ick2.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

- hosts: single
  remote_user: root
  become: yes
  roles:
    - sane_debian_system
    - comfortable
    - unix_users
    - letsencrypt
    - haproxy
    - qvisqve
    - ick-controller
    - ick-worker
    - ick-artifact-store
    - ick-notifier
    - apt_repository
  vars:
    hostname: ick
    debian_codename: stretch
    ci_prefix: ""

    letsencrypt: no
    letsencrypt_email: liw@liw.fi
    letsencrypt_domain: "{{ qvisqve_domain }}"
    tls_certificate: "{{ lookup('pipe', 'pass show ick2/ick.pem') }}"
    verify_tls: no

    token_private_key: "{{ lookup('pipe', 'pass show ick2/token_key') }}"
    token_public_key: "{{ lookup('pipe', 'pass show ick2/token_key.pub') }}"

    qvisqve_domain: 127.0.0.1
    qvisqve_port: 10000
    qvisqve_url: "https://{{ qvisqve_domain }}"

    controller_domain: 127.0.0.1
    controller_port: 12765
    controller_url: "https://{{ controller_domain }}"

    artifact_store_domain: 127.0.0.1
    artifact_store_port: 12766
    artifact_store_url: "https://{{ artifact_store_domain }}"

    apt_domain: 127.0.0.1

    notify_domain: 127.0.0.1
    notify_url: "https://{{ notify_domain }}/notify"
    notify_port: 12767

    smtp_server: pieni.net
    smtp_port: 587
    smtp_user: pienirelay
    smtp_password: "{{ lookup('pipe', 'pass show pieni.net/pienirelay') }}"

    unix_users:
      - username: _ickwm
        sudo: yes
        ssh_key: "{{ wm_ssh_key }}"
        ssh_key_pub: "{{ wm_ssh_key_pub }}"

    apt_uploader_ssh_public_keys:
      - "{{ wm_ssh_key_pub }}"
    apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}"
    apt_signing_key_pub: "{{ lookup('pipe', 'pass show ick2/apt_key.pub') }}"
    apt_signing_key_fingerprint: |
      {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --with-colons | grep "^fpr:" | cut -d: -f10') }}
    apt_admin_email: liw@liw.fi
    apt_distributions:
      - codename: stretch
        description: Release packages for stretch
      - codename: stretch-ci
        description: CI builds for stretch
      - codename: unstable
        description: Release packages for unstable
      - codename: unstable-ci
        description: CI builds for unstable
      - codename: liw-ci
        description: CI builds for unstable from liw

    sources_lists:
      - repo: "deb http://code.liw.fi/debian stretch main"
        keyring_package: code.liw.fi-keyring
        signing_key: "{{ code_liw_fi_signing_key }}"
      - repo: "deb http://ci-prod-apt.vm.liw.fi/debian liw-ci main"
        signing_key: "{{ ci_prod_apt_signing_key }}"