diff options
Diffstat (limited to 'ansible/radicle-liw3.yaml')
-rw-r--r-- | ansible/radicle-liw3.yaml | 195 |
1 files changed, 195 insertions, 0 deletions
diff --git a/ansible/radicle-liw3.yaml b/ansible/radicle-liw3.yaml new file mode 100644 index 0000000..0ad8a4e --- /dev/null +++ b/ansible/radicle-liw3.yaml @@ -0,0 +1,195 @@ +- hosts: radicle-liw3 + remote_user: debian + become: yes + roles: + - role: sane_debian_system + - role: sshd + - role: comfortable-debian-system + - role: unix_users + - role: rust-rustup + - role: liw + tasks: + - name: "install important additional packages" + apt: + name: + - moreutils + - nmap + - ripgrep + + - name: "install radicle using installer" + shell: | + curl -sSf https://radicle.xyz/install | sudo -u liw bash + + - name: "create directory for Radicle keys" + file: + state: directory + path: /home/liw/.radicle/keys + owner: liw + group: liw + + - name: "install Radicle private key" + copy: + content: | + {{ lookup('pipe', 'pass show radicle/radicle-liw3/key') }} + dest: /home/liw/.radicle/keys/radicle + owner: liw + group: liw + mode: 0600 + + - name: "install Radicle public key" + copy: + content: | + {{ lookup('pipe', 'pass show radicle/radicle-liw3/key.pub') }} + dest: /home/liw/.radicle/keys/radicle.pub + owner: liw + group: liw + mode: 0644 + + - name: "install script to install Radicle CI stuff" + copy: + content: | + #!/bin/bash + set -xeuo pipefail + + clone_install() { + local url dir root + url="$1" + dir="$2" + root="$3" + + if [ ! -e "$dir" ]; then + git clone "$url" "$dir" + else + (cd "$dir" && git pull) + fi + + (cd "$dir" && cargo install --path=. --root="$root") + } + + clone_install https://radicle.liw.fi/zwTxygwuz5LDGBq255RA2CbNGrz8.git radicle-ci-broker "$(pwd)/root" + clone_install https://radicle.liw.fi/z3qg5TKmN83afz2fj9z3fQjU8vaYE.git radicle-native-ci "$(pwd)/root" + + install root/bin/* $HOME/bin + dest: /home/liw/install-radicle-ci + owner: liw + group: liw + mode: 0755 + + - name: "install Radicle CI stuff" + shell: | + sudo -i -u liw bash -c 'cd /home/liw && install -d bin && ./install-radicle-ci' + + - name: "install systemd unit for Radicle node" + copy: + content: | + [Unit] + After=syslog.target network.target + Description=Radicle Node + + [Service] + Type=simple + ExecStart=/home/liw/.radicle/bin/radicle-node --listen 0.0.0.0:8776 + Environment=RAD_HOME=/home/liw/.radicle + KillMode=process + Restart=never + RestartSec=1 + User=liw + Group=liw + + [Install] + WantedBy=default.target + dest: /lib/systemd/system/radicle-node.service + + - name: "enable systemd unit for Radicle node" + systemd: + name: radicle-node + state: restarted + masked: no + enabled: yes + daemon_reload: yes + + - name: "install Radicle CI broker config" + copy: + content: | + default_adapter: native + adapters: + native: + command: /home/liw/bin/radicle-native-ci + env: + RADICLE_NATIVE_CI: /home/liw/native-ci.yaml + filters: + - !And + - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" + - !AnyPatch + dest: /home/liw/ci-broker.yaml + owner: liw + group: liw + mode: 0644 + + - name: "create state directory for Radicle native CI" + file: + state: directory + path: /home/liw/native-ci.state + owner: liw + group: liw + mode: 0755 + + - name: "install Radicle native CI config" + copy: + content: | + state: /home/liw/native-ci.state + dest: /home/liw/native-ci.yaml + owner: liw + group: liw + mode: 0644 + + - name: "install systemd unit for Radicle CI broker" + copy: + content: | + [Unit] + After=radicle-node.service + Description=Radicle CI broker + + [Service] + Type=simple + Environment=RAD_HOME=/home/liw/.radicle + Environment=RUST_LOG=trace + ExecStart=bash -c '/home/liw/bin/ci-broker /home/liw/ci-broker.yaml >> /home/liw/broker.log' + KillMode=process + Restart=never + RestartSec=1 + User=liw + Group=liw + + [Install] + WantedBy=default.target + dest: /lib/systemd/system/radicle-ci-broker.service + + - name: "enable systemd unit for Radicle CI broker" + systemd: + name: radicle-ci-broker + state: restarted + masked: no + enabled: yes + daemon_reload: yes + + vars: + ansible_python_interpreter: /usr/bin/python3 + + sane_debian_system_version: 2 + sane_debian_system_hostname: "{{ inventory_hostname }}" + sane_debian_system_codename: bookworm + sane_debian_system_timezone: Europe/Helsinki + sane_debian_system_sources_lists: + - repo: | + deb http://security.debian.org/debian-security bookworm-security main contrib non-free + + unix_users_version: 2 + unix_users: + - username: liw + comment: Lars Wirzenius + + sshd_version: 1 + + rustup_cargo_install: | + starship |