mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
420d0717be
Maintain a web key directory with our gpg keys. The update script is run automatically whenever the archlinux-keyring package on orion is upgraded. https://bugs.archlinux.org/task/63171 Signed-off-by: Florian Pritz <bluewind@xinu.at>
34 lines
1.3 KiB
YAML
34 lines
1.3 KiB
YAML
---
|
|
|
|
- name: create wkd user
|
|
user: name={{ wkd_user }} shell=/bin/false home={{ wkd_home }}
|
|
|
|
- name: install wkd update script
|
|
copy: src=update-wkd.sh dest=/usr/local/bin/update-wkd.sh owner=root group=root mode=0755
|
|
|
|
- name: install wkd service
|
|
template: src=update-wkd.service.j2 dest=/etc/systemd/system/update-wkd.service owner=root group=root mode=0644
|
|
notify:
|
|
- daemon reload
|
|
- run wkd service
|
|
|
|
- name: create pacman.d hooks dir
|
|
file: state=directory owner=root group=root path=/etc/pacman.d/hooks
|
|
|
|
- name: install pgp_import hook
|
|
template: src=update-wkd-pacman-hook.j2 dest=/etc/pacman.d/hooks/update-wkd.hook owner=root group=root mode=0644
|
|
|
|
- name: create ssl cert
|
|
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ wkd_domain }}' creates='/etc/letsencrypt/live/{{ wkd_domain }}/fullchain.pem'
|
|
|
|
- name: create wkd_dir
|
|
file: state=directory owner={{ wkd_user }} group={{ wkd_user }} path="{{ wkd_dir }}" mode=0755
|
|
|
|
- name: set up nginx
|
|
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/wkd.conf owner=root group=root mode=644
|
|
notify: reload nginx
|
|
tags: ['nginx']
|
|
|
|
- name: make nginx log dir
|
|
file: path=/var/log/nginx/{{ wkd_domain }} state=directory owner=root group=root mode=0755
|