1 files changed, 28 insertions, 4 deletions

diff --git a/baserock_ostree/instance-config.yml b/baserock_ostree/instance-config.yml
index 768deb1a..1f218fc0 100644
--- a/baserock_ostree/instance-config.yml
+++ b/baserock_ostree/instance-config.yml
@@ -11,9 +11,13 @@
   tasks:
   - import_tasks: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv
 
+  # This should perhaps have been called ostree-cache
   - name: ostree user
     user: name=ostree
 
+  - name: ostree-releases user
+    user: name=ostree-releases
+
   - name: data directory
     file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory
 
@@ -23,6 +27,15 @@
     args:
       creates: /srv/ostree/cache/config
 
+  - name: releases directory
+    file: mode=0755 owner=ostree-releases group=ostree-releases path=/srv/ostree/releases state=directory
+
+  - name: releases repository
+    command: ostree init --repo=/srv/ostree/releases --mode=archive-z2
+    become_user: ostree-releases
+    args:
+      creates: /srv/ostree/releases/config
+
   - name: lighttpd configuration
     copy:
       src: lighttpd.conf
@@ -38,17 +51,28 @@
   - name: sshd configuration for ostree user -- disable password auth
     lineinfile: state="present" line="    PasswordAuthentication no" insertafter="Match user ostree" path=/etc/ssh/sshd_config
 
+  - name: sshd configuration for ostree-releases user -- header
+    lineinfile: state="present" line="Match user ostree-releases" path=/etc/ssh/sshd_config
+  - name: sshd configuration for ostree-releases user -- force command
+    lineinfile: state="present" line="    ForceCommand ostree-receive -v --repo /srv/ostree/releases" insertafter="Match user ostree-releases" path=/etc/ssh/sshd_config
+  - name: sshd configuration for ostree-releases user -- disable password auth
+    lineinfile: state="present" line="    PasswordAuthentication no" insertafter="Match user ostree-releases" path=/etc/ssh/sshd_config
+
   - name: restart sshd server
     service: name=sshd enabled=yes state=restarted
 
   - name: install systemd units
     copy: src=./{{item}} dest=/{{item}}
     with_items:
-      - etc/systemd/system/ostree-cache-update-summary.service
-      - etc/systemd/system/ostree-cache-update-summary.timer
+      - etc/systemd/system/ostree-update-summary-cache.service
+      - etc/systemd/system/ostree-update-summary-cache.timer
+      - etc/systemd/system/ostree-update-summary-releases.service
+      - etc/systemd/system/ostree-update-summary-releases.timer
 
   - name: enable systemd units
     systemd: name={{item}} enabled=yes daemon_reload=yes state=started
     with_items:
-      - ostree-cache-update-summary.service
-      - ostree-cache-update-summary.timer
+      - ostree-update-summary-cache.service
+      - ostree-update-summary-cache.timer
+      - ostree-update-summary-releases.service
+      - ostree-update-summary-releases.timer