From 64ab5d080e3d9121c81404b7c2dc2bac654fc7b5 Mon Sep 17 00:00:00 2001 From: Lars Wirzenius Date: Wed, 14 Feb 2024 13:40:40 +0200 Subject: radicle.liw.fi: use radicle_node role to re-deploy Signed-off-by: Lars Wirzenius Sponsored-by: author --- ansible/radicle.liw.fi.yml | 304 +++++++-------------------------------------- 1 file changed, 43 insertions(+), 261 deletions(-) diff --git a/ansible/radicle.liw.fi.yml b/ansible/radicle.liw.fi.yml index 4101794..7787b21 100644 --- a/ansible/radicle.liw.fi.yml +++ b/ansible/radicle.liw.fi.yml @@ -4,269 +4,16 @@ roles: - role: sane_debian_system - role: sshd - - role: comfortable-debian-system - role: unix_users - role: rust-rustup - - role: liw + - role: radicle_node tasks: - - name: "install important additional packages" + - name: "install convenience packages" apt: name: - - caddy + - jq - moreutils - - nmap - - ripgrep - - - name: "install Caddy configuration" - copy: - content: | - :80 { - root * /usr/share/caddy - } - radicle.liw.fi:443 { - reverse_proxy 127.0.0.1:8888 - } - ci.radicle.liw.fi:443 { - root * /srv/http/ - file_server browse - } - dest: /etc/caddy/Caddyfile - - - name: "create directory for CI logs" - file: - state: directory - path: /srv/http - owner: liw - group: liw - - - name: "restart Caddy" - systemd: - name: caddy - state: restarted - masked: no - enabled: yes - daemon_reload: yes - - - name: "install radicle using installer" - shell: | - curl -sSf https://radicle.xyz/install | sudo -u liw bash - - - name: "create directory for Radicle keys" - file: - state: directory - path: /home/liw/.radicle/keys - owner: liw - group: liw - - - name: "install Radicle private key" - copy: - content: | - {{ lookup('pipe', 'pass show radicle/radicle.liw.fi/key') }} - dest: /home/liw/.radicle/keys/radicle - owner: liw - group: liw - mode: 0600 - - - name: "install Radicle public key" - copy: - content: | - {{ lookup('pipe', 'pass show radicle/radicle.liw.fi/key.pub') }} - dest: /home/liw/.radicle/keys/radicle.pub - owner: liw - group: liw - mode: 0644 - - - name: "install systemd unit for Radicle node" - copy: - content: | - [Unit] - After=syslog.target network.target - Description=Radicle Node - - [Service] - Type=simple - ExecStart=/home/liw/.radicle/bin/radicle-node --listen 0.0.0.0:8776 - Environment=RAD_HOME=/home/liw/.radicle - KillMode=process - Restart=never - RestartSec=1 - User=liw - Group=liw - - [Install] - WantedBy=default.target - dest: /lib/systemd/system/radicle-node.service - - - name: "enable systemd unit for Radicle node" - systemd: - name: radicle-node - state: restarted - masked: no - enabled: yes - daemon_reload: yes - - - name: "install systemd unit for Radicle HTTPD" - copy: - content: | - [Unit] - After=syslog.target network.target - Description=Radicle HTTPd - - [Service] - Type=simple - ExecStart=/home/liw/.radicle/bin/radicle-httpd --listen 127.0.0.1:8888 - Environment=RAD_HOME=/home/liw/.radicle - KillMode=process - Restart=always - RestartSec=1 - User=liw - Group=liw - - [Install] - WantedBy=default.target - dest: /lib/systemd/system/radicle-httpd.service - - - name: "enable systemd unit for Radicle HTTPD" - systemd: - name: radicle-httpd - state: restarted - masked: no - enabled: yes - daemon_reload: yes - - - name: "install script to install Radicle CI stuff" - copy: - content: | - #!/bin/bash - set -xeuo pipefail - - clone_install() { - local url dir root - url="$1" - dir="$2" - root="$3" - - if [ ! -e "$dir" ]; then - git clone "$url" "$dir" - else - (cd "$dir" && git pull) - fi - - (cd "$dir" && cargo install --path=. --root="$root") - } - - clone_install git://git.liw.fi/radicle-ci-broker radicle-ci-broker "$(pwd)/root" - clone_install git://git.liw.fi/radicle-native-ci radicle-native-ci "$(pwd)/root" - - install root/bin/* $HOME/bin - dest: /home/liw/install-radicle-ci - owner: liw - group: liw - mode: 0755 - - - name: "install Radicle CI stuff" - shell: | - sudo -i -u liw bash -c 'cd /home/liw && install -d bin && ./install-radicle-ci' - - - name: "install systemd unit for Radicle node" - copy: - content: | - [Unit] - After=syslog.target network.target - Description=Radicle Node - - [Service] - Type=simple - ExecStart=/home/liw/.radicle/bin/radicle-node --listen 0.0.0.0:8776 - Environment=RAD_HOME=/home/liw/.radicle - KillMode=process - Restart=never - RestartSec=1 - User=liw - Group=liw - - [Install] - WantedBy=default.target - dest: /lib/systemd/system/radicle-node.service - - - name: "enable systemd unit for Radicle node" - systemd: - name: radicle-node - state: restarted - masked: no - enabled: yes - daemon_reload: yes - - - name: "install Radicle CI broker config" - copy: - content: | - default_adapter: native - adapters: - native: - command: /home/liw/bin/radicle-native-ci - env: - RADICLE_NATIVE_CI: /home/liw/native-ci.yaml - filters: - - !Or - - !And - - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" - - !AnyPatch - - !And - - !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" - - !AnyPatch - dest: /home/liw/ci-broker.yaml - owner: liw - group: liw - mode: 0644 - - - name: "create state directory for Radicle native CI" - file: - state: directory - path: /home/liw/native-ci.state - owner: liw - group: liw - mode: 0755 - - - name: "install Radicle native CI config" - copy: - content: | - state: /srv/http - log: /home/liw/native-ci.log - dest: /home/liw/native-ci.yaml - owner: liw - group: liw - mode: 0644 - - - name: "install systemd unit for Radicle CI broker" - copy: - content: | - [Unit] - After=radicle-node.service - Description=Radicle CI broker - - [Service] - Type=simple - Environment=RAD_HOME=/home/liw/.radicle - Environment=PATH=/home/liw/bin:/home/liw/.cargo/bin:/home/liw/.local/bin:/home/liw/.radicle/bin:/bin:/sbin - ExecStart=bash -c '/home/liw/bin/ci-broker /home/liw/ci-broker.yaml >> /srv/http/broker.log' - KillMode=process - Restart=never - RestartSec=1 - User=liw - Group=liw - - [Install] - WantedBy=default.target - dest: /lib/systemd/system/radicle-ci-broker.service - - - name: "enable systemd unit for Radicle CI broker" - systemd: - name: radicle-ci-broker - state: restarted - masked: no - enabled: yes - daemon_reload: yes - + - psmisc vars: ansible_python_interpreter: /usr/bin/python3 @@ -277,13 +24,48 @@ sane_debian_system_sources_lists: - repo: | deb http://security.debian.org/debian-security bookworm-security main contrib non-free + - repo: deb http://apt.liw.fi/debian unstable main + signing_key: "{{ apt_liw_fi_signing_key }}" unix_users_version: 2 unix_users: - - username: liw - comment: Lars Wirzenius + - username: _rad + comment: Radicle node sshd_version: 1 - rustup_cargo_install: | - starship + radicle_node_version: 1 + radicle_node_key: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key') }}" + radicle_node_key_pub: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key.pub') }}" + radicle_node_connections: + - nid: z6MkhfTshN2uPFBGcxBsZW7Mbof1TgkphBqr5dFTWd1hbNUq + host: seed.liw.fi + port: 8776 + radicle_node_repositories: + # heartwood + - rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" + + # pathdedup test repo + - rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" + radicle_node_domain_name: radicle.liw.fi + radicle_node_ci_domain_name: ci.radicle.liw.fi + radicle_node_ci_broker_config: | + default_adapter: native + adapters: + native: + command: /bin/radicle-native-ci + env: + RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml + filters: + - !Or + - !And + - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" + - !AnyPatch + - !And + - !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" + - !AnyPatch + radicle_node_policy: block + + radicle_node_backup: /home/liw/data/radicle.liw.fi/. + + rust_rustup_user: _rad -- cgit v1.2.1