init.sls 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157
  1. #
  2. # build
  3. #
  4. build:
  5. pkg.installed:
  6. - pkgs:
  7. - git
  8. - python
  9. - subversion
  10. - build-essential
  11. - gawk
  12. - unzip
  13. - libncurses-dev
  14. - libz-dev
  15. - libssl-dev
  16. - lua5.1
  17. user.present:
  18. - name: build
  19. - shell: /bin/bash
  20. - home: /home/build
  21. - createhome: True
  22. - gid_from_name: True
  23. - require:
  24. - group: build
  25. group.present:
  26. - name: build
  27. - system: False
  28. /home/build/.vimrc:
  29. file.managed:
  30. - source: salt://vim/vimrc
  31. - require:
  32. - user: build
  33. /home/build/.bashrc:
  34. file.managed:
  35. - source: salt://bash/bashrc.user
  36. - template: jinja
  37. - require:
  38. - user: build
  39. git-config:
  40. file.managed:
  41. - name: /home/build/.gitconfig
  42. - source: salt://build/gitconfig.build
  43. - user: build
  44. - group: build
  45. - require:
  46. - user: build
  47. build-git:
  48. file.directory:
  49. - name: /srv/build
  50. - user: build
  51. - group: build
  52. - mode: 755
  53. - require:
  54. - user: build
  55. git.latest:
  56. - name: git@git.c3pb.de:freifunk-pb/firmware.git
  57. - target: /srv/build
  58. - user: build
  59. - update_head: False
  60. - require:
  61. - pkg: build
  62. - user: build
  63. - ssh_known_hosts: git.c3pb.de
  64. - file: /home/build/.ssh/id_rsa
  65. - file: build-git
  66. firmware-git:
  67. file.directory:
  68. - name: /srv/build/output
  69. - user: build
  70. - mode: 755
  71. - require:
  72. - git: build-git
  73. git.latest:
  74. - name: git@git.c3pb.de:freifunk-pb/firmware-website.git
  75. - target: /srv/build/output
  76. - branch: signing
  77. - user: build
  78. - update_head: False
  79. - require:
  80. - file: firmware-git
  81. /srv/build/opkg-keys:
  82. file.directory:
  83. - user: build
  84. - group: build
  85. - mode: 700
  86. - require:
  87. - git: build-git
  88. /srv/build/opkg-keys/key-build:
  89. file.managed:
  90. - contents_pillar: nodes:{{ grains['id'] }}:opkg:build:privkey
  91. - user: build
  92. - group: build
  93. - mode: 400
  94. - require:
  95. - file: /srv/build/opkg-keys
  96. /srv/build/opkg-keys/key-build.pub:
  97. file.managed:
  98. - contents_pillar: nodes:{{ grains['id'] }}:opkg:build:pubkey
  99. - user: build
  100. - group: build
  101. - mode: 400
  102. - require:
  103. - file: /srv/build/opkg-keys
  104. git.c3pb.de:
  105. ssh_known_hosts.present:
  106. - user: build
  107. - enc: ecdsa
  108. - fingerprint: 51:2a:f4:f4:71:c8:69:8c:96:db:54:b7:f0:36:e5:60
  109. - require:
  110. - user: build
  111. firmware.in.ffho.net:
  112. ssh_known_hosts.present:
  113. - user: build
  114. - enc: ecdsa
  115. - fingerprint: {{salt['pillar.get']('nodes:firmware.in.ffho.net:ssh:fingerprint',[])}}
  116. - require:
  117. - user: build
  118. /home/build/.ssh:
  119. file.directory:
  120. - user: build
  121. - group: build
  122. - mode: 700
  123. - require:
  124. - user: build
  125. # Create authorized_keys for build
  126. /home/build/.ssh/authorized_keys:
  127. file.managed:
  128. - source: salt://ssh/authorized_keys.tmpl
  129. - template: jinja
  130. username: build
  131. - user: build
  132. - group: build
  133. - mode: 644
  134. - require:
  135. - file: /home/build/.ssh
  136. /home/build/.ssh/id_rsa:
  137. file.managed:
  138. - contents_pillar: nodes:{{ grains['id'] }}:ssh:build:privkey
  139. - user: build
  140. - group: build
  141. - mode: 400
  142. - require:
  143. - file: /home/build/.ssh