--- - name: Get secrets ansible.builtin.set_fact: srht_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/srht') }}" - name: Get gpg secrets ansible.builtin.set_fact: gpg_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/srht-gpg') }}" - name: Get minio secrets ansible.builtin.set_fact: minio_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/minio') }}" - name: Get email secrets ansible.builtin.set_fact: email_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/email') }}" - name: install srht packages community.general.pacman: name: "{{ srht_packages }}" state: present - name: create srht config path ansible.builtin.file: path: /etc/sr.ht state: directory owner: root group: root mode: 0755 - name: configure srht ansible.builtin.template: src: config.ini.j2 dest: /etc/sr.ht/config.ini owner: root group: root mode: 0644 notify: restart srht - name: Deposit GPG private key ansible.builtin.template: src: sourcehut.priv.j2 dest: /etc/sr.ht/sourcehut.priv owner: root group: root mode: 0644 - name: Deposit GPG public key ansible.builtin.template: src: sourcehut.pub.j2 dest: /etc/sr.ht/sourcehut.pub owner: root group: root mode: 0644 - name: create systemd unit override path for git ansible.builtin.file: path: "/etc/systemd/system/{{ item }}.d" state: directory owner: root group: root mode: 0755 with_items: - git.sr.ht.service - git.sr.ht-api.service - git.sr.ht-webhooks.service - git.sr.ht-periodic.service - name: install systemd unit override file ansible.builtin.copy: src: override.conf dest: "/etc/systemd/system/{{ item }}.d/override.conf" owner: root group: root mode: 0644 with_items: - git.sr.ht.service - git.sr.ht-api.service - git.sr.ht-webhooks.service - git.sr.ht-periodic.service - name: Create db user community.general.postgresql_user: name: srht password: "{{ srht_secrets['psql_password'] }}" become: true become_user: postgres no_log: true - name: Create meta db community.general.postgresql_db: db: srht-meta owner: srht become: true become_user: postgres notify: Init srht-meta - name: Create builds db community.general.postgresql_db: db: srht-builds owner: srht become: true become_user: postgres notify: Init srht-builds - name: Create git db community.general.postgresql_db: db: srht-git owner: srht become: true become_user: postgres notify: Init srht-git - name: Create hub db community.general.postgresql_db: db: srht-hub owner: srht become: true become_user: postgres notify: Init srht-hub - name: Create lists db community.general.postgresql_db: db: srht-lists owner: srht become: true become_user: postgres notify: Init srht-lists - name: Create man db community.general.postgresql_db: db: srht-man owner: srht become: true become_user: postgres notify: Init srht-man - name: Create paste db community.general.postgresql_db: db: srht-paste owner: srht become: true become_user: postgres notify: Init srht-paste - name: Create todo db community.general.postgresql_db: db: srht-todo owner: srht become: true become_user: postgres notify: Init srht-todo - name: Build qemu docker image community.docker.docker_image: build: path: /var/lib/images dockerfile: qemu/Dockerfile name: qemu source: build notify: Prune images - name: start and enable srht services ansible.builtin.systemd: name: "{{ item }}" enabled: true state: started daemon_reload: true with_items: "{{ srht_services }}" - name: add archlinux rebuild cronjob ansible.builtin.cron: name: arch rebuild state: present user: root job: 'chronic /usr/bin/builds.sr.ht/submit_image_build -n "Arch rebuild" -u "https://builds.xenrox.net" -p "/var/lib/images/builds" archlinux' hour: "9" minute: "0" - name: add alpine rebuild cronjob ansible.builtin.cron: name: alpine rebuild state: present user: root job: 'chronic /usr/bin/builds.sr.ht/submit_image_build -n "Alpine rebuild" -u "https://builds.xenrox.net" -p "/var/lib/images/builds" alpine/edge' hour: "9" minute: "30" - name: copy nginx conf ansible.builtin.copy: src: "{{ item }}" dest: /etc/nginx/nginx.d owner: root group: root mode: 0644 with_fileglob: - files/nginx/* notify: - restart nginx - name: Install nginx runenr conf ansible.builtin.template: src: runner.conf.j2 dest: /etc/nginx/nginx.d/runner.conf owner: root group: root mode: 0644 notify: restart nginx - name: Copy nginx snippets ansible.builtin.copy: src: "{{ item }}" dest: /etc/nginx/snippets owner: root group: root mode: 0755 with_items: - graphql.conf - srht.conf - srht_robots.txt - srht_web.conf notify: restart nginx - name: copy api key ansible.builtin.template: src: image-refresh-token.j2 dest: /etc/sr.ht/image-refresh-token owner: root group: root mode: 0644 - name: setup image build files ansible.builtin.git: repo: https://git.xenrox.net/~xenrox/builds dest: /var/lib/images/builds version: master - name: add deploy user to buildsrht group ansible.builtin.user: name: deploy append: true groups: buildsrht - name: Set image dir permissions ansible.builtin.file: path: "{{ item }}" state: directory owner: buildsrht group: buildsrht mode: 0775 with_items: - /var/lib/images/archlinux - /var/lib/images/alpine/edge - name: Create runner log dir ansible.builtin.file: path: /var/log/srht-runner state: directory owner: runner group: runner mode: 0755 - name: Create git repo dir ansible.builtin.file: path: /var/lib/git state: directory owner: git group: git mode: 0755 - name: Set git user shell ansible.builtin.user: name: git shell: /bin/bash - name: Set logs owner to git ansible.builtin.file: path: /var/log/{{ item }} owner: gitsrht group: gitsrht mode: 0666 with_items: - gitsrht-dispatch - gitsrht-keys - gitsrht-shell - gitsrht-update-hook - name: Install fcgiwrap community.general.pacman: name: fcgiwrap state: present - name: Enable and start fcgiwrap ansible.builtin.systemd: name: fcgiwrap.socket enabled: true state: started # For SSH access - name: Create builds user ansible.builtin.user: name: builds shell: /usr/bin/bash