aur repo host complete

ansible/inventory/host_vars/hv00.balsillie.house/aur_repo_host.yaml

@@ -3,3 +3,43 @@ aur_repo_packager_email: "admin@balsillie.net"
 aur_repo_dir: "/aur"
 
 aur_repo_build_account: "aur-builder"
+
+aur_repo_host_packages:
+  - kodi-addon-game-libretro-desmume # Nintendo DS
+  - kodi-addon-game-libretro-gambatte # Gameboy / Gameboy Colour
+  - kodi-addon-game-libretro-mgba # Gameboy Advance
+  - kodi-addon-game-libretro-nestopia # Nintendo
+  - kodi-addon-game-libretro-scummvm # ScummVM
+  - kodi-addon-game-libretro-snes9x # Super Nintendo
+  - kodi-addon-game-libretro-parallel-n64 # Nintendo 64
+  - kodi-addon-vfs-sftp
+  - kodi-standalone-service
+  - proton-ge-custom-bin
+  - pikaur
+  - sonarr
+  - radarr
+  - lidarr
+  - prowlarr
+  - bazarr
+  - jellyfin-media-player
+  - moonlight-qt-bin
+  - git-credential-keepassxc
+  - docker-credential-secretservice-bin
+  - obs-backgroundremoval
+  - ventoy-bin
+  - debtap
+  - aurutils
+  - pikaur
+  - kdocker
+  - ipmiview
+  - protonvpn
+  - protonmail-bridge
+  - powershell-bin
+  - azure-cli-bin
+  - microsoft-edge-stable-bin
+  - teams-for-linux-bin
+  - visual-studio-code-bin
+  - ttf-ms-fonts
+  - brave-bin
+  - teamviewer
+  - vmware-horizon-client

ansible/roles/aur_repo_client/handlers/main.yaml

@@ -1,5 +0,0 @@
----
-
-- name: Update pacman
-  community.general.pacman:
-    update_cache: true

ansible/roles/aur_repo_client/tasks/main.yaml

@@ -5,13 +5,13 @@
     argv:
       - pacman-key
       - --list-keys
-      - "{{ aur_repo_client_repo_name }}"
+      - "{{ aur_repo_client_public_key_fingerprint }}"
   register: repo_key_check
-  failed_when: repo_key_check.rc not in [0, 2]
+  failed_when: repo_key_check.rc not in [0, 1]
   changed_when: false
 
 - name: Add repo public key to pacman keyring
-  when: repo_key_check.rc == 2
+  when: repo_key_check.rc == 1
   block:
 
     - name: Import the repo public key
@@ -29,7 +29,7 @@
         argv:
           - pacman-key
           - --lsign-key
-          - "{{ aur_repo_client_public_key }}"
+          - "{{ aur_repo_client_public_key_fingerprint }}"
       changed_when: true
 
 - name: Add home repo block to pacman.conf
@@ -42,4 +42,9 @@
     create: false
     state: present
     insertafter: EOF
-  notify: Update pacman
+  register: add_pacman_repo
+
+- name: Update pacman database # noqa: no-handler
+  when: add_pacman_repo.changed
+  community.general.pacman:
+    update_cache: true

ansible/roles/aur_repo_client/vars/main.yaml

@@ -1,4 +1,6 @@
+---
+
 aur_repo_client_repo_name: "home"
 aur_repo_client_repo_address: "https://repo.balsillie.house"
-aur_repo_client_public_key: DB529158B99DD8311D78CA2FBE6003C744F56EE2
+aur_repo_client_public_key_fingerprint: DB529158B99DD8311D78CA2FBE6003C744F56EE2
 aur_repo_client_keyserver: hkps://keyserver.ubuntu.com

ansible/roles/aur_repo_host/files/aur-sync.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Sync AUR packages
+Wants=aur-sync.timer
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/aur sync --no-view --upgrades --no-confirm --clean --rm-deps --sign --database home
+User=aur-builder
+Group=aur-builder
+
+[Install]
+WantedBy=multi-user.target

ansible/roles/aur_repo_host/files/aur-sync.timer

@@ -0,0 +1,12 @@
+[Unit]
+Description=Timer that runs aur sync service
+Requires=aur-sync.service
+
+[Timer]
+Unit=aur-sync.service
+OnCalendar=*-*-* 16:00:00
+RandomizedDelaySec=120
+Persistent=true
+
+[Install]
+WantedBy=timers.target

ansible/roles/aur_repo_host/tasks/main.yaml

@@ -26,13 +26,21 @@
     system: true
     state: present
 
-- name: Create the parent build dir
+- name: Create the build user sudoer file
+  ansible.builtin.template:
+    dest: /etc/sudoers.d/{{ aur_repo_build_account }}
+    src: aur-sudoer.j2
+    owner: root
+    group: root
+    mode: "0640"
+
+- name: Create the build dirs
   ansible.builtin.file:
     path: "{{ item }}"
     state: directory
     owner: "{{ aur_repo_build_account }}"
     group: "{{ aur_repo_build_account }}"
-    mode: "0755"
+    mode: "0775"
   loop:
     - "{{ aur_repo_dir }}"
     - "{{ aur_repo_dir }}/packages"
@@ -41,7 +49,7 @@
     - /var/log/makepkg
     - /tmp/build
 
-- name: Check if the singing key is in build user's keyring
+- name: Check if the signing key is in build user's keyring
   become: true
   become_user: "{{ aur_repo_build_account }}"
   ansible.builtin.command:
@@ -149,12 +157,12 @@
           - pacman-key
           - -l
           - "{{ aur_repo_key_thumbprint }}"
-      failed_when: pacman_key_result.rc not in [0, 2]
+      failed_when: pacman_key_result.rc not in [0, 1]
       changed_when: false
       register: pacman_key_result
 
     - name: Pacman key import block
-      when: pacman_key_result.rc == 2
+      when: pacman_key_result.rc == 1
       block:
 
         - name: Import the signing public key to arch keyring
@@ -192,6 +200,29 @@
         state: present
         update_cache: true
 
+- name: Enable the multilib repository
+  ansible.builtin.replace:
+    path: /etc/pacman.conf
+    backup: true
+    regexp: '^[#]?\[multilib\]\n[#]?Include = \/etc\/pacman.d\/mirrorlist$'
+    replace: '[multilib]\nInclude = /etc/pacman.d/mirrorlist'
+  register: multilib_enable
+
+- name: Update the package database # noqa: no-handler
+  when: multilib_enable.changed
+  community.general.pacman:
+    update_cache: true
+
+- name: Sync AUR packages
+  become: true
+  become_user: "{{ aur_repo_build_account }}"
+  ansible.builtin.command:
+    cmd: aur sync --no-view -CnrS {{ item }}
+  loop: "{{ aur_repo_host_packages }}"
+  register: aur_sync_result
+  changed_when: (aur_sync_result.stderr_lines | last | replace(':','')) != "sync there is nothing to do"
+  failed_when: aur_sync_result.rc != 0
+
 - name: Add the root www folder if it doesn't exist
   ansible.builtin.file:
     path: /var/www
@@ -205,3 +236,23 @@
     src: "{{ aur_repo_dir }}/packages"
     path: /var/www{{ aur_repo_dir }}
     state: link
+
+- name: Add the aur-sync systemd unit files
+  ansible.builtin.copy:
+    src: "{{ item }}"
+    dest: /usr/lib/systemd/system/
+    owner: root
+    group: root
+    mode: "0644"
+  loop:
+    - aur-sync.service
+    - aur-sync.timer
+  register: aur_sync_unit_files
+
+- name: Enable and start the aur-sync systemd timer # noqa: no-handler
+  when: aur_sync_unit_files.changed
+  ansible.builtin.systemd:
+    name: aur-sync.timer
+    enabled: true
+    state: started
+    daemon_reload: true

ansible/roles/aur_repo_host/templates/aur-sudoer.j2

@@ -0,0 +1 @@
+{{ aur_repo_build_account }} ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync

todo/aur_repo.todo

@@ -1,9 +1,21 @@
-add aur-builder sudoers entry
+✔ add aur-builder sudoers entry @done(24-04-23 15:22)
 
     aur-builder ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync
 
-add aur sync command
+✔ add aur sync command @done(24-04-23 14:09)
 
     sudo -u aur-builder aur sync --no-view -CnrS sonarr
 
-enable aur sync service/timer
+✔ enable aur sync service/timer @done(24-04-23 15:22)
+
+
+aur sync switch break down:
+    --no-view           Do not present build files for inspection
+    --upgrades      -u  Update all obsolete packages
+    --no-confirm    -n  Do not wait for unser input when installing or removing build dependencies
+    --clean         -C  Clean up build files after building
+    --rm-deps       -r  Remove dependencies installed by makepkg
+    --sign          -S  Sign built packages
+    --database      -d  Use the specified repository, per it's name in pacman.conf
+
+aur sync --no-view --upgrades --no-confirm --clean --rm-deps --sign --database home