summaryrefslogtreecommitdiff
path: root/ansible/icktool.yml
blob: 2dc9dabb3ddc3bf18a709493bffa91df9708cc1d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
- hosts: icktool
  remote_user: root
  roles:
    - role: sane_debian_system
    - role: unix_users
  tasks:
    - name: "install git and Ick"
      apt:
        state: present
        name:
          - git
          - moreutils
          - psmisc
          - ick2
          - jq
    - name: "clone liw-ci"
      shell: |
        if ! [ -e /home/liw/liw-ci ]
        then
          sudo -i -u liw git clone git://git.liw.fi/liw-ci
        fi
    - name: "install ick-statut"
      copy:
        content: |
          #!/bin/bash
          set -euo pipefail
          icktool status | grep -v -e "done" -e "dummy-"
        dest: /home/liw/ick-status
        owner: liw
        group: liw
        mode: 0755
    - name: "create ~/.config/icktool"
      file:
        state: directory
        path: /home/liw/.config/icktool
        owner: liw
        group: liw
    - name: "install icktool config"
      copy:
        content: |
          config:
            controller: https://ci-prod-controller.vm.liw.fi
        dest: /home/liw/.config/icktool/icktool.yaml
        owner: liw
        group: liw
        mode: 0644
    - name: "install icktool credentials"
      copy:
        content: |
          [https://ci-prod-controller.vm.liw.fi/token]
          client_id = liw
          client_secret = {{ lookup('pipe', 'pass ick2/admin_secret') }}
        dest: /home/liw/.config/icktool/credentials.conf
        owner: liw
        group: liw
        mode: 0600

  vars:
    ansible_python_interpreter: /usr/bin/python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: icktool
    sane_debian_system_codename: buster
    sane_debian_system_sources_lists:
      - repo: deb http://ci-prod-controller.vm.liw.fi/debian unstable-ci main
        signing_key: "{{ ci_prod_signing_key }}"

    unix_users_version: 2
    unix_users:
      - username: liw
        comment: Lars Wirzenius
        sudo: true
        ssh_key: |
          {{ lookup('pipe', 'pass show ssh/liw@mirror-git') }}
        ssh_key_pub: |
          {{ lookup('pipe', 'pass show ssh/liw@mirror-git.pub') }}