1 files changed, 41 insertions, 0 deletions

diff --git a/baserock_ostree/instance-config.yml b/baserock_ostree/instance-config.yml
new file mode 100644
index 00000000..5286c61b
--- /dev/null
+++ b/baserock_ostree/instance-config.yml
@@ -0,0 +1,41 @@
+# Instance configuration for Baserock OStree cache server.
+#
+# Tested against Fedora 25 base image.
+#
+# See also: https://buildstream.gitlab.io/buildstream/artifacts.html
+---
+- hosts: ostree
+  gather_facts: false
+  sudo: yes
+  tasks:
+  - include: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv
+
+  - name: ostree user
+    user: name=ostree
+
+  - name: data directory
+    file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory
+
+  - name: cache repository
+    command: ostree init --repo=/srv/ostree/cache --mode=archive-z2
+    sudo_user: ostree
+    args:
+      creates: /srv/ostree/cache/config
+
+  - name: lighttpd configuration
+    copy:
+      src: lighttpd.conf
+      dest: /etc/lighttpd/lighttpd.conf
+
+  - name: restart lighttpd server
+    service: name=lighttpd enabled=yes state=restarted
+
+  - name: sshd configuration for ostree user -- header
+    lineinfile: state="present" line="Match user ostree" path=/etc/ssh/sshd_config
+  - name: sshd configuration for ostree user -- force command
+    lineinfile: state="present" line="    ForceCommand bst-artifact-receive --verbose /srv/ostree/cache" insertafter="Match user ostree" path=/etc/ssh/sshd_config
+  - name: sshd configuration for ostree user -- disable password auth
+    lineinfile: state="present" line="    PasswordAuthentication no" insertafter="Match user ostree" path=/etc/ssh/sshd_config
+
+  - name: restart sshd server
+    service: name=sshd enabled=yes state=restarted