main.yml 13.5 KB
Newer Older
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
1
2
---

3
- name: install svn, git, rsync and some perl stuff
4
  pacman: name=git,subversion,rsync,perl-dbd-pg,perl-timedate,diffstat state=present
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
5

6
7
8
- name: install sourceballs requirements (makepkg download dependencies)
  pacman: name=git,subversion,mercurial,breezy state=present

9
10
11
- name: install binutils for createlinks script
  pacman: name=binutils state=present

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
12
- name: create dbscripts users
13
  user: name="{{ item }}" shell=/bin/bash
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
14
15
16
  with_items:
    - svn-packages
    - svn-community
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
17
18
19

- name: add cleanup user
  user: name=cleanup groups=tu,dev,multilib shell=/sbin/nologin
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
20

21
22
23
- name: add sourceballs user
  user: name=sourceballs shell=/sbin/nologin

24
- name: set up sudoers.d for special users
25
  copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600
26

27
- name: create ssl cert
28
29
30
  include_role:
    name: certificate
  vars:
31
    domains: ["{{ repos_domain }}", "{{ repos_rsync_domain }}"]
32

33
34
35
- name: make nginx log dir
  file: path=/var/log/nginx/{{ repos_domain }} state=directory owner=root group=root mode=0755

36
- name: set up nginx
37
  template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=0644
38
  notify:
39
    - reload nginx
40
41
  tags:
    - nginx
42
43

- name: put dbscripts.htpasswd in place
44
  copy: src=dbscripts.htpasswd dest=/etc/nginx/auth/dbscripts.htpasswd owner=root group=http mode=0640
45
46
  tags:
    - nginx
47

48
49
50
51
52
- name: create Arch Linux-specific users
  user:
    name: "{{ item.key }}"
    group: users
    groups: "{{ item.value.groups | join(',') }}"
53
    comment: "{{ item.value.name }}"
54
55
56
    state: present
  with_dict: "{{ arch_users }}"

57
58
59
- name: create .ssh directory
  file: path=/home/svn-packages/.ssh state=directory owner=svn-packages group=svn-packages mode=0700

60
- name: configure ssh keys for devs
61
62
63
64
  template: src=authorized_keys-group.j2 dest=/home/svn-packages/.ssh/authorized_keys owner=svn-packages group=svn-packages mode=600
  vars:
    pubkey_groups: ['dev']
  tags: ['archusers']
65

66
67
68
- name: create .ssh directory
  file: path=/home/svn-community/.ssh state=directory owner=svn-community group=svn-community mode=0700

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
69
- name: configure ssh keys for TUs
70
71
72
73
  template: src=authorized_keys-group.j2 dest=/home/svn-community/.ssh/authorized_keys owner=svn-community group=svn-community mode=600
  vars:
    pubkey_groups: ['tu']
  tags: ['archusers']
74

75
- name: create staging directories in user homes
76
77
  dbscripts_mkdirs:
    pathtmpl: '/home/{user}/staging/{dirname}'
78
    permissions: '755'
Kristian Klausen's avatar
Kristian Klausen committed
79
    directories: ['', 'core', 'extra', 'testing', 'staging', 'community', 'community-staging', 'community-testing', 'multilib', 'multilib-staging', 'multilib-testing']
80
    users: "{{ arch_users.keys() | list }}"
81
    group: users
82
  tags: ["archusers"]
83

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
84
- name: create dbscripts paths
85
  file: path="{{ item }}" state=directory owner=root group=root mode=0755
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
86
87
88
89
  with_items:
    - /srv/repos/svn-community
    - /srv/repos/svn-packages

90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
- name: create svn-community/package-cleanup directory
  file: path="/srv/repos/svn-community/package-cleanup" state=directory owner=svn-community group=tu mode=0775
- name: add acl user:cleanup:rwx to /srv/repos/svn-community/package-cleanup
  acl: name=/srv/repos/svn-community/package-cleanup entry="user:cleanup:rwx" state=present
- name: add acl default:user::rwx to /srv/repos/svn-community/package-cleanup
  acl: name=/srv/repos/svn-community/package-cleanup entry="default:user::rwx" state=present
- name: add acl default:user:cleanup:rwx to /srv/repos/svn-community/package-cleanup
  acl: name=/srv/repos/svn-community/package-cleanup entry="default:user:cleanup:rwx" state=present
- name: add acl default:group::rwx to /srv/repos/svn-community/package-cleanup
  acl: name=/srv/repos/svn-community/package-cleanup entry="default:group::rwx" state=present
- name: add acl default:other::r-x to /srv/repos/svn-community/package-cleanup
  acl: name=/srv/repos/svn-community/package-cleanup entry="default:other::r-x" state=present

- name: create svn-packages/package-cleanup directory
  file: path="/srv/repos/svn-packages/package-cleanup" state=directory owner=svn-packages group=dev mode=0775
- name: add acl user:cleanup:rwx to /srv/repos/svn-packages/package-cleanup
  acl: name=/srv/repos/svn-packages/package-cleanup entry="user:cleanup:rwx" state=present
- name: add acl default:user::rwx to /srv/repos/svn-packages/package-cleanup
  acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user::rwx" state=present
- name: add acl default:user:cleanup:rwx to /srv/repos/svn-packages/package-cleanup
  acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
- name: add acl default:group::rwx to /srv/repos/svn-packages/package-cleanup
  acl: name=/srv/repos/svn-packages/package-cleanup entry="default:group::rwx" state=present
- name: add acl default:other::r-x to /srv/repos/svn-packages/package-cleanup
  acl: name=/srv/repos/svn-packages/package-cleanup entry="default:other::r-x" state=present

- name: create svn-community/source-cleanup directory
  file: path="/srv/repos/svn-community/source-cleanup" state=directory owner=sourceballs group=svn-community mode=0755
- name: create svn-packages/source-cleanup directory
  file: path="/srv/repos/svn-packages/source-cleanup" state=directory owner=sourceballs group=svn-packages mode=0755

- name: create svn-community/svn directory
  file: path="/srv/repos/svn-community/svn" state=directory owner=svn-community group=svn-community mode=0755
- name: add acl default:user::rwx to /srv/repos/svn-community/svn
  acl: name=/srv/repos/svn-community/svn entry="default:user::rwx" state=present
- name: add acl default:group::r-x to /srv/repos/svn-community/svn
  acl: name=/srv/repos/svn-community/svn entry="default:group::r-x" state=present
- name: add acl default:other::r-x to /srv/repos/svn-community/svn
  acl: name=/srv/repos/svn-community/svn entry="default:other::r-x" state=present

- name: create svn-packages/svn directory
  file: path="/srv/repos/svn-packages/svn" state=directory owner=svn-packages group=svn-packages mode=0755
- name: add acl default:user::rwx to /srv/repos/svn-packages/svn
  acl: name=/srv/repos/svn-packages/svn entry="default:user::rwx" state=present
- name: add acl default:group::r-x to /srv/repos/svn-packages/svn
  acl: name=/srv/repos/svn-packages/svn entry="default:group::r-x" state=present
- name: add acl default:other::r-x to /srv/repos/svn-packages/svn
  acl: name=/srv/repos/svn-packages/svn entry="default:other::r-x" state=present

- name: create svn-community/tmp directory
  file: path="/srv/repos/svn-community/tmp" state=directory owner=svn-community group=tu mode=1775
- name: add acl user:sourceballs:rwx to /srv/repos/svn-community/tmp
  acl: name=/srv/repos/svn-community/tmp entry="user:sourceballs:rwx" state=present

- name: create svn-packages/tmp directory
  file: path="/srv/repos/svn-packages/tmp" state=directory owner=svn-packages group=dev mode=1775
- name: add acl user:sourceballs:rwx to /srv/repos/svn-packages/tmp
  acl: name=/srv/repos/svn-packages/tmp entry="user:sourceballs:rwx" state=present

- name: touch /srv/ftp/lastsync file
  file: path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644

- name: touch /srv/ftp/lastupdate file
  file: path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644
- name: add acl group:tu:rw- to /srv/ftp/lastupdate
  acl: name=/srv/ftp/lastupdate entry="group:tu:rw-" state=present
- name: add acl group:dev:rw- to /srv/ftp/lastupdate
  acl: name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present
158

159
160
161
162
163
164
- name: fetch dbscripts PGP key
  command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }}
  with_items: '{{ dbscripts_pgp_emails }}'
  register: gpg
  changed_when: "gpg.rc == 0"

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
165
- name: clone dbscripts git repo
166
167
  git: >
    dest=/srv/repos/{{ item }}/dbscripts
168
    repo=https://github.com/archlinux/dbscripts.git
169
    version={{ dbscripts_commit }} update={{ dbscripts_update }}
170
    verify_commit=yes
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
171
172
173
174
175
  with_items:
    - svn-community
    - svn-packages

- name: make /srv/svn
176
  file: path=/srv/svn state=directory owner=root group=root mode=0755
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
177
178

- name: symlink /srv/svn/community to /srv/repos/svn-community/svn
179
  file: path=/srv/svn/community src=/srv/repos/svn-community/svn state=link owner=root group=root mode=0755
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
180
181

- name: symlink /srv/svn/packages to /srv/repos/svn-packages/svn
182
  file: path=/srv/svn/packages src=/srv/repos/svn-packages/svn state=link owner=root group=root mode=0755
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
183
184

- name: symlink /community to /srv/repos/svn-community/dbscripts
185
  file: path=/community src=/srv/repos/svn-community/dbscripts state=link owner=root group=root mode=0755
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
186
187

- name: symlink /packages to /srv/repos/svn-packages/dbscripts
188
  file: path=/packages src=/srv/repos/svn-packages/dbscripts state=link owner=root group=root mode=0755
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
189

190
- name: put rsyncd.conf into tmpfiles
191
  copy: src=rsyncd-tmpfiles.d dest=/etc/tmpfiles.d/rsyncd.conf owner=root group=root mode=0644
192
193
194
195
196
197
  register: rsyncdtmpfiles

- name: use tmpfiles.d/rsyncd.conf
  command: systemd-tmpfiles --create
  when: rsyncdtmpfiles.changed

198
- name: create rsyncd-conf-genscripts
199
  file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=0700
200
201

- name: install rsync.conf.proto
202
  template: src=rsyncd.conf.proto.j2 dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=0644
203
204

- name: configure gen_rsyncd.conf.pl
205
  template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=0700
206
  no_log: true
207
208
209

- name: generate mirror config
  command: /etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl
210
211
  register: gen_rsyncd
  changed_when: "gen_rsyncd.rc == 0"
212

Florian Pritz's avatar
Florian Pritz committed
213
- name: install svnlog
214
  copy: src=svnlog dest=/usr/local/bin/svnlog owner=root group=root mode=0755
Florian Pritz's avatar
Florian Pritz committed
215

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
216
217
218
219
220
- name: add arch-svntogit user
  user: name=svntogit shell=/sbin/nologin home=/srv/svntogit generate_ssh_key=yes ssh_key_bits=4096

- name: configure svntogit git user name
  command: git config --global user.name = 'svntogit'
Kristian Klausen's avatar
Kristian Klausen committed
221
  become: true
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
222
  become_user: svntogit
223
224
  register: git_config_username
  changed_when: "git_config_username.rc == 0"
225
  tags:
Kristian Klausen's avatar
Kristian Klausen committed
226
    - skip_ansible_lint
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
227
228
229

- name: configure svntogit git user email
  command: git config --global user.name = 'svntogit@repos.archlinux.org'
Kristian Klausen's avatar
Kristian Klausen committed
230
  become: true
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
231
  become_user: svntogit
232
233
  register: git_config_email
  changed_when: "git_config_email.rc == 0"
234
  tags:
Kristian Klausen's avatar
Kristian Klausen committed
235
    - skip_ansible_lint
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
236
237

- name: template arch-svntogit
238
  copy: src=update-repos.sh dest=/srv/svntogit/update-repos.sh owner=root group=root mode=0755
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
239
240
241
242
243
244
245
246
247

- name: create svntogit repos subdir
  file: path="/srv/svntogit/repos" state=directory owner=svntogit group=svntogit mode=0775

- name: clone git-svn repos
  command: git svn clone file:///srv/repos/svn-{{ item }}/svn /srv/svntogit/repos/{{ item }} creates=/srv/svntogit/repos/{{ item }}
  with_items:
    - community
    - packages
Kristian Klausen's avatar
Kristian Klausen committed
248
  become: true
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
249
  become_user: svntogit
250
  tags:
Kristian Klausen's avatar
Kristian Klausen committed
251
    - skip_ansible_lint
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
252
253

- name: add svntogit public remotes
254
  command: git remote add public git@github.com:archlinux/svntogit-{{ item }}.git chdir=/srv/svntogit/repos/{{ item }}
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
255
256
257
  with_items:
    - community
    - packages
Kristian Klausen's avatar
Kristian Klausen committed
258
  become: true
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
259
  become_user: svntogit
Kristian Klausen's avatar
Kristian Klausen committed
260
  ignore_errors: true
261
262
  register: git_public_remote
  changed_when: "git_public_remote.rc == 0"
263
  tags:
Kristian Klausen's avatar
Kristian Klausen committed
264
    - skip_ansible_lint
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
265

Kristian Klausen's avatar
Kristian Klausen committed
266
# The following command also serves as a way to get the data the first time the repo is set up
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
267
268
269
270
271
- name: configure svntogit pull upstream branch
  command: git pull public master chdir=/srv/svntogit/repos/{{ item }}
  with_items:
    - community
    - packages
Kristian Klausen's avatar
Kristian Klausen committed
272
  become: true
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
273
  become_user: svntogit
274
275
  register: git_pull_upstream
  changed_when: "git_pull_upstream.rc == 0"
276
  tags:
Kristian Klausen's avatar
Kristian Klausen committed
277
    - skip_ansible_lint
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
278
279
280
281
282
283

- name: configure svntogit push upstream branch
  command: git push -u public master chdir=/srv/svntogit/repos/{{ item }}
  with_items:
    - community
    - packages
Kristian Klausen's avatar
Kristian Klausen committed
284
  become: true
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
285
  become_user: svntogit
286
287
  register: git_push_master
  changed_when: "git_push_master.rc == 0"
288
  tags:
Kristian Klausen's avatar
Kristian Klausen committed
289
    - skip_ansible_lint
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
290
291
292
293

- name: fix svntogit home permissions
  file: path="/srv/svntogit" state=directory owner=svntogit group=svntogit mode=0775

294
- name: install repo helpers
295
  copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
296
297
298
299
  with_items:
    - lsrepo
    - checklib32

300
301
302
- name: install createlinks script
  copy: src=createlinks dest=/usr/local/bin/createlinks owner=root group=root mode=0755

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
303
- name: start and enable rsync
304
305
  service: name=rsyncd.socket enabled=yes state=started

306
- name: open firewall holes for rsync
307
  ansible.posix.firewalld: service=rsyncd permanent=true state=enabled immediate=yes
Florian Pritz's avatar
Florian Pritz committed
308
  when: configure_firewall
309
310
  tags:
    - firewall
311

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
312
- name: configure svnserve
313
  copy: dest=/etc/conf.d/svnserve owner=root group=root mode=0644 content="SVNSERVE_ARGS=-R -r /srv/svn\n"
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
314
315
316
317

- name: start and enable svnserve
  service: name=svnserve enabled=yes state=started

318
- name: open firewall holes for svnserve
319
  ansible.posix.firewalld: port=3690/tcp permanent=true state=enabled immediate=yes
Florian Pritz's avatar
Florian Pritz committed
320
  when: configure_firewall
321
322
  tags:
    - firewall
323

Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
324
- name: install systemd timers
325
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
326
327
328
329
330
331
332
  with_items:
    - cleanup.timer
    - cleanup.service
    - sourceballs.timer
    - sourceballs.service
    - lastsync.timer
    - lastsync.service
333
334
    - gen_rsyncd.timer
    - gen_rsyncd.service
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
335
336
    - arch-svntogit.timer
    - arch-svntogit.service
337
338
    - createlinks.timer
    - createlinks.service
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
339
340
  notify:
    - daemon reload
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
341

342
- name: activate systemd timers
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
343
344
345
346
347
  service: name={{ item }} enabled=yes state=started
  with_items:
    - cleanup.timer
    - sourceballs.timer
    - lastsync.timer
348
    - gen_rsyncd.timer
Sven-Hendrik Haase's avatar
Sven-Hendrik Haase committed
349
    - arch-svntogit.timer
350
    - createlinks.timer