# Instance configuration for Baserock OStree cache server.
#
# Tested against Fedora 26 base image.
#
# See also: https://buildstream.gitlab.io/buildstream/artifacts.html
---
- hosts: ostree
  gather_facts: false
  become: yes
  become_method: sudo
  tasks:
  - import_tasks: ../tasks/create-data-volume.yml
    vars:
      lv_name: ostree
      lv_size: 90g
      mountpoint: /srv

  # This should perhaps have been called ostree-cache
  - name: ostree user
    user:
      name: ostree

  - name: ostree-releases user
    user:
      name: ostree-releases

  - name: data directory
    file:
      mode: 0755
      owner: ostree
      group: ostree
      path: /srv/ostree/
      state: directory

  - name: cache repository
    command: ostree init --repo=/srv/ostree/cache --mode=archive-z2
    become_user: ostree
    args:
      creates: /srv/ostree/cache/config

  - name: releases directory
    file:
      mode: 0755
      owner: ostree-releases
      group: ostree-releases
      path: /srv/ostree/releases
      state: directory

  - name: releases repository
    command: ostree init --repo=/srv/ostree/releases --mode=archive-z2
    become_user: ostree-releases
    args:
      creates: /srv/ostree/releases/config

  - name: lighttpd configuration
    copy:
      src: lighttpd.conf
      dest: /etc/lighttpd/lighttpd.conf

  - name: restart lighttpd server
    service:
      name: lighttpd
      enabled: yes
      state: restarted

  - name: sshd configuration for ostree user -- header
    lineinfile:
      state: "present"
      line: "Match user ostree"
      path: /etc/ssh/sshd_config
  - name: sshd configuration for ostree user -- force command
    lineinfile:
      state: "present"
      line: "    ForceCommand bst-artifact-receive --pull-url https://ostree.baserock.org/cache/ --verbose /srv/ostree/cache"
      insertafter: "Match user ostree$"
      path: /etc/ssh/sshd_config
  - name: sshd configuration for ostree user -- disable password auth
    lineinfile:
      state: "present"
      line: "    PasswordAuthentication no"
      insertafter: "Match user ostree$"
      path: /etc/ssh/sshd_config

  - name: sshd configuration for ostree-releases user -- header
    lineinfile:
      state: "present"
      line: "Match user ostree-releases"
      path: /etc/ssh/sshd_config
  - name: sshd configuration for ostree-releases user -- force command
    lineinfile:
      state: "present"
      line: "    ForceCommand ostree-receive -v --repo /srv/ostree/releases"
      insertafter: "Match user ostree-releases$"
      path: /etc/ssh/sshd_config
  - name: sshd configuration for ostree-releases user -- disable password auth
    lineinfile:
      state: "present"
      line: "    PasswordAuthentication no"
      insertafter: "Match user ostree-releases$"
      path: /etc/ssh/sshd_config

  - name: restart sshd server
    service:
      name: sshd
      enabled: yes
      state: restarted

  - name: install systemd units
    copy:
      src: ./{{item}}
      dest: /{{item}}
    with_items:
      - etc/systemd/system/ostree-update-summary-cache.service
      - etc/systemd/system/ostree-update-summary-cache.timer
      - etc/systemd/system/ostree-update-summary-releases.service
      - etc/systemd/system/ostree-update-summary-releases.timer

  - name: enable systemd units
    systemd:
      name: "{{item}}"
      enabled: yes
      daemon_reload: yes
      state: started
    with_items:
      - ostree-update-summary-cache.service
      - ostree-update-summary-cache.timer
      - ostree-update-summary-releases.service
      - ostree-update-summary-releases.timer