ansible/roles/copr/keygen/tasks/main.yml

---
- name: Prepare mount point
  ansible.builtin.file: state=directory path=/var/lib/copr-keygen

- name: Mount up disk of copr repo
  mount: name=/var/lib/copr-keygen src='LABEL=copr-keygen' fstype=ext4 state=mounted
  register: keychain_mounted

- name: Install copr-keygen
  dnf: state=present name=copr-keygen
  notify:
  - restart haveged

- name: Change owner of data to copr-signer
  ansible.builtin.file: path=/var/lib/copr-keygen owner=copr-signer group=copr-signer recurse=yes

- name: Put keygen vhost for httpd
  copy: src="httpd/copr-keygen.conf" dest="/etc/httpd/conf.d/copr-keygen.conf"
  notify:
  - reload httpd
  tags:
  - config

- name: Put config for signd
  template: src="sign.conf" dest="/etc/sign.conf"
  notify:
  - restart obs-signd
  tags:
  - config

- name: Add Install section for signd systemd unit
  lineinfile: dest="/usr/lib/systemd/system/signd.service" line="[Install]"  state=present

- name: Ensure services are running
  service: name={{ item }} state=started enabled=yes
  when: not services_disabled|bool
  with_items:
  - httpd
  - haveged
  - signd

- name: Setup backup
  when: not devel
  import_tasks: "setup_backup.yml"

# Three tasks for handling our custom selinux module
- name: Ensure a directory exists for our custom selinux module
  ansible.builtin.file: dest=/usr/local/share/copr state=directory

- name: Copy over our custom selinux module
  copy: src=selinux/copr_rules.pp dest=/usr/local/share/copr/copr_rules.pp
  register: selinux_module

- name: Install our custom selinux module
  command: semodule -i /usr/local/share/copr/copr_rules.pp
  when: selinux_module is changed

- selinux: policy=targeted state=enforcing

# See https://github.com/openSUSE/obs-sign/issues/32
# Sorry for writting this as `shell`. We will drop this task once it
# is in stable repos.
- name: Install gnupg2 with required bugfixes
  shell: "dnf -y upgrade --enablerepo=updates-testing --advisory=FEDORA-2021-45c44b31a2"