diff --git a/ansible/build.yml b/ansible/build.yml index 3534e147..25dd4493 100644 --- a/ansible/build.yml +++ b/ansible/build.yml @@ -4,8 +4,9 @@ become_user: root become_method: sudo roles: - - acmetool - buildmaster + - unacmetool + - unnginx - hosts: buildslave become: yes diff --git a/ansible/roles/buildmaster/tasks/buildbot.yml b/ansible/roles/buildmaster/tasks/buildbot.yml index a1e7fb95..d092688b 100644 --- a/ansible/roles/buildmaster/tasks/buildbot.yml +++ b/ansible/roles/buildmaster/tasks/buildbot.yml @@ -1,150 +1,34 @@ --- -- name: Install virtualenv & deps - xbps: - pkg: - - acl-progs - - base-devel - - python-devel - state: present - -- name: Create the BuildBot Master user - user: - name: "{{ buildmaster_user }}" - state: present - createhome: yes - -- name: Create the BuildMaster Root Directory +- name: Disable BuildBot Service file: - path: "/{{ buildmaster_rootdir }}/buildmaster" - state: directory - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0750 - -- name: Install Buildbot - pip: - name: buildbot - version: "{{ buildmaster_version }}" - virtualenv: "/{{ buildmaster_rootdir }}/virtual_builder" - virtualenv_python: python2 - become_user: "{{ buildmaster_user }}" - become_method: sudo + path: /var/service/void-buildmaster + state: absent -- name: Make Buildbot More Terse - patch: - src: terse-irc.patch - dest: "/{{ buildmaster_rootdir }}/virtual_builder/lib/python2.7/site-packages/buildbot/status/words.py" - backup: yes - -- name: Create BuildMaster Subdirectories +- name: Remove BuildBot Service file: - path: "/{{ buildmaster_rootdir }}/buildmaster/{{ item }}" - state: directory - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0750 - with_items: - - scripts - - public_html - - templates - -- name: Copy un-inheritable Buildbot Assets - copy: - src: "/{{ buildmaster_rootdir }}/virtual_builder/lib/python2.7/site-packages/buildbot/status/web/files/{{ item }}" - remote_src: true - dest: "/{{ buildmaster_rootdir }}/buildmaster/public_html/{{ item }}" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0644 - with_items: - - bg_gradient.jpg - - default.css - - favicon.ico - - robots.txt - -- name: Copy Buildbot Bootstrap Database - copy: - src: state.sqlite - dest: "/{{ buildmaster_rootdir }}/buildmaster/state.sqlite" - force: no - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0644 - -- name: Install GitHub Webhook Password - copy: - src: secret/buildmaster_github_webhook_passwd - dest: "/{{ buildmaster_rootdir }}/github-webhook.passwd" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0400 - no_log: True - -- name: Configure BuildMaster - template: - src: master.cfg.j2 - dest: "/{{ buildmaster_rootdir }}/buildmaster/master.cfg" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0400 - no_log: True - -- name: Install Static Scripts - copy: - src: "{{ item }}" - dest: "/{{ buildmaster_rootdir }}/buildmaster/scripts/{{ item }}" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0640 - with_items: - - __init__.py - - ShellCommandChangeList.py - -- name: Install Buildbot Master Configuration - template: - src: buildbot.tac.j2 - dest: "/{{ buildmaster_rootdir }}/buildmaster/buildbot.tac" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0644 - -- include_vars: secret/buildslave_credentials.yml -- include_vars: secret/buildmaster_users.yml - -- name: Configure BuildSlave References - template: - src: user_settings.py.j2 - dest: "/{{ buildmaster_rootdir }}/buildmaster/scripts/user_settings.py" - owner: "{{ buildmaster_user }}" - group: "{{ buildmaster_user }}" - mode: 0400 + path: /etc/sv/void-buildmaster + state: absent -- name: Install BuildBot Service (1/2) +- name: Remove the BuildMaster Root Directory file: - path: /etc/sv/void-buildmaster - state: directory - owner: root - group: root - mode: 0755 + path: "/{{ buildmaster_rootdir }}" + state: absent -- name: Install BuildBot Service (2/2) - template: - src: run.j2 - dest: /etc/sv/void-buildmaster/run - owner: root - group: root - mode: 0755 +- name: Remove the BuildBot Master user + user: + name: "{{ buildmaster_user }}" + state: absent + remove: true -- name: Enable BuildBot Service - file: - src: /etc/sv/void-buildmaster - dest: /var/service/void-buildmaster - state: link +- name: Remove deps + xbps: + pkg: + - acl-progs + - base-devel + - python-devel + state: absent -- name: Install sudo policy - template: - src: buildmaster.sudoers - dest: /etc/sudoers.d/buildmaster - owner: root - group: root - mode: 0640 +- name: Remove sudo policy + file: + path: /etc/sudoers.d/buildmaster + state: absent diff --git a/ansible/roles/buildmaster/tasks/pre.yml b/ansible/roles/buildmaster/tasks/pre.yml index 41882dac..2356d21c 100644 --- a/ansible/roles/buildmaster/tasks/pre.yml +++ b/ansible/roles/buildmaster/tasks/pre.yml @@ -1,25 +1,19 @@ --- -- name: Create the void-repo group +- name: Remove the void-repo group group: name: void-repo - state: present + state: absent -- name: Install the buildmaster firewall rules - copy: - src: buildmaster.rules - dest: /etc/iptables.d - owner: root - group: root - mode: 0640 +- name: Remove the buildmaster firewall rules + file: + path: /etc/iptables.d/buildmaster.rules + state: absent notify: - iptables - name: Install the buildmaster firewall rules (v6) - copy: - src: buildmaster.6rules - dest: /etc/ip6tables.d - owner: root - group: root - mode: 0640 + file: + path: /etc/ip6tables.d/buildmaster.6rules + state: absent notify: - iptables diff --git a/ansible/roles/buildmaster/tasks/www.yml b/ansible/roles/buildmaster/tasks/www.yml index d8b7e507..dc838d9c 100644 --- a/ansible/roles/buildmaster/tasks/www.yml +++ b/ansible/roles/buildmaster/tasks/www.yml @@ -1,25 +1,15 @@ --- -- name: Configure webserver - include_role: - name: nginx - tasks_from: base-site - vars: - - site: - name: buildmaster - static_root: false - urls: - - build.voidlinux.org - tls: - certificate: "{{ buildmaster_ssl_cert_path | default('/dev/null') }}" - key: "{{ buildmaster_ssl_certkey_path | default('/dev/null') }}" - stapling: yes - -- name: Install root location block - copy: - src: buildmaster_root.conf - dest: /etc/nginx/locations.d/build.voidlinux.org/ - owner: root - group: root - mode: 0644 +- name: Unconfigure nginx + file: + path: "{{ item }}" + state: absent + with_items: + - /var/lib/acme/live/build.voidlinux.org + - /etc/nginx/locations.d/build.voidlinux.org + - /etc/nginx/sites-available/buildmaster.conf + - /etc/nginx/sites-enabled/buildmaster.conf + - /etc/iptables.d/nginx-resolvers-buildmaster.rules + - /etc/ip6tables.d/nginx-resolvers-buildmaster.6rules notify: - nginx + - iptables diff --git a/ansible/roles/buildslave/tasks/main.yml b/ansible/roles/buildslave/tasks/main.yml index 8f452291..3036b4b1 100644 --- a/ansible/roles/buildslave/tasks/main.yml +++ b/ansible/roles/buildslave/tasks/main.yml @@ -1,173 +1,58 @@ --- -- name: Install BuildBot Slave and Dependencies - xbps: - pkg: - - buildbot-slave - - git - state: present - -- name: Create Buildslave user ({{ buildslave_user}}) - user: - name: "{{ buildslave_user }}" - state: present - createhome: yes - system: yes - groups: "{{ buildslave_groups | join(',') }}" - -- name: Create Buildsync user ({{ buildslave_sync_user }}) - user: - name: "{{ buildslave_sync_user }}" - state: present - createhome: yes - system: yes - when: buildslave_isremote - -- name: Create {{ buildslave_sync_user }} .ssh - file: - path: /home/{{ buildslave_sync_user }}/.ssh - state: directory - owner: "{{ buildslave_sync_user }}" - group: "{{ buildslave_sync_user }}" - mode: 0700 - when: buildslave_isremote - -- name: Install sync key - copy: - src: secret/buildmaster_slave_reposync_public - dest: /home/{{ buildslave_sync_user }}/.ssh/authorized_keys - owner: "{{ buildslave_sync_user }}" - group: "{{ buildslave_sync_user }}" - mode: 0600 - when: buildslave_isremote - -- name: Create Builder Directories +- name: Disable BuildSlave file: - path: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}" - state: directory - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0755 - with_items: "{{ buildslave_buildslaves | json_query(query) | unique }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" - -- include_vars: secret/buildslave_credentials.yml - -- name: Configure buildbot-slave - template: - src: buildbot.tac.j2 - dest: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}/buildbot.tac" - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0644 + path: "/var/service/{{ item.service_name | default('void-builder-' + item.mach) }}" + state: absent with_items: "{{ buildslave_buildslaves | json_query(query) }}" vars: query: "[?zone=='{{ buildslave_zone }}']" loop_control: label: "{{ item.mach }}" -- name: Create buildbot-slave info directories +- name: Remove Service Directories file: - path: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}/info" - state: directory - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0755 - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" - -- name: Configure buildbot host description - template: - src: host.j2 - dest: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}/info/host" - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0644 + path: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}" + state: absent with_items: "{{ buildslave_buildslaves | json_query(query) }}" vars: query: "[?zone=='{{ buildslave_zone }}']" loop_control: label: "{{ item.mach }}" -- name: Configure buildbot admin description - template: - src: admin.j2 - dest: "/{{ buildslave_rootdir }}/{{ item.directory | default('void-builder-' + item.mach) }}/info/admin" - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0644 - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" +- name: Uninstall BuildBot Slave and Dependencies + xbps: + pkg: + - buildbot-slave + - git + state: absent -- name: Configure xbps-src - template: - src: xbps-src.conf.j2 - dest: "/home/{{ buildslave_user }}/.xbps-src.conf" - owner: "{{ buildslave_user }}" - group: "{{ buildslave_user }}" - mode: 0644 +- name: Remove Buildslave user ({{ buildslave_user}}) + user: + name: "{{ buildslave_user }}" + state: absent + remove: true -- name: Configure local build mirror - template: - src: local-repository.conf - dest: /etc/xbps.d/99-local-repository.conf - owner: root - group: root - mode: 0644 - when: buildslave_zone in buildmaster_remote_zones +- name: Remove Buildsync user ({{ buildslave_sync_user }}) + user: + name: "{{ buildslave_sync_user }}" + state: absent + remove: true + when: buildslave_isremote -- name: Create Service Directories +- name: Remove Builder Directories file: - path: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}" - state: directory - owner: root - group: root - mode: 0755 - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" + path: "/{{ buildslave_rootdir }}" + state: absent -- name: Configure Runit - template: - src: run.j2 - dest: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}/run" - owner: root - group: root - mode: 0755 - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" +- include_vars: secret/buildslave_credentials.yml -- name: Enable BuildSlave +- name: Unconfigure local build mirror file: - src: "/etc/sv/{{ item.service_name | default('void-builder-' + item.mach) }}" - dest: "/var/service/{{ item.service_name | default('void-builder-' + item.mach) }}" - state: link - with_items: "{{ buildslave_buildslaves | json_query(query) }}" - vars: - query: "[?zone=='{{ buildslave_zone }}']" - loop_control: - label: "{{ item.mach }}" + path: /etc/xbps.d/99-local-repository.conf + state: absent + when: buildslave_zone in buildmaster_remote_zones -- name: Install sudo policy - template: - src: buildslave.sudoers.j2 - dest: /etc/sudoers.d/buildslave - owner: root - group: root - mode: 0640 - vars: - query: "[?zone=='{{ buildslave_zone }}']" - local_buildbots: "{{ buildslave_buildslaves | json_query(query) }}" +- name: Remove sudo policy + file: + path: /etc/sudoers.d/buildslave + state: absent diff --git a/ansible/roles/unacmetool/tasks/main.yml b/ansible/roles/unacmetool/tasks/main.yml new file mode 100644 index 00000000..a6d9eac1 --- /dev/null +++ b/ansible/roles/unacmetool/tasks/main.yml @@ -0,0 +1,28 @@ +--- +- name: Remove acmetool data root + file: + path: /var/lib/acme + state: absent + +- name: Remove renewal crontab + file: + path: /etc/cron.d/acmetool + state: absent + +- name: Remove acmetool firewall rules + file: + path: /etc/iptables.d/acmetool.rules + state: absent + notify: + - iptables + +- name: Remove Service Hooks + file: + path: /usr/libexec/acme/hooks/sv_restart + state: absent + when: acmetool.services is defined + +- name: Remove acmetool + xbps: + pkg: acmetool + state: absent diff --git a/ansible/roles/unnginx/tasks/main.yml b/ansible/roles/unnginx/tasks/main.yml new file mode 100644 index 00000000..c0ea5cb4 --- /dev/null +++ b/ansible/roles/unnginx/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: Create the webroot + file: + path: /srv/www + state: directory + owner: root + group: root + mode: 0755 + +- name: Disable nginx + runit: + name: nginx + enabled: false + +- name: Unconfigure nginx firewall rules + file: + path: /etc/iptables.d/nginx.rules + state: absent + notify: + - iptables + +- name: Unconfigure nginx firewall rules + file: + path: /etc/ip6tables.d/nginx.6rules + state: absent + notify: + - iptables + +- name: Remove nginx files + file: + path: /etc/nginx + state: absent + +- name: Remove nginx + xbps: + pkg: nginx + state: present