Skip to content
GitLab
Verified Commit 60b990e7 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Update the 2020-06-29 release with rebuilderd integration

parent d69a1ec5
Hide whitespace changes
Inline Side-by-side
roles/archweb/defaults/main.yml
View file @ 60b990e7
......@@ -13,7 +13,7 @@ archweb_domains_templates:
archweb_allowed_hosts: ["{{ archweb_domain }}", 'ipxe.archlinux.org']
archweb_nginx_conf: '/etc/nginx/nginx.d/archweb.conf'
archweb_repository: 'https://github.com/archlinux/archweb.git'
archweb_version: release_2020-06-05
archweb_version: release_2020-06-29
archweb_pgp_key: ['E499C79F53C96A54E572FEE1C06086337C50773E']
archweb_site: true
archweb_mirrorcheck: false
......
roles/archweb/tasks/main.yml
View file @ 60b990e7
......@@ -177,6 +177,18 @@
- daemon reload
when: archweb_planet
- name: install rebuilderd status service
template: src="archweb-rebuilderd.service.j2" dest="/etc/systemd/system/archweb-rebuilderd.service" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_site
- name: install rebulderd timer
template: src="archweb-rebuilderd.timer.j2" dest="/etc/systemd/system/archweb-rebuilderd.timer" owner=root group=root mode=0644
notify:
- daemon reload
when: archweb_site
- name: install pgp_import service
template: src="archweb-pgp_import.service.j2" dest="/etc/systemd/system/archweb-pgp_import.service" owner=root group=root mode=0644
notify:
......@@ -292,6 +304,10 @@
service: name="archweb-planet.timer" enabled=yes state=started
when: archweb_planet
- name: start and enable archweb rebulderd update timer
service: name="archweb-rebuilderd.timer" enabled=yes state=started
when: archweb_site
- name: start and enable archweb donor_import and archweb-dump_donor_mail timer
systemd:
name: "{{ item }}"
......
roles/archweb/templates/archweb-rebuilderd.service.j2 0 → 100644
View file @ 60b990e7
[Unit]
Description=archweb update rebuilderd status service
After=network.target
[Service]
Type=oneshot
User=archweb
WorkingDirectory={{ archweb_dir }}
ExecStart={{ archweb_dir }}/env/bin/python manage.py read_reproducible_status -v3
ProtectSystem=full
PrivateTmp=true
PrivateDevices=true
ProtectHostname=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectKernelLogs=true
ProtectControlGroups=true
NoNewPrivileges=true
RestrictRealtime=true
# Unable to enable due to https://cffi.readthedocs.io/en/latest/using.html#callbacks
#MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target
roles/archweb/templates/archweb-rebuilderd.timer.j2 0 → 100644
View file @ 60b990e7
[Unit]
Description=archweb rebuilderd timer
[Timer]
OnUnitActiveSec=60m
OnBootSec=15min
RandomizedDelaySec=1min
[Install]
WantedBy=timers.target
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment