Add begin for repoSpanner role

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>

roles/repoSpanner/server/tasks/main.yml

@@ -0,0 +1,95 @@
+---
+# Configuration for repoSpanner server
+
+- name: install needed packages
+  package: name={{ item }} state=present
+  with_items:
+  - repoSpanner
+  tags:
+  - repoSpanner/server
+  - packages
+
+- name: Create group
+  group:
+    name: repoSpanner
+    state: present
+  tags:
+  - repoSpanner/server
+  - config
+
+- name: Create user
+  user:
+    name: repoSpanner
+    state: present
+    group: repoSpanner
+    shell: /sbin/nologin
+  tags:
+  - repoSpanner/server
+  - config
+
+- name: Create directory
+  file:
+    path: /var/lib/repospanner
+    state: directory
+    owner: repoSpanner
+    group: repoSpanner
+    mode: 0755
+  tags:
+  - repoSpanner/server
+  - config
+
+- name: Deploy configuration
+  template: src=repoSpanner.conf
+            dest=/etc/repoSpanner/config.yml
+            owner=repoSpanner group=repoSpanner mode=0600
+  notify:
+  - reload repoSpanner
+  tags:
+  - repoSpanner/server
+  - config
+
+- name: Deploy certificates
+  copy: src="{{private}}/files/repoSpanner/{{env}}/ca/{{item.src}}
+        dest=/etc/repospanner/{{item.dest}}
+        owner=repoSpanner group=repoSpanner mode=0600
+  with_items:
+  - src: ca.crt
+    dest: ca.crt
+  - src: {{node}}.{{region}}.crt
+    dest: node.crt
+  - src: {{node}}.{{region}}.key
+    dest: node.key
+  notify:
+  - reload repoSpanner
+  tags:
+  - repoSpanner/server
+  - config
+
+- name: Deploy unit file
+  template: src=repoSpanner.service
+            dest=/etc/systemd/system/repospanner@.service
+  notify:
+  - reload repoSpanner
+  tags:
+  - repoSpanner/server
+  - config
+
+- name: Spawn node
+  command: repospanner --config /etc/repospanner/config.yml serve --spawn
+  creates: /var/lib/repospanner/state/state.json
+  become: yes
+  become_user: repoSpanner
+  when: "spawn_repospanner_node"
+
+- name: Join node
+  command: repospanner --config /etc/repospanner/config.yml serve --joinnode {{ join_repospanner_node }}
+  creates: /var/lib/repospanner/state/state.json
+  become: yes
+  become_user: repoSpanner
+  when: "not spawn_repospanner_node"
+
+- name: Start and enable
+  service: name=repoSpanner@config state=started enabled=yes
+  tags:
+  - repoSpanner/server
+  - config

roles/repoSpanner/server/templates/repoSpanner.service

@@ -0,0 +1,9 @@
+[Unit]
+Description=repoSpanner - instance %i
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/repospanner serve --config /etc/repospanner/%i.yml --debug
+User=repoSpanner
+Group=repoSpanner

roles/repoSpanner/server/templates/repoSpanner.yml

@@ -0,0 +1,44 @@
+---
+storage:
+  state: /var/lib/repospanner/state
+  git:
+    type: tree
+    clustered: true
+    directory: /var/lib/repospanner/gitstore
+listen:
+  rpc:  0.0.0.0:8444
+  http: 0.0.0.0:8443
+certificates:
+  ca: /etc/repospanner/ca.crt
+  client:
+    cert: /etc/repospanner/node.crt
+    key:  /etc/repospanner/node.key
+  server:
+    default:
+      cert: /etc/repospanner/node.crt
+      key:  /etc/repospanner/node.key
+hooks:
+  bubblewrap:
+    enabled: true
+    unshare:
+    - net
+    - ipc
+    - pid
+    - uts
+    share_net: false
+    mount_proc: true
+    mount_dev: true
+    uid:
+    gid:
+    hostname: myhostname
+    bind:
+    ro_bind:
+    - - /usr
+      - /usr
+    symlink:
+    - - usr/lib64
+      - /lib64
+    - - usr/bin
+      - /bin
+  runner: /usr/libexec/repohookrunner
+  user: 0