infrastructure/roles/dbscripts/tasks/main.yml

---

- name: install svn, git, rsync and some perl stuff
  pacman: name=git,subversion,rsync,perl-dbd-pg,perl-timedate,diffstat state=present

- name: create dbscripts users
  user: name="{{ item }}" shell=/bin/bash
  with_items:
    - svn-packages
    - svn-community

- name: add cleanup user
  user: name=cleanup groups=tu,dev,multilib shell=/sbin/nologin

- name: add sourceballs user
  user: name=sourceballs shell=/sbin/nologin

- name: set up sudoers.d for special users
  copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=600

- name: create Arch Linux-specific users
  user:
    name: "{{ item.key }}"
    group: users
    groups: "{{ item.value.groups | join(',') }}"
    comment: "{{ item.value.name}}"
    state: present
  with_dict: "{{ arch_users }}"

- name: gather all pubkeys of all users
  set_fact: pubkeys_per_user="{{ lookup('file', '../pubkeys/' + item.value.ssh_key).split('\n') }}"
  register: pubkeys
  with_dict: "{{ arch_users }}"

- name: gather pubkeys for all devs
  set_fact: dev_pubkeys_svn="{% for key in item.ansible_facts.pubkeys_per_user if 'dev' in item.item.value.groups and 'command' not in key %}{{ 'command=\"/usr/bin/svnserve --tunnel-user=' + item.item.key + ' -t\",no-port-forwarding,no-agent-forwarding,no-pty ' + key + '\n' }}{% endfor %}"
  register: dev_pubkeys_svn_reg
  with_items: "{{ pubkeys.results }}"

- name: join all dev pubkeys into a big string
  set_fact: dev_pubkeys_string="{% for result in dev_pubkeys_svn_reg.results %}{{ result.ansible_facts.dev_pubkeys_svn }}{% endfor %}"

- name: gather pubkeys for all TUs
  set_fact: tu_pubkeys_svn="{% for key in item.ansible_facts.pubkeys_per_user if 'tu' in item.item.value.groups and 'command' not in key %}{{ 'command=\"/usr/bin/svnserve --tunnel-user=' + item.item.key + ' -t\",no-port-forwarding,no-agent-forwarding,no-pty ' + key + '\n' }}{% endfor %}"
  register: tu_pubkeys_svn_reg
  with_items: "{{ pubkeys.results }}"

- name: join all tu pubkeys into a big string
  set_fact: tu_pubkeys_string="{% for result in tu_pubkeys_svn_reg.results %}{{ result.ansible_facts.tu_pubkeys_svn }}{% endfor %}"

- name: configure ssh keys for devs
  authorized_key:
    user: svn-packages
    key: "{{ dev_pubkeys_string }}"
    manage_dir: yes
    state: present
    exclusive: yes

- name: configure ssh keys for TUs
  authorized_key:
    user: svn-community
    key: "{{ tu_pubkeys_string }}"
    manage_dir: yes
    state: present
    exclusive: yes

- name: create dbscripts paths
  file: path="{{ item }}" state=directory
  with_items:
    - /srv/repos/svn-community
    - /srv/repos/svn-packages

- file: path="/srv/repos/svn-community/package-cleanup" state=directory owner=svn-community group=tu mode=0775
- acl: name=/srv/repos/svn-community/package-cleanup entry="user:cleanup:rwx" state=present
- acl: name=/srv/repos/svn-community/package-cleanup entry="default:user::rwx" state=present
- acl: name=/srv/repos/svn-community/package-cleanup entry="default:user:cleanup:rwx" state=present
- acl: name=/srv/repos/svn-community/package-cleanup entry="default:group::rwx" state=present
- acl: name=/srv/repos/svn-community/package-cleanup entry="default:other::r-x" state=present

- file: path="/srv/repos/svn-packages/package-cleanup" state=directory owner=svn-packages group=dev mode=0775
- acl: name=/srv/repos/svn-packages/package-cleanup entry="user:cleanup:rwx" state=present
- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user::rwx" state=present
- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:group::rwx" state=present
- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:other::r-x" state=present

- file: path="/srv/repos/svn-community/source-cleanup" state=directory owner=sourceballs group=svn-community mode=0755
- file: path="/srv/repos/svn-packages/source-cleanup" state=directory owner=sourceballs group=svn-packages mode=0755

- file: path="/srv/repos/svn-community/svn" state=directory owner=svn-community group=svn-community mode=0755
- acl: name=/srv/repos/svn-community/svn entry="default:user::rwx" state=present
- acl: name=/srv/repos/svn-community/svn entry="default:group::r-x" state=present
- acl: name=/srv/repos/svn-community/svn entry="default:other::r-x" state=present

- file: path="/srv/repos/svn-packages/svn" state=directory owner=svn-packages group=svn-packages mode=0755
- acl: name=/srv/repos/svn-packages/svn entry="default:user::rwx" state=present
- acl: name=/srv/repos/svn-packages/svn entry="default:group::r-x" state=present
- acl: name=/srv/repos/svn-packages/svn entry="default:other::r-x" state=present

- file: path="/srv/repos/svn-community/tmp" state=directory owner=svn-community group=tu mode=1775
- acl: name=/srv/repos/svn-community/tmp entry="user:sourceballs:rwx" state=present

- file: path="/srv/repos/svn-packages/tmp" state=directory owner=svn-packages group=dev mode=1775
- acl: name=/srv/repos/svn-packages/tmp entry="user:sourceballs:rwx" state=present

- file: path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644

- file: path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644
- acl: name=/srv/ftp/lastupdate entry="group:tu:rw-" state=present
- acl: name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present

- name: clone dbscripts git repo
  git: dest=/srv/repos/{{ item }}/dbscripts repo=https://git.archlinux.org/dbscripts.git
  with_items:
    - svn-community
    - svn-packages

- name: make /srv/svn
  file: path=/srv/svn state=directory

- name: symlink /srv/svn/community to /srv/repos/svn-community/svn
  file: path=/srv/svn/community src=/srv/repos/svn-community/svn state=link

- name: symlink /srv/svn/packages to /srv/repos/svn-packages/svn
  file: path=/srv/svn/packages src=/srv/repos/svn-packages/svn state=link

- name: symlink /community to /srv/repos/svn-community/dbscripts
  file: path=/community src=/srv/repos/svn-community/dbscripts state=link

- name: symlink /packages to /srv/repos/svn-packages/dbscripts
  file: path=/packages src=/srv/repos/svn-packages/dbscripts state=link

- name: create rsyncd-conf-genscripts
  file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=700

- name: install rsync.conf.proto
  copy: src=rsyncd.conf.proto dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=644

- name: configure gen_rsyncd.conf.pl
  template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=700

- name: generate mirror config
  command: /etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl

- name: install svnlog
  copy: src=svnlog dest=/usr/local/bin/svnlog owner=root group=root mode=755

- name: start rsync
  service: name=rsyncd.socket enabled=yes state=started

- name: install systemd timers
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644
  with_items:
    - cleanup.timer
    - cleanup.service
    - sourceballs.timer
    - sourceballs.service
    - integrity-check.timer
    - integrity-check.service
    - lastsync.timer
    - lastsync.service
    - gen_rsyncd.timer
    - gen_rsyncd.service

- name: activate systemd timers
  service: name={{ item }} enabled=yes state=started
  with_items:
    - cleanup.timer
    - sourceballs.timer
    - integrity-check.timer
    - lastsync.timer
    - gen_rsyncd.timer
Add dbscripts role 2016-05-29 16:22:44 +02:00			`---`

dbscripts: Add rsync stuff 2016-06-01 12:21:15 +02:00			`- name: install svn, git, rsync and some perl stuff`
dbscripts: Add dependency of svnlog Signed-off-by: Florian Pritz <bluewind@xinu.at> 2016-06-14 10:35:04 +02:00			`pacman: name=git,subversion,rsync,perl-dbd-pg,perl-timedate,diffstat state=present`
Add dbscripts role 2016-05-29 16:22:44 +02:00
			`- name: create dbscripts users`
dbscripts: Fix svn-packages/svn-community login 2016-06-13 19:49:20 +02:00			`user: name="{{ item }}" shell=/bin/bash`
Add dbscripts role 2016-05-29 16:22:44 +02:00			`with_items:`
			`- svn-packages`
			`- svn-community`
Add multilib group 2016-05-31 11:56:58 +02:00
			`- name: add cleanup user`
			`user: name=cleanup groups=tu,dev,multilib shell=/sbin/nologin`
Add dbscripts role 2016-05-29 16:22:44 +02:00
dbscripts: Fix svn-packages/svn-community login 2016-06-13 19:49:20 +02:00			`- name: add sourceballs user`
			`user: name=sourceballs shell=/sbin/nologin`

dbscripts: Add special user sudoer.d file 2016-06-13 20:59:05 +02:00			`- name: set up sudoers.d for special users`
			`copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=600`

dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00			`- name: create Arch Linux-specific users`
			`user:`
			`name: "{{ item.key }}"`
			`group: users`
			`groups: "{{ item.value.groups \| join(',') }}"`
			`comment: "{{ item.value.name}}"`
			`state: present`
			`with_dict: "{{ arch_users }}"`

Properly handle multiple keys per user per repo 2016-06-14 03:06:24 +02:00			`- name: gather all pubkeys of all users`
			`set_fact: pubkeys_per_user="{{ lookup('file', '../pubkeys/' + item.value.ssh_key).split('\n') }}"`
			`register: pubkeys`
dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00			`with_dict: "{{ arch_users }}"`

Properly handle multiple keys per user per repo 2016-06-14 03:06:24 +02:00			`- name: gather pubkeys for all devs`
			`set_fact: dev_pubkeys_svn="{% for key in item.ansible_facts.pubkeys_per_user if 'dev' in item.item.value.groups and 'command' not in key %}{{ 'command=\"/usr/bin/svnserve --tunnel-user=' + item.item.key + ' -t\",no-port-forwarding,no-agent-forwarding,no-pty ' + key + '\n' }}{% endfor %}"`
			`register: dev_pubkeys_svn_reg`
			`with_items: "{{ pubkeys.results }}"`

dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00			`- name: join all dev pubkeys into a big string`
Properly handle multiple keys per user per repo 2016-06-14 03:06:24 +02:00			`set_fact: dev_pubkeys_string="{% for result in dev_pubkeys_svn_reg.results %}{{ result.ansible_facts.dev_pubkeys_svn }}{% endfor %}"`
dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00
Properly handle multiple keys per user per repo 2016-06-14 03:06:24 +02:00			`- name: gather pubkeys for all TUs`
			`set_fact: tu_pubkeys_svn="{% for key in item.ansible_facts.pubkeys_per_user if 'tu' in item.item.value.groups and 'command' not in key %}{{ 'command=\"/usr/bin/svnserve --tunnel-user=' + item.item.key + ' -t\",no-port-forwarding,no-agent-forwarding,no-pty ' + key + '\n' }}{% endfor %}"`
			`register: tu_pubkeys_svn_reg`
			`with_items: "{{ pubkeys.results }}"`
dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00
			`- name: join all tu pubkeys into a big string`
Properly handle multiple keys per user per repo 2016-06-14 03:06:24 +02:00			`set_fact: tu_pubkeys_string="{% for result in tu_pubkeys_svn_reg.results %}{{ result.ansible_facts.tu_pubkeys_svn }}{% endfor %}"`
dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00
			`- name: configure ssh keys for devs`
			`authorized_key:`
			`user: svn-packages`
Properly handle multiple keys per user per repo 2016-06-14 03:06:24 +02:00			`key: "{{ dev_pubkeys_string }}"`
dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00			`manage_dir: yes`
			`state: present`
			`exclusive: yes`

Add multilib group 2016-05-31 11:56:58 +02:00			`- name: configure ssh keys for TUs`
dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00			`authorized_key:`
			`user: svn-community`
Properly handle multiple keys per user per repo 2016-06-14 03:06:24 +02:00			`key: "{{ tu_pubkeys_string }}"`
dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00			`manage_dir: yes`
			`state: present`
			`exclusive: yes`

Add dbscripts role 2016-05-29 16:22:44 +02:00			`- name: create dbscripts paths`
			`file: path="{{ item }}" state=directory`
			`with_items:`
			`- /srv/repos/svn-community`
			`- /srv/repos/svn-packages`

			`- file: path="/srv/repos/svn-community/package-cleanup" state=directory owner=svn-community group=tu mode=0775`
			`- acl: name=/srv/repos/svn-community/package-cleanup entry="user:cleanup:rwx" state=present`
			`- acl: name=/srv/repos/svn-community/package-cleanup entry="default:user::rwx" state=present`
			`- acl: name=/srv/repos/svn-community/package-cleanup entry="default:user:cleanup:rwx" state=present`
			`- acl: name=/srv/repos/svn-community/package-cleanup entry="default:group::rwx" state=present`
			`- acl: name=/srv/repos/svn-community/package-cleanup entry="default:other::r-x" state=present`

			`- file: path="/srv/repos/svn-packages/package-cleanup" state=directory owner=svn-packages group=dev mode=0775`
			`- acl: name=/srv/repos/svn-packages/package-cleanup entry="user:cleanup:rwx" state=present`
			`- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user::rwx" state=present`
			`- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:user:cleanup:rwx" state=present`
			`- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:group::rwx" state=present`
			`- acl: name=/srv/repos/svn-packages/package-cleanup entry="default:other::r-x" state=present`

			`- file: path="/srv/repos/svn-community/source-cleanup" state=directory owner=sourceballs group=svn-community mode=0755`
			`- file: path="/srv/repos/svn-packages/source-cleanup" state=directory owner=sourceballs group=svn-packages mode=0755`

			`- file: path="/srv/repos/svn-community/svn" state=directory owner=svn-community group=svn-community mode=0755`
			`- acl: name=/srv/repos/svn-community/svn entry="default:user::rwx" state=present`
			`- acl: name=/srv/repos/svn-community/svn entry="default:group::r-x" state=present`
			`- acl: name=/srv/repos/svn-community/svn entry="default:other::r-x" state=present`

			`- file: path="/srv/repos/svn-packages/svn" state=directory owner=svn-packages group=svn-packages mode=0755`
			`- acl: name=/srv/repos/svn-packages/svn entry="default:user::rwx" state=present`
			`- acl: name=/srv/repos/svn-packages/svn entry="default:group::r-x" state=present`
			`- acl: name=/srv/repos/svn-packages/svn entry="default:other::r-x" state=present`

			`- file: path="/srv/repos/svn-community/tmp" state=directory owner=svn-community group=tu mode=1775`
			`- acl: name=/srv/repos/svn-community/tmp entry="user:sourceballs:rwx" state=present`

			`- file: path="/srv/repos/svn-packages/tmp" state=directory owner=svn-packages group=dev mode=1775`
			`- acl: name=/srv/repos/svn-packages/tmp entry="user:sourceballs:rwx" state=present`

dbscripts: Fix lastsync file 2016-06-15 00:04:05 +02:00			`- file: path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644`

dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00			`- file: path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644`
			`- acl: name=/srv/ftp/lastupdate entry="group:tu:rw-" state=present`
			`- acl: name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present`

Add dbscripts role 2016-05-29 16:22:44 +02:00			`- name: clone dbscripts git repo`
dbscripts: Cloen via https instead of git Signed-off-by: Florian Pritz <bluewind@xinu.at> 2016-05-30 11:51:18 +02:00			`git: dest=/srv/repos/{{ item }}/dbscripts repo=https://git.archlinux.org/dbscripts.git`
Add dbscripts role 2016-05-29 16:22:44 +02:00			`with_items:`
			`- svn-community`
			`- svn-packages`

			`- name: make /srv/svn`
			`file: path=/srv/svn state=directory`

			`- name: symlink /srv/svn/community to /srv/repos/svn-community/svn`
			`file: path=/srv/svn/community src=/srv/repos/svn-community/svn state=link`

			`- name: symlink /srv/svn/packages to /srv/repos/svn-packages/svn`
			`file: path=/srv/svn/packages src=/srv/repos/svn-packages/svn state=link`

			`- name: symlink /community to /srv/repos/svn-community/dbscripts`
			`file: path=/community src=/srv/repos/svn-community/dbscripts state=link`

			`- name: symlink /packages to /srv/repos/svn-packages/dbscripts`
dbscripts: Fix /packages symlink Signed-off-by: Florian Pritz <bluewind@xinu.at> 2016-06-14 09:50:28 +02:00			`file: path=/packages src=/srv/repos/svn-packages/dbscripts state=link`
Add dbscripts role 2016-05-29 16:22:44 +02:00
dbscripts: Add rsync stuff 2016-06-01 12:21:15 +02:00			`- name: create rsyncd-conf-genscripts`
			`file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=700`

			`- name: install rsync.conf.proto`
			`copy: src=rsyncd.conf.proto dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=644`

			`- name: configure gen_rsyncd.conf.pl`
			`template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=700`

			`- name: generate mirror config`
			`command: /etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl`

dbscripts: Add svnlog Signed-off-by: Florian Pritz <bluewind@xinu.at> 2016-06-14 10:15:38 +02:00			`- name: install svnlog`
			`copy: src=svnlog dest=/usr/local/bin/svnlog owner=root group=root mode=755`

dbscripts: Add rsync stuff 2016-06-01 12:21:15 +02:00			`- name: start rsync`
			`service: name=rsyncd.socket enabled=yes state=started`

Add dbscripts role 2016-05-29 16:22:44 +02:00			`- name: install systemd timers`
			`copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=644`
			`with_items:`
			`- cleanup.timer`
			`- cleanup.service`
			`- sourceballs.timer`
			`- sourceballs.service`
			`- integrity-check.timer`
			`- integrity-check.service`
			`- lastsync.timer`
			`- lastsync.service`
dbscripts: Add rsync stuff 2016-06-01 12:21:15 +02:00			`- gen_rsyncd.timer`
			`- gen_rsyncd.service`
Add dbscripts role 2016-05-29 16:22:44 +02:00
dbscripts: Generate pubkeys for dbscripts users 2016-05-30 03:58:07 +02:00			`- name: activate systemd timers`
Add dbscripts role 2016-05-29 16:22:44 +02:00			`service: name={{ item }} enabled=yes state=started`
			`with_items:`
			`- cleanup.timer`
			`- sourceballs.timer`
			`- integrity-check.timer`
			`- lastsync.timer`
dbscripts: Add rsync stuff 2016-06-01 12:21:15 +02:00			`- gen_rsyncd.timer`