blob: ffcc3e5252417a89389bbb7157ae3036c617c05b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
|
- hosts: finntroll.liw.fi
remote_user: root
roles:
- sshd
- sane_debian_system
- self-updating-system
- comfortable-debian-system
- unix_users
- rust-rustup
- radicle_node
tasks:
- name: "install additional packages"
apt:
name:
- jq
- moreutils
- nmap
- psmisc
- ripgrep
- sqlite3
- wumpus-hunter
- name: "create directory for wumpus files"
file:
state: directory
path: /srv/wumpus
owner: wumpus
group: wumpus
- name: "create directory for temporary wumpus files"
file:
state: directory
path: /srv/tmp
owner: wumpus
group: wumpus
- name: "install wumpus hunter config"
copy:
content: |
description: |
Results of running the Radicle heartwood tests
repeatedly. Report number of successful and fail test
runs per commit. Keep logs of each test run for each
commit.
repository_url: https://seed.radicle.xyz/z3gqcJUoA1n9HaHKufZs5FCSGazv5.git
git_ref: master
command: |
cargo test --locked --workspace
dest: /home/wumpus/wumpus.yaml
owner: wumpus
group: wumpus
- name: "install service unit for wumpus hunter"
copy:
content: |
[Unit]
Description=Wumpus hunter
After=network.target network-online.target
Requires=network-online.target
[Service]
User=wumpus
Group=wumpus
ExecStart=/usr/bin/wumpus-hunter run --logs /srv/wumpus /home/wumpus/wumpus.yaml
Environment=RUST_BACKTRACE=1 WUMPUS_LOG=info PATH=/home/wumpus/.cargo/bin:/bin:/sbin TMPDIR=/srv/tmp
KillMode=process
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target
dest: /etc/systemd/system/wumpus-hunter.service
- name: "(re)start systemd unit for Radicle node"
systemd:
name: wumpus-hunter
state: restarted
masked: no
enabled: yes
daemon_reload: yes
vars:
ansible_python_interpreter: /usr/bin/python3
sane_debian_system_version: 2
sane_debian_system_hostname: finntroll
sane_debian_system_codename: bookworm
sane_debian_system_timezone: Europe/Helsinki
sane_debian_system_sources_lists:
- repo: |
deb http://security.debian.org/debian-security bookworm-security main contrib non-free
- repo: deb http://apt.liw.fi/debian unstable main
signing_key: "{{ apt_liw_fi_signing_key }}"
unix_users_version: 2
unix_users:
- username: liw
comment: Lars Wirzenius
- username: _rad
comment: Radicle node
- username: wumpus
comment: Wumpus hunter
sshd_version: 1
sshd_host_key: "{{ lookup('pipe', 'sshca host private-key finntroll.liw.fi') }}"
sshd_host_cert: "{{ lookup('pipe', 'sshca host certify --ca liw.fi/ca/host/v5 finntroll.liw.fi') }}"
sshd_user_ca_pub: "{{ lookup('pipe', 'sshca ca public-key liw.fi/ca/user/v5') }}"
radicle_node_version: 1
radicle_node_key: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key') }}"
radicle_node_key_pub: "{{ lookup('pipe', 'pass radicle/radicle.liw.fi/key.pub') }}"
# radicle_node_connections:
# - nid: z6MkhfTshN2uPFBGcxBsZW7Mbof1TgkphBqr5dFTWd1hbNUq
# host: seed.liw.fi
# port: 8776
radicle_node_repositories:
# Radicle work
- rid: "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood
- rid: "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" # pathdedup test repo
- rid: "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" # radicle-ci-broker
- rid: "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" # radicle-native-ci
- rid: "rad:z2HXqzZMRhZUiYm33pLgYfqBgcGCj" # radicle-stress-test
- rid: "rad:zd4kAF7rQFKbCHAdbcF6zVkx8MyN" # wumpus hunter
# Personal, Subplot
- rid: "rad:zjxyd2A1A7FnxtC69qDfoAajfTHo" # subplot
- rid: "rad:z2M6WnwXyFcdQNj6M5pav3BnyTBfz" # subplot-web
# Personal, Obnam
- rid: "rad:zhmWact4xuWp1XSwPER79oPUGW9S" # cachedir
- rid: "rad:z2iicxsVP46kyA7rzFXrQHrk88cAo" # obnam2
- rid: "rad:z2aq8B4ui77q8msEtUaGYXeSwNYuc" # obnam-web
- rid: "rad:z3ZFpLzEYTmjzDqSTxf2bZchktBH1" # obnam-benchmark
- rid: "rad:z2bB6gdePNQ9jyMK487mu4CraYewX" # obnam-benchmark-results
- rid: "rad:z3NGfAXUfSehZbf8f6VGad9KHCrb5" # obnam-benchmark-specs
- rid: "rad:z3cL5uBuhFK5FWkc5RYecAoBXNz8d" # summain
# Personal, other
- rid: "rad:z4AmsrmyEsdZWh9KLSRbReDM9nnbe" # 256.liw.fi
- rid: "rad:z3sckw1Xm8j5URDJz1zeESHfFYDEc" # ansibleness
- rid: "rad:z2aW1bujxH96GsWdKBcFqDpzSNnUS" # clab
- rid: "rad:z3LXXus6Wu93LuSuuuSBPcFkDiyCW" # debian-ansible
- rid: "rad:z355dPnbvpPxC3FoT38pjs9AzspQB" # early-linux-history-talk
- rid: "rad:z3pQaQ5fBe9CZY9g9vzXLWPEnwXVB" # extrautils
- rid: "rad:zN4j1nt4y1xtoz9Tat6asyfJDyc2" # gtdfh
- rid: "rad:z2i9UF8soK1X6L9hae8UcQPSvdHjW" # html-page
- rid: "rad:z2wZYvawkpUTnfrCL5iHaufpCdXyk" # jt
- rid: "rad:zUcMk9QpMdyty6tABQ6Cje21xAro" # liw-automation
- rid: "rad:z4Az1APNZyfFVkTzneyfq6SBPKqtV" # linux-news
- rid: "rad:z2xcsrnG8dC76bkxXsASZbWGH5N2w" # liw-dot-files
- rid: "rad:z3PKKNstRjLYqhvGq9rxGy7LoEVr5" # missing-dependencies
- rid: "rad:z2tnM99uips8nguhcg12hLX5yC3t7" # pandoc-filter-diagram
- rid: "rad:z3uBEubocQ9kJANPvMAo6z5ZhhaFh" # pathdedup (real)
- rid: "rad:zRGTo2HYeSsNojTQg93anVtn5Gcw" # puomi
- rid: "rad:z3GDoHhm4t58pciEoXZBPA76Qtzqz" # puomi-web
- rid: "rad:zw9BgStPgCkdsMspzs7EGbwnXq3r" # riki
- rid: "rad:z2oUkTnZgqvEER9WZdZLU19rqv7rX" # riki-web
- rid: "rad:z4PiGKYWcz3XPzLf91DAgSHxjNvg8" # roadmap
- rid: "rad:z24MZ7A64C7c9MmcNfR2X7GtQUk14" # sshca
- rid: "rad:z2S7Wn8ZWBKQUQkUNikpZiuFFJZDv" # sshca-web
- rid: "rad:zgYpM7b29D6wTMjEUxxzBjcF9EvK" # unpack-debian-sources
- rid: "rad:z37yxMDoGWhErwFt55n4jDCiQwxLm" # v-i
- rid: "rad:z4DNcHPHUoCytkihDY4vDp4KvGxh3" # v-i-web
- rid: "rad:z3U5PDwEqz64be8vfqEyyj2rkfd1s" # vmadm
- rid: "rad:z2qboj3zYdhQBKo8yGxMfwvhj7HfN" # vmadm-web
- rid: "rad:z2kxCtBwDQMPcaf9vGTNH5nYkp9qk" # vmdb2
- rid: "rad:z2mn6wzpVAuJoeWx7TZo33nCHuDfQ" # vmdb2-web
radicle_node_domain_name: radicle.liw.fi
radicle_node_ci_domain_name: ci.radicle.liw.fi
radicle_node_ci_broker_config: |
db: /home/_rad/ci-broker.db
report_dir: /srv/http
default_adapter: native
adapters:
native:
command: /bin/radicle-native-ci
env:
RADICLE_NATIVE_CI: /home/_rad/native-ci.yaml
sensitive_env: {}
filters:
- !Or
- !And
- !Repository "rad:zZnk3hS8C3WAhnv7mWcCUToCqpBs" # pathdeup-messy-test-repo
- !AnyPatch
- !And
- !Repository "rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5" # heartwood
- !AnyPatch
- !And
- !Repository "rad:zwTxygwuz5LDGBq255RA2CbNGrz8" # radicle-ci-broker
- !Or
- !Branch main
- !AnyPatch
- !And
- !Repository "rad:z3qg5TKmN83afz2fj9z3fQjU8vaYE" # radicle-native-ci
- !Or
- !Branch main
- !AnyPatch
radicle_node_policy: block
radicle_node_scope: all
radicle_node_wumpus_domain_name: wumpus.liw.fi
# radicle_node_backup: /home/liw/data/radicle.liw.fi/.
rust_rustup_user: _rad
|
