main.yml 1.89 KB
Newer Older
Morten Linderud's avatar
Morten Linderud committed
1
2
3
4
5
6
7
8
9
---
- name: install debuginfod
  pacman: name=debuginfod state=present

- name: create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ debuginfod_domain }}"]
10
    challenge: "{{ 'DNS-01' if 'geo_mirrors' in group_names else 'HTTP-01' }}"
Morten Linderud's avatar
Morten Linderud committed
11
12
13
14
15
16
17
  when: debuginfod_domain

- name: configure debuginfod systemd service
  template: src=debuginfod.service.j2 dest=/usr/lib/systemd/system/debuginfod.service owner=root group=root mode=0644
  vars:
    debuginfod_package_path: "{{ debuginfod_package_paths | join(' ') }}"
  notify:
18
    - restart debuginfod
Morten Linderud's avatar
Morten Linderud committed
19

20
21
22
- name: create http directory for debuginfod website files
  file: path=/srv/http/debuginfod state=directory owner=root group=root mode=0755

23
24
25
26
27
28
- name: install website files
  copy: src={{ item }} dest=/srv/http/debuginfod/{{ item }} owner=root group=root mode=0644
  loop:
    - archlinux.png
    - index.html

29
30
31
32
33
34
35
- name: install packagelist units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  loop:
    - packagelist.timer
    - packagelist.service

- name: start and enable packagelist.timer
36
  service: name=packagelist.timer enabled=yes daemon_reload=yes state=started
37

Morten Linderud's avatar
Morten Linderud committed
38
39
40
41
42
43
44
45
46
47
- name: make nginx log dir
  file: path=/var/log/nginx/{{ debuginfod_domain }} state=directory owner=root group=root mode=0755

- name: set up nginx
  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/debuginfod.conf owner=root group=root mode=0644
  notify:
    - reload nginx
  when: debuginfod_domain
  tags: ['nginx']

48
49
50
51
52
53
- name: open debuginfod ipv4 port for monitoring.archlinux.org
  ansible.posix.firewalld: zone=wireguard state=enabled permanent=true immediate=yes
    rich_rule="rule family=ipv4 source address={{ hostvars['monitoring.archlinux.org']['wireguard_address'] }} port protocol=tcp port=8002 accept"
  tags:
    - firewall

Morten Linderud's avatar
Morten Linderud committed
54
- name: start and enable debuginfod
55
  service: name=debuginfod enabled=yes daemon_reload=yes state=started