- hosts: radicle-liw3 remote_user: debian become: yes roles: - role: sane_debian_system - role: sshd - role: comfortable-debian-system - role: unix_users - role: rust-rustup - role: liw tasks: - name: "install important additional packages" apt: name: - moreutils - nmap - ripgrep - name: "install radicle using installer" shell: | curl -sSf https://radicle.xyz/install | sudo -u liw bash - name: "create directory for Radicle keys" file: state: directory path: /home/liw/.radicle/keys owner: liw group: liw - name: "install Radicle private key" copy: content: | {{ lookup('pipe', 'pass show radicle/radicle-liw3/key') }} dest: /home/liw/.radicle/keys/radicle owner: liw group: liw mode: 0600 - name: "install Radicle public key" copy: content: | {{ lookup('pipe', 'pass show radicle/radicle-liw3/key.pub') }} dest: /home/liw/.radicle/keys/radicle.pub owner: liw group: liw mode: 0644 - name: "install script to install Radicle CI stuff" copy: content: | #!/bin/bash set -xeuo pipefail clone_install() { local url dir root url="$1" dir="$2" root="$3" if [ ! -e "$dir" ]; then git clone "$url" "$dir" else (cd "$dir" && git pull) fi (cd "$dir" && cargo install --path=. --root="$root") } clone_install https://radicle.liw.fi/zwTxygwuz5LDGBq255RA2CbNGrz8.git radicle-ci-broker "$(pwd)/root" clone_install https://radicle.liw.fi/z3qg5TKmN83afz2fj9z3fQjU8vaYE.git radicle-native-ci "$(pwd)/root" install root/bin/* $HOME/bin dest: /home/liw/install-radicle-ci owner: liw group: liw mode: 0755 - name: "install Radicle CI stuff" shell: | sudo -i -u liw bash -c 'cd /home/liw && install -d bin && ./install-radicle-ci' - name: "install systemd unit for Radicle node" copy: content: | [Unit] After=syslog.target network.target Description=Radicle Node [Service] Type=simple ExecStart=/home/liw/.radicle/bin/radicle-node --listen 0.0.0.0:8776 Environment=RAD_HOME=/home/liw/.radicle KillMode=process Restart=never RestartSec=1 User=liw Group=liw [Install] WantedBy=default.target dest: /lib/systemd/system/radicle-node.service - name: "enable systemd unit for Radicle node" systemd: name: radicle-node state: restarted masked: no enabled: yes daemon_reload: yes - name: "install Radicle CI broker config" copy: content: | default_adapter: native adapters: native: command: /home/liw/bin/radicle-native-ci env: RADICLE_NATIVE_CI: /home/liw/native-ci.yaml filters: - !And - !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" - !AnyPatch dest: /home/liw/ci-broker.yaml owner: liw group: liw mode: 0644 - name: "create state directory for Radicle native CI" file: state: directory path: /home/liw/native-ci.state owner: liw group: liw mode: 0755 - name: "install Radicle native CI config" copy: content: | state: /home/liw/native-ci.state dest: /home/liw/native-ci.yaml owner: liw group: liw mode: 0644 - name: "install systemd unit for Radicle CI broker" copy: content: | [Unit] After=radicle-node.service Description=Radicle CI broker [Service] Type=simple Environment=RAD_HOME=/home/liw/.radicle Environment=RUST_LOG=trace ExecStart=bash -c '/home/liw/bin/ci-broker /home/liw/ci-broker.yaml >> /home/liw/broker.log' KillMode=process Restart=never RestartSec=1 User=liw Group=liw [Install] WantedBy=default.target dest: /lib/systemd/system/radicle-ci-broker.service - name: "enable systemd unit for Radicle CI broker" systemd: name: radicle-ci-broker state: restarted masked: no enabled: yes daemon_reload: yes vars: ansible_python_interpreter: /usr/bin/python3 sane_debian_system_version: 2 sane_debian_system_hostname: "{{ inventory_hostname }}" sane_debian_system_codename: bookworm sane_debian_system_timezone: Europe/Helsinki sane_debian_system_sources_lists: - repo: | deb http://security.debian.org/debian-security bookworm-security main contrib non-free unix_users_version: 2 unix_users: - username: liw comment: Lars Wirzenius sshd_version: 1 rustup_cargo_install: | starship