# Instance configuration for Baserock OStree cache server.
#
# Tested against Fedora 25 base image.
#
# See also: https://buildstream.gitlab.io/buildstream/artifacts.html
---
- hosts: ostree
  gather_facts: false
  sudo: yes
  tasks:
  - include: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv

  - name: ostree user
    user: name=ostree

  - name: data directory
    file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory

  - name: cache repository
    command: ostree init --repo=/srv/ostree/cache --mode=archive-z2
    sudo_user: ostree
    args:
      creates: /srv/ostree/cache/config

  - name: lighttpd configuration
    copy:
      src: lighttpd.conf
      dest: /etc/lighttpd/lighttpd.conf

  - name: restart lighttpd server
    service: name=lighttpd enabled=yes state=restarted

  - name: sshd configuration for ostree user -- header
    lineinfile: state="present" line="Match user ostree" path=/etc/ssh/sshd_config
  - name: sshd configuration for ostree user -- force command
    lineinfile: state="present" line="    ForceCommand bst-artifact-receive --verbose /srv/ostree/cache" insertafter="Match user ostree" path=/etc/ssh/sshd_config
  - name: sshd configuration for ostree user -- disable password auth
    lineinfile: state="present" line="    PasswordAuthentication no" insertafter="Match user ostree" path=/etc/ssh/sshd_config

  - name: restart sshd server
    service: name=sshd enabled=yes state=restarted

  - name: install systemd units
    copy: src=./{{item}} dest=/{{item}}
    sudo: yes
    with_items:
      - etc/systemd/system/ostree-cache-update-summary.service
      - etc/systemd/system/ostree-cache-update-summary.timer

  - name: enable systemd units
    systemd: name={{item}} enabled=yes daemon_reload=yes state=started
    sudo: yes
    with_items:
      - ostree-cache-update-summary.service
      - ostree-cache-update-summary.timer