baserock_ostree/instance-config.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

# Instance configuration for Baserock OStree cache server.
#
# Tested against Fedora 25 base image.
#
# See also: https://buildstream.gitlab.io/buildstream/artifacts.html
---
- hosts: ostree
  gather_facts: false
  sudo: yes
  tasks:
  - include: ../tasks/create-data-volume.yml lv_name=ostree lv_size=290g mountpoint=/srv

  - name: ostree user
    user: name=ostree

  - name: data directory
    file: mode=0755 owner=ostree group=ostree path=/srv/ostree/ state=directory

  - name: cache repository
    command: ostree init --repo=/srv/ostree/cache --mode=archive-z2
    sudo_user: ostree
    args:
      creates: /srv/ostree/cache/config

  - name: lighttpd configuration
    copy:
      src: lighttpd.conf
      dest: /etc/lighttpd/lighttpd.conf

  - name: restart lighttpd server
    service: name=lighttpd enabled=yes state=restarted

  - name: sshd configuration for ostree user -- header
    lineinfile: state="present" line="Match user ostree" path=/etc/ssh/sshd_config
  - name: sshd configuration for ostree user -- force command
    lineinfile: state="present" line="    ForceCommand bst-artifact-receive --verbose /srv/ostree/cache" insertafter="Match user ostree" path=/etc/ssh/sshd_config
  - name: sshd configuration for ostree user -- disable password auth
    lineinfile: state="present" line="    PasswordAuthentication no" insertafter="Match user ostree" path=/etc/ssh/sshd_config

  - name: restart sshd server
    service: name=sshd enabled=yes state=restarted