Skip to content
Crow CI
Search limited to dev. Switch to the latest version for up-to-date results.
Codeberg

Ansible

Deploy Crow CI using the devxy.cicd Ansible collection.

The role uses containers (not host packages), enabling the possibility to run multiple agents on the same host.

Install the Collection

Section titled “Install the Collection”
Terminal window
ansible-galaxy collection install devxy.cicd

Or via requirements.yml:

collections:
  - name: devxy.cicd
    version: <version>

Basic Usage

Section titled “Basic Usage”
- name: Deploy Crow CI
  roles:
    - role: devxy.cicd.crowci
  vars:
    crow_server_host: "https://ci.example.com"
    # See docs for all variables

📖 All variable definitions

Encryption at Rest

Section titled “Encryption at Rest”

Crow encrypts secrets, registry passwords, and OAuth tokens using Google Tink.

Generate a Keyset

Section titled “Generate a Keyset”
Terminal window
# Install tinkey: https://developers.google.com/tink/install-tinkey
tinkey create-keyset --key-template AES256_GCM --out-format json --out tink-keyset.json

Enable Encryption

Section titled “Enable Encryption”
crow_encryption_enabled: true
crow_encryption_tink_keyset_file: "{{ playbook_dir }}/files/tink-keyset.json"

The role copies the keyset to the target host and configures the server container.

Custom Paths

Section titled “Custom Paths”
crow_encryption_keyset_dest: /etc/crow/encryption/tink-keyset.json
crow_encryption_container_path: /etc/crow/encryption/tink-keyset.json

Disable Encryption

Section titled “Disable Encryption”

To decrypt existing data before disabling:

crow_encryption_enabled: true
crow_encryption_disable: true
crow_encryption_tink_keyset_file: /path/to/keyset.json

Wait for the server to decrypt all data (check logs), then remove the configuration.