1 files changed, 118 insertions, 0 deletions

diff --git a/ansible/radicle.liw.fi.yml b/ansible/radicle.liw.fi.yml
new file mode 100644
index 0000000..dd9a949
--- /dev/null
+++ b/ansible/radicle.liw.fi.yml
@@ -0,0 +1,118 @@
+- hosts: radicle.liw.fi
+  remote_user: root
+  become: yes
+  roles:
+    - role: run-finntroll-playbook-instead
+    - role: sane_debian_system
+    - role: sshd
+    - role: unix_users
+    - role: rust-rustup
+    - role: radicle_node
+  tasks:
+    - name: "install convenience packages"
+      apt:
+        name:
+          - jq
+          - moreutils
+          - psmisc
+  vars:
+    ansible_python_interpreter: /usr/bin/python3
+
+    sane_debian_system_version: 2
+    sane_debian_system_hostname: "{{ inventory_hostname }}"
+    sane_debian_system_codename: bookworm
+    sane_debian_system_timezone: Europe/Helsinki
+    sane_debian_system_sources_lists:
+      - repo: |
+          deb http://security.debian.org/debian-security bookworm-security main contrib non-free
+      - repo: deb http://apt.liw.fi/debian unstable main
+        signing_key: "{{ apt_liw_fi_signing_key }}"
+
+    unix_users_version: 2
+    unix_users:
+      - username: _rad
+        comment: Radicle node
+
+    sshd_version: 1
+
+    radicle_node_version: 1
+    radicle_node_key: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key') }}"
+    radicle_node_key_pub: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key.pub') }}"
+    radicle_node_connections: []
+    radicle_node_repositories:
+      # heartwood
+      - rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5"
+
+      # pathdedup test repo
+      - rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs"
+
+      # ansibleness
+      - rid: "rad:z3sckw1Xm8j5URDJz1zeESHfFYDEc"
+
+      # debian-ansible
+      - rid: "rad:z3LXXus6Wu93LuSuuuSBPcFkDiyCW"
+
+      # html-page
+      - rid: "rad:z2i9UF8soK1X6L9hae8UcQPSvdHjW"
+
+      # liw-dot-files
+      - rid: "rad:z2xcsrnG8dC76bkxXsASZbWGH5N2w"
+
+      # radicle-stress-test
+      - rid: "rad:z2HXqzZMRhZUiYm33pLgYfqBgcGCj"
+
+      # radicle-ci-broker
+      - rid: "rad:zwTxygwuz5LDGBq255RA2CbNGrz8"
+
+      # radicle-native-ci
+      - rid: "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE"
+
+      # riki
+      - rid: "rad:zw9BgStPgCkdsMspzs7EGbwnXq3r"
+
+      # wumpus hunter
+      - rid: "rad:zd4kAF7rQFKbCHAdbcF6zVkx8MyN"
+
+      # missing-dependencies
+      - rid: "rad:z3PKKNstRjLYqhvGq9rxGy7LoEVr5"
+
+      # vmdb2
+      - rid: "rad:z2kxCtBwDQMPcaf9vGTNH5nYkp9qk"
+
+      # vmdb2-web
+      - rid: "rad:z2mn6wzpVAuJoeWx7TZo33nCHuDfQ"
+
+      # unpack-debian-sources
+      - rid: "rad:zgYpM7b29D6wTMjEUxxzBjcF9EvK"
+    radicle_node_domain_name: radicle.liw.fi
+    radicle_node_wumpus_domain_name: wumpus.liw.fi
+    radicle_node_ci_domain_name: ci.radicle.liw.fi
+    radicle_node_ci_broker_config: |
+      db: /home/_rad/ci-broker.db
+      report_dir: /srv/http
+      default_adapter: native
+      adapters:
+        native:
+          command: /bin/radicle-native-ci
+          env:
+            RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml
+      filters:
+        - !Or
+          - !And
+            - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs"
+            - !AnyPatch
+          - !And
+            - !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5"
+            - !AnyPatch
+          - !And
+            - !Repository "rad:zwTxygwuz5LDGBq255RA2CbNGrz8"
+            - !AnyPatch
+          - !And
+            - !Repository "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE"
+            - !AnyPatch
+    radicle_node_policy: block
+    radicle_node_scope: all
+
+    # radicle_node_backup: /home/liw/data/radicle.liw.fi/.
+
+    rust_rustup_user: _rad