Setup a new nightly build machine

I am currently running nightly builds at http://f4amtbsowhix7rrf.onion/. I think someone else from Tor Browser team should setup a new nightly build machine.

To do that the ansible scripts in directory tools/ansible can be used: https://gitweb.torproject.org/builders/tor-browser-build.git/tree/tools/ansible

You will need to:

• if the host does not have a public IP address, you can install tor and setup an onion service on the http port (this part is not done in ansible)
• add a new host in the inventory file
• configure this host in your ~/.ssh/config file if necessary (if the hostname added to the inventory file is not a real hostname), and make sure that you can connect to the host with ssh root@$hostname
• copy the file boklm-tbb-nightly-build.yml to an other name
• copy the directory group_vars/boklm-tbb-nightly to another group name, and update the configuration in tbb-nightly-build.yml
• configure email on the host. This can be done in ansible with the file dma.yml. The email password (if needed) is stored encrypted in dma-auth.yml in the directory vaulted_vars (see https://docs.ansible.com/ansible/latest/cli/ansible-vault.html), and the password to decrypt the vault is passed with the --vault-password-file argument in the Makefile (maybe it's also possible to store dma-auth.yml outside tor-browser-build.git without using vault). Alternatively you can configure email on the host without using ansible, by removing the mta role from the *-tbb-nightly-build.yml file.
• in the Makefile add a new *-tbb-nightly-build rule
• run "make *-tbb-nightly-build"
• if you enabled nightly_build_sign_build in tbb-nightly-build.yml, connect to the host and become the tbb-nightly user and generate a new gpg key (the key is not created automatically by ansible)