1
0

aur repo host complete

This commit is contained in:
michael 2024-04-23 15:47:14 +12:00
parent 2cc78654fe
commit 7df41b5c8d
9 changed files with 150 additions and 20 deletions

View File

@ -3,3 +3,43 @@ aur_repo_packager_email: "admin@balsillie.net"
aur_repo_dir: "/aur" aur_repo_dir: "/aur"
aur_repo_build_account: "aur-builder" aur_repo_build_account: "aur-builder"
aur_repo_host_packages:
- kodi-addon-game-libretro-desmume # Nintendo DS
- kodi-addon-game-libretro-gambatte # Gameboy / Gameboy Colour
- kodi-addon-game-libretro-mgba # Gameboy Advance
- kodi-addon-game-libretro-nestopia # Nintendo
- kodi-addon-game-libretro-scummvm # ScummVM
- kodi-addon-game-libretro-snes9x # Super Nintendo
- kodi-addon-game-libretro-parallel-n64 # Nintendo 64
- kodi-addon-vfs-sftp
- kodi-standalone-service
- proton-ge-custom-bin
- pikaur
- sonarr
- radarr
- lidarr
- prowlarr
- bazarr
- jellyfin-media-player
- moonlight-qt-bin
- git-credential-keepassxc
- docker-credential-secretservice-bin
- obs-backgroundremoval
- ventoy-bin
- debtap
- aurutils
- pikaur
- kdocker
- ipmiview
- protonvpn
- protonmail-bridge
- powershell-bin
- azure-cli-bin
- microsoft-edge-stable-bin
- teams-for-linux-bin
- visual-studio-code-bin
- ttf-ms-fonts
- brave-bin
- teamviewer
- vmware-horizon-client

View File

@ -1,5 +0,0 @@
---
- name: Update pacman
community.general.pacman:
update_cache: true

View File

@ -5,13 +5,13 @@
argv: argv:
- pacman-key - pacman-key
- --list-keys - --list-keys
- "{{ aur_repo_client_repo_name }}" - "{{ aur_repo_client_public_key_fingerprint }}"
register: repo_key_check register: repo_key_check
failed_when: repo_key_check.rc not in [0, 2] failed_when: repo_key_check.rc not in [0, 1]
changed_when: false changed_when: false
- name: Add repo public key to pacman keyring - name: Add repo public key to pacman keyring
when: repo_key_check.rc == 2 when: repo_key_check.rc == 1
block: block:
- name: Import the repo public key - name: Import the repo public key
@ -29,7 +29,7 @@
argv: argv:
- pacman-key - pacman-key
- --lsign-key - --lsign-key
- "{{ aur_repo_client_public_key }}" - "{{ aur_repo_client_public_key_fingerprint }}"
changed_when: true changed_when: true
- name: Add home repo block to pacman.conf - name: Add home repo block to pacman.conf
@ -42,4 +42,9 @@
create: false create: false
state: present state: present
insertafter: EOF insertafter: EOF
notify: Update pacman register: add_pacman_repo
- name: Update pacman database # noqa: no-handler
when: add_pacman_repo.changed
community.general.pacman:
update_cache: true

View File

@ -1,4 +1,6 @@
---
aur_repo_client_repo_name: "home" aur_repo_client_repo_name: "home"
aur_repo_client_repo_address: "https://repo.balsillie.house" aur_repo_client_repo_address: "https://repo.balsillie.house"
aur_repo_client_public_key: DB529158B99DD8311D78CA2FBE6003C744F56EE2 aur_repo_client_public_key_fingerprint: DB529158B99DD8311D78CA2FBE6003C744F56EE2
aur_repo_client_keyserver: hkps://keyserver.ubuntu.com aur_repo_client_keyserver: hkps://keyserver.ubuntu.com

View File

@ -0,0 +1,12 @@
[Unit]
Description=Sync AUR packages
Wants=aur-sync.timer
[Service]
Type=oneshot
ExecStart=/usr/bin/aur sync --no-view --upgrades --no-confirm --clean --rm-deps --sign --database home
User=aur-builder
Group=aur-builder
[Install]
WantedBy=multi-user.target

View File

@ -0,0 +1,12 @@
[Unit]
Description=Timer that runs aur sync service
Requires=aur-sync.service
[Timer]
Unit=aur-sync.service
OnCalendar=*-*-* 16:00:00
RandomizedDelaySec=120
Persistent=true
[Install]
WantedBy=timers.target

View File

@ -26,13 +26,21 @@
system: true system: true
state: present state: present
- name: Create the parent build dir - name: Create the build user sudoer file
ansible.builtin.template:
dest: /etc/sudoers.d/{{ aur_repo_build_account }}
src: aur-sudoer.j2
owner: root
group: root
mode: "0640"
- name: Create the build dirs
ansible.builtin.file: ansible.builtin.file:
path: "{{ item }}" path: "{{ item }}"
state: directory state: directory
owner: "{{ aur_repo_build_account }}" owner: "{{ aur_repo_build_account }}"
group: "{{ aur_repo_build_account }}" group: "{{ aur_repo_build_account }}"
mode: "0755" mode: "0775"
loop: loop:
- "{{ aur_repo_dir }}" - "{{ aur_repo_dir }}"
- "{{ aur_repo_dir }}/packages" - "{{ aur_repo_dir }}/packages"
@ -41,7 +49,7 @@
- /var/log/makepkg - /var/log/makepkg
- /tmp/build - /tmp/build
- name: Check if the singing key is in build user's keyring - name: Check if the signing key is in build user's keyring
become: true become: true
become_user: "{{ aur_repo_build_account }}" become_user: "{{ aur_repo_build_account }}"
ansible.builtin.command: ansible.builtin.command:
@ -149,12 +157,12 @@
- pacman-key - pacman-key
- -l - -l
- "{{ aur_repo_key_thumbprint }}" - "{{ aur_repo_key_thumbprint }}"
failed_when: pacman_key_result.rc not in [0, 2] failed_when: pacman_key_result.rc not in [0, 1]
changed_when: false changed_when: false
register: pacman_key_result register: pacman_key_result
- name: Pacman key import block - name: Pacman key import block
when: pacman_key_result.rc == 2 when: pacman_key_result.rc == 1
block: block:
- name: Import the signing public key to arch keyring - name: Import the signing public key to arch keyring
@ -192,6 +200,29 @@
state: present state: present
update_cache: true update_cache: true
- name: Enable the multilib repository
ansible.builtin.replace:
path: /etc/pacman.conf
backup: true
regexp: '^[#]?\[multilib\]\n[#]?Include = \/etc\/pacman.d\/mirrorlist$'
replace: '[multilib]\nInclude = /etc/pacman.d/mirrorlist'
register: multilib_enable
- name: Update the package database # noqa: no-handler
when: multilib_enable.changed
community.general.pacman:
update_cache: true
- name: Sync AUR packages
become: true
become_user: "{{ aur_repo_build_account }}"
ansible.builtin.command:
cmd: aur sync --no-view -CnrS {{ item }}
loop: "{{ aur_repo_host_packages }}"
register: aur_sync_result
changed_when: (aur_sync_result.stderr_lines | last | replace(':','')) != "sync there is nothing to do"
failed_when: aur_sync_result.rc != 0
- name: Add the root www folder if it doesn't exist - name: Add the root www folder if it doesn't exist
ansible.builtin.file: ansible.builtin.file:
path: /var/www path: /var/www
@ -205,3 +236,23 @@
src: "{{ aur_repo_dir }}/packages" src: "{{ aur_repo_dir }}/packages"
path: /var/www{{ aur_repo_dir }} path: /var/www{{ aur_repo_dir }}
state: link state: link
- name: Add the aur-sync systemd unit files
ansible.builtin.copy:
src: "{{ item }}"
dest: /usr/lib/systemd/system/
owner: root
group: root
mode: "0644"
loop:
- aur-sync.service
- aur-sync.timer
register: aur_sync_unit_files
- name: Enable and start the aur-sync systemd timer # noqa: no-handler
when: aur_sync_unit_files.changed
ansible.builtin.systemd:
name: aur-sync.timer
enabled: true
state: started
daemon_reload: true

View File

@ -0,0 +1 @@
{{ aur_repo_build_account }} ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync

View File

@ -1,9 +1,21 @@
add aur-builder sudoers entry add aur-builder sudoers entry @done(24-04-23 15:22)
aur-builder ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync aur-builder ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync
add aur sync command add aur sync command @done(24-04-23 14:09)
sudo -u aur-builder aur sync --no-view -CnrS sonarr sudo -u aur-builder aur sync --no-view -CnrS sonarr
enable aur sync service/timer ✔ enable aur sync service/timer @done(24-04-23 15:22)
aur sync switch break down:
--no-view Do not present build files for inspection
--upgrades -u Update all obsolete packages
--no-confirm -n Do not wait for unser input when installing or removing build dependencies
--clean -C Clean up build files after building
--rm-deps -r Remove dependencies installed by makepkg
--sign -S Sign built packages
--database -d Use the specified repository, per it's name in pacman.conf
aur sync --no-view --upgrades --no-confirm --clean --rm-deps --sign --database home