reprobuilds: add reproducible build playbook

Add a playbook for our reproducible builds workers. Set's up a sudo user so that an admin of the reproducible builds project can configure the worker.

reprobuilds: add reproducible build playbook
Add a playbook for our reproducible builds workers. Set's up a sudo user so that an admin of the reproducible builds project can configure the worker.
f2aa4f13 · Jelle van der Waa · 99f72cde · f2aa4f13 · f2aa4f13 · f2aa4f13
Commit f2aa4f13 authored Nov 24, 2018 by Jelle van der Waa 🚧
--- a/group_vars/reproducible-builds.yml
+++ b/group_vars/reproducible-builds.yml
@@ -2,3 +2,15 @@

 zabbix_agent_templates:
  - Template OS Linux
+
+repro_users:
+  holger:
+    name: "Holger Levsen"
+    ssh_key: holger.pub
+    groups:
+      - wheel
+  maprepi:
+    name: "Mattia Rizzolo"
+    ssh_key: maprepi.pub
+    groups:
+      - wheel
--- a/playbooks/reprobuilds.yml
+++ b/playbooks/reprobuilds.yml
+---
+- name: common playbook for reproducible build workers
+  hosts: reproducible-builds
+  remote_user: root
+  roles:
+    - { role: sudo }
+    - { role: reprobuilds }
--- a/roles/reprobuilds/files/holger.pub
+++ b/roles/reprobuilds/files/holger.pub
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArOaT7YSol/2O0jums0gui3aaycWk8sGz1taDwtQ+UTWzVh0Xn2DGUmBMGvmUVwqY0c7mRI/hOD2BDgvuLv0OQ6guZCLEHnAD4x/bsNucEzSQVEgTywuhans5PxfAGmGWk/thsNcqAE7JjFWGNNR6nj+ZmG299SieNW1wgxCWyQaiju/996yj6YKRN9aT1crNZA+sWi4z51XjPgbX2b55NLWrgmqBX4iSD6bV3nV6LEWXlTZzxUAqJotTD3PF3PWLi5h8kQhAOvT3cG6EkkAQV0TOcZam36x5cPbBek0iDNNQXv1w4fHN6f9qQ2/R5NdF06H91aSmxY7/OZ0XKgYKdw== holgi@matrix
--- a/roles/reprobuilds/files/maprepi.pub
+++ b/roles/reprobuilds/files/maprepi.pub
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC4Zra0f7cwrWmrIDzyhFupShU91/kUZNBLc449vBnGyY51p8/6/yGLwAJfhsrj57b/qy7Z13CwrxO8bxuAYEv3cXADyTVPHa+LuAu7tj5vjmT61/EB2og8qckNotn6MpNT7NvA6mEOtdhcp2shljWoQYhj/fz/tdonNC67z7f8WrIP5DFalNNluy1YSt08NZI+PnsLyAsaKJnD3VlRhMVMBl0txX9o4qbAieDvdZ665ZiRYZlprY9gdXFCSSLlP/rGOYuRt0BRnH+YRddgkvMZLlR3Eh/O0KQipIO/ndl2WxU6ch6Rp9IyMLIsn9rwhlFZE/m4I9b0ejtCetuLh8t8g7ODBzmp3/LekXgo9qu47ov3Jgz3mGFWThV3/As+fKxg+chPvxif1f7tY8VtR+Ug3ma3uVDwa4dnP6q+QKhLkz/ejA/3uvJ65fivBZA351jtlzwOEqcfQouz2fX95yFPLa2QAUCZIgm9zhRffdulvJAhPgLfW3RkXJfU2xAknNV7OOxXsH6kXC9Xv7K8f6cGut1ls4SVvaCHLFrnyI/5B9TmZWPTm577JdjFrT2e0dFmua7wEwT89liJtPil9LZa2M46KKMX+7mp6JAypiKpT9FQbvJ6+yFz6tcwwlEMVeDfJtaQPcapC6mMbPEiirdcq4wrA5ruz4TLGrf2r+Bj9w== mattia@4B043FCDB9444540
--- a/roles/reprobuilds/tasks/main.yml
+++ b/roles/reprobuilds/tasks/main.yml
+---
+
+- name: create reproducible build user
+  user:
+    name: "{{ item.key }}"
+    group: users
+    groups: "{{ item.value.groups | join(',') }}"
+    comment: "{{ item.value.name}}"
+    state: present
+  with_dict: "{{ repro_users }}"
+
+- name: configure ssh keys
+  authorized_key:
+    user: "{{ item.key }}"
+    key: "{{ lookup('file', '../roles/reprobuilds/files/' + item.value.ssh_key) }}"
+    manage_dir: yes
+    state: present
+    exclusive: yes
+  when: item.value.ssh_key is defined
+  with_dict: "{{ repro_users }}"