From 7df41b5c8d0f0dba0c189e8ecd69915acd5f2edf Mon Sep 17 00:00:00 2001 From: michael Date: Tue, 23 Apr 2024 15:47:14 +1200 Subject: [PATCH] aur repo host complete --- .../hv00.balsillie.house/aur_repo_host.yaml | 40 ++++++++++++ .../roles/aur_repo_client/handlers/main.yaml | 5 -- ansible/roles/aur_repo_client/tasks/main.yaml | 15 +++-- ansible/roles/aur_repo_client/vars/main.yaml | 6 +- .../aur_repo_host/files/aur-sync.service | 12 ++++ .../roles/aur_repo_host/files/aur-sync.timer | 12 ++++ ansible/roles/aur_repo_host/tasks/main.yaml | 61 +++++++++++++++++-- .../aur_repo_host/templates/aur-sudoer.j2 | 1 + todo/aur_repo.todo | 18 +++++- 9 files changed, 150 insertions(+), 20 deletions(-) delete mode 100644 ansible/roles/aur_repo_client/handlers/main.yaml create mode 100644 ansible/roles/aur_repo_host/files/aur-sync.service create mode 100644 ansible/roles/aur_repo_host/files/aur-sync.timer create mode 100644 ansible/roles/aur_repo_host/templates/aur-sudoer.j2 diff --git a/ansible/inventory/host_vars/hv00.balsillie.house/aur_repo_host.yaml b/ansible/inventory/host_vars/hv00.balsillie.house/aur_repo_host.yaml index 90f8663..162eb35 100644 --- a/ansible/inventory/host_vars/hv00.balsillie.house/aur_repo_host.yaml +++ b/ansible/inventory/host_vars/hv00.balsillie.house/aur_repo_host.yaml @@ -3,3 +3,43 @@ aur_repo_packager_email: "admin@balsillie.net" aur_repo_dir: "/aur" aur_repo_build_account: "aur-builder" + +aur_repo_host_packages: + - kodi-addon-game-libretro-desmume # Nintendo DS + - kodi-addon-game-libretro-gambatte # Gameboy / Gameboy Colour + - kodi-addon-game-libretro-mgba # Gameboy Advance + - kodi-addon-game-libretro-nestopia # Nintendo + - kodi-addon-game-libretro-scummvm # ScummVM + - kodi-addon-game-libretro-snes9x # Super Nintendo + - kodi-addon-game-libretro-parallel-n64 # Nintendo 64 + - kodi-addon-vfs-sftp + - kodi-standalone-service + - proton-ge-custom-bin + - pikaur + - sonarr + - radarr + - lidarr + - prowlarr + - bazarr + - jellyfin-media-player + - moonlight-qt-bin + - git-credential-keepassxc + - docker-credential-secretservice-bin + - obs-backgroundremoval + - ventoy-bin + - debtap + - aurutils + - pikaur + - kdocker + - ipmiview + - protonvpn + - protonmail-bridge + - powershell-bin + - azure-cli-bin + - microsoft-edge-stable-bin + - teams-for-linux-bin + - visual-studio-code-bin + - ttf-ms-fonts + - brave-bin + - teamviewer + - vmware-horizon-client diff --git a/ansible/roles/aur_repo_client/handlers/main.yaml b/ansible/roles/aur_repo_client/handlers/main.yaml deleted file mode 100644 index ba2a0a5..0000000 --- a/ansible/roles/aur_repo_client/handlers/main.yaml +++ /dev/null @@ -1,5 +0,0 @@ ---- - -- name: Update pacman - community.general.pacman: - update_cache: true diff --git a/ansible/roles/aur_repo_client/tasks/main.yaml b/ansible/roles/aur_repo_client/tasks/main.yaml index 28bdd73..e550626 100644 --- a/ansible/roles/aur_repo_client/tasks/main.yaml +++ b/ansible/roles/aur_repo_client/tasks/main.yaml @@ -5,13 +5,13 @@ argv: - pacman-key - --list-keys - - "{{ aur_repo_client_repo_name }}" + - "{{ aur_repo_client_public_key_fingerprint }}" register: repo_key_check - failed_when: repo_key_check.rc not in [0, 2] + failed_when: repo_key_check.rc not in [0, 1] changed_when: false - name: Add repo public key to pacman keyring - when: repo_key_check.rc == 2 + when: repo_key_check.rc == 1 block: - name: Import the repo public key @@ -29,7 +29,7 @@ argv: - pacman-key - --lsign-key - - "{{ aur_repo_client_public_key }}" + - "{{ aur_repo_client_public_key_fingerprint }}" changed_when: true - name: Add home repo block to pacman.conf @@ -42,4 +42,9 @@ create: false state: present insertafter: EOF - notify: Update pacman + register: add_pacman_repo + +- name: Update pacman database # noqa: no-handler + when: add_pacman_repo.changed + community.general.pacman: + update_cache: true diff --git a/ansible/roles/aur_repo_client/vars/main.yaml b/ansible/roles/aur_repo_client/vars/main.yaml index 43a89bf..9781f5d 100644 --- a/ansible/roles/aur_repo_client/vars/main.yaml +++ b/ansible/roles/aur_repo_client/vars/main.yaml @@ -1,4 +1,6 @@ +--- + aur_repo_client_repo_name: "home" aur_repo_client_repo_address: "https://repo.balsillie.house" -aur_repo_client_public_key: DB529158B99DD8311D78CA2FBE6003C744F56EE2 -aur_repo_client_keyserver: hkps://keyserver.ubuntu.com \ No newline at end of file +aur_repo_client_public_key_fingerprint: DB529158B99DD8311D78CA2FBE6003C744F56EE2 +aur_repo_client_keyserver: hkps://keyserver.ubuntu.com diff --git a/ansible/roles/aur_repo_host/files/aur-sync.service b/ansible/roles/aur_repo_host/files/aur-sync.service new file mode 100644 index 0000000..0967593 --- /dev/null +++ b/ansible/roles/aur_repo_host/files/aur-sync.service @@ -0,0 +1,12 @@ +[Unit] +Description=Sync AUR packages +Wants=aur-sync.timer + +[Service] +Type=oneshot +ExecStart=/usr/bin/aur sync --no-view --upgrades --no-confirm --clean --rm-deps --sign --database home +User=aur-builder +Group=aur-builder + +[Install] +WantedBy=multi-user.target diff --git a/ansible/roles/aur_repo_host/files/aur-sync.timer b/ansible/roles/aur_repo_host/files/aur-sync.timer new file mode 100644 index 0000000..fb18143 --- /dev/null +++ b/ansible/roles/aur_repo_host/files/aur-sync.timer @@ -0,0 +1,12 @@ +[Unit] +Description=Timer that runs aur sync service +Requires=aur-sync.service + +[Timer] +Unit=aur-sync.service +OnCalendar=*-*-* 16:00:00 +RandomizedDelaySec=120 +Persistent=true + +[Install] +WantedBy=timers.target diff --git a/ansible/roles/aur_repo_host/tasks/main.yaml b/ansible/roles/aur_repo_host/tasks/main.yaml index ca1d92a..2ace296 100644 --- a/ansible/roles/aur_repo_host/tasks/main.yaml +++ b/ansible/roles/aur_repo_host/tasks/main.yaml @@ -26,13 +26,21 @@ system: true state: present -- name: Create the parent build dir +- name: Create the build user sudoer file + ansible.builtin.template: + dest: /etc/sudoers.d/{{ aur_repo_build_account }} + src: aur-sudoer.j2 + owner: root + group: root + mode: "0640" + +- name: Create the build dirs ansible.builtin.file: path: "{{ item }}" state: directory owner: "{{ aur_repo_build_account }}" group: "{{ aur_repo_build_account }}" - mode: "0755" + mode: "0775" loop: - "{{ aur_repo_dir }}" - "{{ aur_repo_dir }}/packages" @@ -41,7 +49,7 @@ - /var/log/makepkg - /tmp/build -- name: Check if the singing key is in build user's keyring +- name: Check if the signing key is in build user's keyring become: true become_user: "{{ aur_repo_build_account }}" ansible.builtin.command: @@ -149,12 +157,12 @@ - pacman-key - -l - "{{ aur_repo_key_thumbprint }}" - failed_when: pacman_key_result.rc not in [0, 2] + failed_when: pacman_key_result.rc not in [0, 1] changed_when: false register: pacman_key_result - name: Pacman key import block - when: pacman_key_result.rc == 2 + when: pacman_key_result.rc == 1 block: - name: Import the signing public key to arch keyring @@ -192,6 +200,29 @@ state: present update_cache: true +- name: Enable the multilib repository + ansible.builtin.replace: + path: /etc/pacman.conf + backup: true + regexp: '^[#]?\[multilib\]\n[#]?Include = \/etc\/pacman.d\/mirrorlist$' + replace: '[multilib]\nInclude = /etc/pacman.d/mirrorlist' + register: multilib_enable + +- name: Update the package database # noqa: no-handler + when: multilib_enable.changed + community.general.pacman: + update_cache: true + +- name: Sync AUR packages + become: true + become_user: "{{ aur_repo_build_account }}" + ansible.builtin.command: + cmd: aur sync --no-view -CnrS {{ item }} + loop: "{{ aur_repo_host_packages }}" + register: aur_sync_result + changed_when: (aur_sync_result.stderr_lines | last | replace(':','')) != "sync there is nothing to do" + failed_when: aur_sync_result.rc != 0 + - name: Add the root www folder if it doesn't exist ansible.builtin.file: path: /var/www @@ -205,3 +236,23 @@ src: "{{ aur_repo_dir }}/packages" path: /var/www{{ aur_repo_dir }} state: link + +- name: Add the aur-sync systemd unit files + ansible.builtin.copy: + src: "{{ item }}" + dest: /usr/lib/systemd/system/ + owner: root + group: root + mode: "0644" + loop: + - aur-sync.service + - aur-sync.timer + register: aur_sync_unit_files + +- name: Enable and start the aur-sync systemd timer # noqa: no-handler + when: aur_sync_unit_files.changed + ansible.builtin.systemd: + name: aur-sync.timer + enabled: true + state: started + daemon_reload: true diff --git a/ansible/roles/aur_repo_host/templates/aur-sudoer.j2 b/ansible/roles/aur_repo_host/templates/aur-sudoer.j2 new file mode 100644 index 0000000..a08b6ae --- /dev/null +++ b/ansible/roles/aur_repo_host/templates/aur-sudoer.j2 @@ -0,0 +1 @@ +{{ aur_repo_build_account }} ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync diff --git a/todo/aur_repo.todo b/todo/aur_repo.todo index cc8db0a..2ba14df 100644 --- a/todo/aur_repo.todo +++ b/todo/aur_repo.todo @@ -1,9 +1,21 @@ -add aur-builder sudoers entry +✔ add aur-builder sudoers entry @done(24-04-23 15:22) aur-builder ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync -add aur sync command +✔ add aur sync command @done(24-04-23 14:09) sudo -u aur-builder aur sync --no-view -CnrS sonarr -enable aur sync service/timer +✔ enable aur sync service/timer @done(24-04-23 15:22) + + +aur sync switch break down: + --no-view Do not present build files for inspection + --upgrades -u Update all obsolete packages + --no-confirm -n Do not wait for unser input when installing or removing build dependencies + --clean -C Clean up build files after building + --rm-deps -r Remove dependencies installed by makepkg + --sign -S Sign built packages + --database -d Use the specified repository, per it's name in pacman.conf + +aur sync --no-view --upgrades --no-confirm --clean --rm-deps --sign --database home