depot stuff I forgot to commit + add Dannon to sites@orval

galaxyproject · Nov 2, 2015 · cf8a746 · cf8a746
1 parent 01cd5c6
commit cf8a746
Show file tree

Hide file tree

Showing 6 changed files with 2,141 additions and 1,878 deletions.
diff --git a/common_roles b/common_roles
diff --git a/galaxyenv/group_vars/baseenv.yml b/galaxyenv/group_vars/baseenv.yml
@@ -0,0 +1,16 @@
+---
+
+ssh_group_sshd_config:
+  # Password auth is disabled in the EC2 Ubuntu AMIs
+  - option: "PasswordAuthentication"
+    value: "yes"
+  # Cloud instances typically have this set to no or without-password
+  - option: "PermitRootLogin"
+    value: "yes"
+  # mmm, KEX: Disable weak DH algorithms (https://weakdh.org/sysadmin.html)
+  - option: "KexAlgorithms"
+    value: "curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1"
+  # Enabled by default on Linux distros and SunSSH, need to enable it for
+  # pkgsrc OpenSSH to get pam_unix_cred to read /etc/user_attr
+  - option: "UsePAM"
+    value: "yes"
diff --git a/galaxyenv/host_vars/orval.galaxyproject.org.yml b/galaxyenv/host_vars/orval.galaxyproject.org.yml
@@ -7,6 +7,9 @@ local_users:
   - name: bioarchive
     group: bioarchive
     comment: 'bioaRchive'
+  - name: depot
+    group: depot
+    comment: 'Galaxy Depot'
   - name: bag
     group: bag
     comment: Björn Grüning
@@ -70,6 +73,12 @@ zfs_filesystems:
     setuid: "off"
     owner: sites
     group: sites
+  - name: promise-1/orval/depot
+    mountpoint: /srv/nginx/depot.galaxyproject.org/root
+    exec: "off"
+    setuid: "off"
+    owner: depot
+    group: depot
 
 zfs_permissions:
   - name: promise-1/orval/vicepa
@@ -93,6 +102,9 @@ zfs_permissions:
   - name: promise-1/orval/screencast
     users: zfsdump-orval
     permissions: send,snapshot,hold
+  - name: promise-1/orval/depot
+    users: zfsdump-orval
+    permissions: send,snapshot,hold
 
 crontabs:
   - name: "Backup OpenAFS /vicepa"
@@ -137,3 +149,9 @@ crontabs:
     hour: 1
     minute: 45
     job: dataset='promise-1/orval/screencast' && backupserver='westvleteren.galaxyproject.org' && {{ zfs_backup_job_template }}
+  - name: "Backup depot"
+    id: backup_depot
+    user: zfsdump-orval
+    hour: 2
+    minute: 0
+    job: dataset='promise-1/orval/depot' && backupserver='westvleteren.galaxyproject.org' && {{ zfs_backup_job_template }}