native-ci.state
+        owner: liw
+        group: liw
+        mode: 0755
+
+    - name: "install Radicle native CI config"
+      copy:
+        content: |
+          state: /home/liw/native-ci.state
+        dest: /home/liw/native-ci.yaml
+        owner: liw
+        group: liw
+        mode: 0644
+
+    - name: "install systemd unit for Radicle CI broker"
+      copy:
+        content: |
+          [Unit]
+          After=radicle-node.service
+          Description=Radicle CI broker
+
+          [Service]
+          Type=simple
+          Environment=RAD_HOME=/home/liw/.radicle
+          Environment=RUST_LOG=trace
+          ExecStart=bash -c '/home/liw/bin/ci-broker /home/liw/ci-broker.yaml >> /home/liw/broker.log'
+          KillMode=process
+          Restart=never
+          RestartSec=1
+          User=liw
+          Group=liw
+
+          [Install]
+          WantedBy=default.target
+        dest: /lib/systemd/system/radicle-ci-broker.service
+
+    - name: "enable systemd unit for Radicle CI broker"
+      systemd:
+        name: radicle-ci-broker
+        state: restarted
+        masked: no
+        enabled: yes
+        daemon_reload: yes
+
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bookworm
+    sane_debian_system_timezone: Europe/Helsinki
+    sane_debian_system_sources_lists:
+      - repo: |
+          deb http://security.debian.org/debian-security bookworm-security main contrib non-free
+
+    unix_users_version: 2
+    unix_users:
+      - username: liw
+        comment: Lars Wirzenius
+
+    sshd_version: 1
+
+    rustup_cargo_install: |
+      starship