diff options
Diffstat (limited to 'roles/radicle_node/tasks/main.yml')
| -rw-r--r-- | roles/radicle_node/tasks/main.yml | 242 |
1 files changed, 242 insertions, 0 deletions
diff --git a/roles/radicle_node/tasks/main.yml b/roles/radicle_node/tasks/main.yml new file mode 100644 index 0000000..8e04a83 --- /dev/null +++ b/roles/radicle_node/tasks/main.yml @@ -0,0 +1,242 @@ +- name: "check radicle_node_version" + shell: | + [ "{{ radicle_node_version }}" = "1" ] || \ + (echo "Unexpected version {{ radicle_node_version }}" 1>&2; exit 1) + +- name: "check that radicle_node_key is set" + shell: | + echo radicle_node_key Ansible variable is not set + exit 1 + when: radicle_node_key is not defined + +- name: "check that radicle_node_key_pub is set" + shell: | + echo radicle_node_key_pub Ansible variable is not set + exit 1 + when: radicle_node_key_pub is not defined + +- name: "install important additional packages for Radicle" + apt: + name: + # For the Radicle installer + - curl + + # Radicle is built on git. + - git + + # Rsync for backups. + - rsync + + # Web server for the web UI. + - caddy + + # Radicle components. + - radicle + - radicle-ci-broker + - radicle-native-ci + +- name: "stop Radicle node if it's running" + shell: | + systemctl stop radicle-node || true + +- name: "stop Radicle CI broker if it's running" + shell: | + systemctl stop radicle-ci-broker || true + +- name: "configure git for _rad user" + shell: | + sudo -u _rad git config --global user.name "_rad" + sudo -u _rad git config --global user.email "liw@liw.fi" + +- name: "create directory for Radicle for the _rad user" + file: + state: directory + path: /home/_rad/.radicle + owner: _rad + group: _rad + mode: 0755 + +- name: "create directory for web pages" + file: + state: directory + path: /srv/http + owner: _rad + group: _rad + mode: 0755 + +- name: "create directory for Radicle backup" + when: radicle_node_backup is defined + file: + state: directory + path: radicle-backup + owner: root + group: root + mode: 0755 + +- name: "restore from backup (step 1 or 2)" + when: radicle_node_backup is defined + synchronize: + src: "{{ radicle_node_backup }}/." + dest: radicle-backup/. + group: no + owner: no + +- name: "restore from backup (step 2 or 2)" + when: radicle_node_backup is defined + shell: | + find radicle-backup -name control.sock -delete + rsync -a --del radicle-backup/home/_rad/.radicle/. /home/_rad/.radicle/. + rsync -a --del radicle-backup/srv/http/. /srv/http/. + chown -R _rad:_rad /home/_rad/.radicle/. /srv/http/. + +- name: "create directory for Radicle keys" + file: + state: directory + path: /home/_rad/.radicle/keys + owner: _rad + group: _rad + mode: 0755 + +- name: "install Radicle private key" + copy: + content: "{{ radicle_node_key }}" + dest: /home/_rad/.radicle/keys/radicle + owner: _rad + group: _rad + mode: 0600 + +- name: "install Radicle public key" + copy: + content: "{{ radicle_node_key_pub }}" + dest: /home/_rad/.radicle/keys/radicle.pub + owner: _rad + group: _rad + mode: 0644 + +- name: "install systemd unit for Radicle node" + template: + src: radicle-node.service.j2 + dest: /lib/systemd/system/radicle-node.service + +- name: "init Radicle node config" + shell: | + if [ ! -e /home/_rad/.radicle/config.json ]; then + sudo -u _rad -i rad config init --alias "{{ radicle_node_domain_name }}" + fi + +- name: "(re)start systemd unit for Radicle node" + systemd: + name: radicle-node + state: restarted + masked: no + enabled: yes + daemon_reload: yes + +- name: "install script to add update Radicle config file" + when: radicle_node_connections is defined + copy: + src: rad-config-update + dest: /home/_rad/rad-config-update + owner: _rad + group: _rad + mode: 0755 + +- name: "connect to other Radicle nodes" + when: radicle_node_connections is defined + with_items: "{{ radicle_node_connections }}" + shell: | + sudo -u _rad -i ./rad-config-update \ + "{{ radicle_node_domain_name }}" \ + "{{ radicle_node_domain_name }}:8776" \ + "{{ radicle_node_policy }}" \ + "{{ radicle_node_scope }}" \ + "{{ item.nid }}@{{ item.host }}:{{ item.port }}" + +- name: "install script to add update Radicle repository pinning" + when: radicle_node_repositories is defined + copy: + src: rad-config-pin + dest: /home/_rad/rad-config-pin + owner: _rad + group: _rad + mode: 0755 + +- name: "seed Radicle repositories" + when: radicle_node_repositories is defined + with_items: "{{ radicle_node_repositories }}" + shell: | + sudo -u _rad rad seed "{{ item.rid }}" + sudo -u _rad -i ./rad-config-pin "{{ item.rid }}" + +- name: "install Caddy configuation file" + template: + src: Caddyfile.j2 + dest: /etc/caddy/Caddyfile + +- name: "create directory for CI logs" + file: + state: directory + path: /srv/http + owner: _rad + group: _rad + +- name: "restart Caddy" + systemd: + name: caddy + state: restarted + masked: no + enabled: yes + daemon_reload: yes + +- name: "install systemd unit for Radicle HTTPD" + template: + src: radicle-httpd.service.j2 + dest: /lib/systemd/system/radicle-httpd.service + +- name: "enable systemd unit for Radicle HTTPD" + systemd: + name: radicle-httpd + state: restarted + masked: no + enabled: yes + daemon_reload: yes + +- name: "install Radicle CI broker config" + copy: + content: | + {{ radicle_node_ci_broker_config }} + dest: /home/_rad/ci-broker.yaml + owner: _rad + group: _rad + mode: 0644 + +- name: "create state directory for Radicle native CI" + file: + state: directory + path: /home/_rad/native-ci.state + owner: _rad + group: _rad + mode: 0755 + +- name: "install Radicle native CI config" + copy: + content: | + state: /srv/http + log: /home/_rad/native-ci.log + dest: /home/_rad/native-ci.yaml + owner: _rad + group: _rad + mode: 0644 + +- name: "install systemd unit for Radicle CI broker" + template: + src: radicle-ci-broker.service.j2 + dest: /lib/systemd/system/radicle-ci-broker.service + +- name: "enable systemd unit for Radicle CI broker" + systemd: + name: radicle-ci-broker + state: restarted + masked: no + enabled: yes + daemon_reload: yes |