diff options
Diffstat (limited to 'baserock_ostree/instance-config.yml')
-rw-r--r-- | baserock_ostree/instance-config.yml | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/baserock_ostree/instance-config.yml b/baserock_ostree/instance-config.yml index 6afe49f5..5286c61b 100644 --- a/baserock_ostree/instance-config.yml +++ b/baserock_ostree/instance-config.yml @@ -1,6 +1,8 @@ # Instance configuration for Baserock OStree cache server. # # Tested against Fedora 25 base image. +# +# See also: https://buildstream.gitlab.io/buildstream/artifacts.html --- - hosts: ostree gather_facts: false @@ -8,12 +10,15 @@ tasks: - include: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv + - name: ostree user + user: name=ostree + - name: data directory - file: mode=0755 owner=lighttpd group=lighttpd path=/srv/ostree/ state=directory + file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory - name: cache repository command: ostree init --repo=/srv/ostree/cache --mode=archive-z2 - sudo_user: lighttpd + sudo_user: ostree args: creates: /srv/ostree/cache/config @@ -24,3 +29,13 @@ - name: restart lighttpd server service: name=lighttpd enabled=yes state=restarted + + - name: sshd configuration for ostree user -- header + lineinfile: state="present" line="Match user ostree" path=/etc/ssh/sshd_config + - name: sshd configuration for ostree user -- force command + lineinfile: state="present" line=" ForceCommand bst-artifact-receive --verbose /srv/ostree/cache" insertafter="Match user ostree" path=/etc/ssh/sshd_config + - name: sshd configuration for ostree user -- disable password auth + lineinfile: state="present" line=" PasswordAuthentication no" insertafter="Match user ostree" path=/etc/ssh/sshd_config + + - name: restart sshd server + service: name=sshd enabled=yes state=restarted |