pfromme
/
ffho-salt-public
forked from FreifunkHochstift/ffho-salt-public


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148
							#
# build
#

build:
  pkg.installed:
    - pkgs:
      - git
      - python
      - subversion
      - build-essential
      - gawk
      - unzip
      - libncurses-dev
      - libz-dev
      - libssl-dev
      - lua5.1
  user.present:
    - name: build
    - shell: /bin/bash
    - home: /home/build
    - createhome: True
    - gid_from_name: True
    - require:
      - group: build
  group.present:
    - name: build
    - system: False

/home/build/.vimrc:
  file.managed:
    - source: salt://vim/vimrc
    - require:
      - user: build

/home/build/.bashrc:
  file.managed:
      - source: salt://bash/bashrc.user
      - template: jinja
      - require:
        - user: build

git-config:
  file.managed:
    - name: /home/build/.gitconfig
    - source: salt://build/gitconfig.build
    - user: build
    - group: build
    - require:
      - user: build

build-git:
  file.directory:
    - name: /srv/build
    - user: build
    - group: build
    - mode: 755
    - require:
      - user: build
  git.latest:
    - name: gogs@git.ffho.net:FreifunkHochstift/ffho-firmware-build.git
    - target: /srv/build
    - user: build
    - update_head: False
    - require:
      - pkg: build
      - user: build
      - file: /home/build/.ssh/id_rsa
      - file: build-git

firmware-git:
  file.directory:
    - name: /srv/build/output
    - user: build
    - mode: 755
    - require:
      - git: build-git
  git.latest:
    - name: gogs@git.ffho.net:FreifunkHochstift/ffho-firmware-website.git
    - target: /srv/build/output
    - branch: signing
    - user: build
    - update_head: False
    - require:
      - file: firmware-git

/srv/build/opkg-keys:
  file.directory:
    - user: build
    - group: build
    - mode: 700
    - require:
      - git: build-git

/srv/build/opkg-keys/key-build:
  file.managed:
    - contents_pillar: nodes:{{ grains['id'] }}:opkg:build:privkey
    - user: build
    - group: build
    - mode: 400
    - require:
      - file: /srv/build/opkg-keys

/srv/build/opkg-keys/key-build.pub:
  file.managed:
    - contents_pillar: nodes:{{ grains['id'] }}:opkg:build:pubkey
    - user: build
    - group: build
    - mode: 400
    - require:
      - file: /srv/build/opkg-keys

firmware.in.ffho.net:
  ssh_known_hosts.present:
    - user: build
    - enc: ecdsa
    - fingerprint: {{salt['pillar.get']('nodes:firmware.in.ffho.net:ssh:fingerprint',[])}}
    - require:
      - user: build

/home/build/.ssh:
  file.directory:
    - user: build
    - group: build
    - mode: 700
    - require:
      - user: build

# Create authorized_keys for build
/home/build/.ssh/authorized_keys:
  file.managed:
    - source: salt://ssh/authorized_keys.tmpl
    - template: jinja
      username: build
    - user: build
    - group: build
    - mode: 644
    - require:
      - file: /home/build/.ssh

/home/build/.ssh/id_rsa:
  file.managed:
    - contents_pillar: nodes:{{ grains['id'] }}:ssh:build:privkey
    - user: build
    - group: build
    - mode: 400
    - require:
      - file: /home/build/.ssh