aur repo host complete
This commit is contained in:
parent
2cc78654fe
commit
7df41b5c8d
@ -3,3 +3,43 @@ aur_repo_packager_email: "admin@balsillie.net"
|
|||||||
aur_repo_dir: "/aur"
|
aur_repo_dir: "/aur"
|
||||||
|
|
||||||
aur_repo_build_account: "aur-builder"
|
aur_repo_build_account: "aur-builder"
|
||||||
|
|
||||||
|
aur_repo_host_packages:
|
||||||
|
- kodi-addon-game-libretro-desmume # Nintendo DS
|
||||||
|
- kodi-addon-game-libretro-gambatte # Gameboy / Gameboy Colour
|
||||||
|
- kodi-addon-game-libretro-mgba # Gameboy Advance
|
||||||
|
- kodi-addon-game-libretro-nestopia # Nintendo
|
||||||
|
- kodi-addon-game-libretro-scummvm # ScummVM
|
||||||
|
- kodi-addon-game-libretro-snes9x # Super Nintendo
|
||||||
|
- kodi-addon-game-libretro-parallel-n64 # Nintendo 64
|
||||||
|
- kodi-addon-vfs-sftp
|
||||||
|
- kodi-standalone-service
|
||||||
|
- proton-ge-custom-bin
|
||||||
|
- pikaur
|
||||||
|
- sonarr
|
||||||
|
- radarr
|
||||||
|
- lidarr
|
||||||
|
- prowlarr
|
||||||
|
- bazarr
|
||||||
|
- jellyfin-media-player
|
||||||
|
- moonlight-qt-bin
|
||||||
|
- git-credential-keepassxc
|
||||||
|
- docker-credential-secretservice-bin
|
||||||
|
- obs-backgroundremoval
|
||||||
|
- ventoy-bin
|
||||||
|
- debtap
|
||||||
|
- aurutils
|
||||||
|
- pikaur
|
||||||
|
- kdocker
|
||||||
|
- ipmiview
|
||||||
|
- protonvpn
|
||||||
|
- protonmail-bridge
|
||||||
|
- powershell-bin
|
||||||
|
- azure-cli-bin
|
||||||
|
- microsoft-edge-stable-bin
|
||||||
|
- teams-for-linux-bin
|
||||||
|
- visual-studio-code-bin
|
||||||
|
- ttf-ms-fonts
|
||||||
|
- brave-bin
|
||||||
|
- teamviewer
|
||||||
|
- vmware-horizon-client
|
||||||
|
@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
|
|
||||||
- name: Update pacman
|
|
||||||
community.general.pacman:
|
|
||||||
update_cache: true
|
|
@ -5,13 +5,13 @@
|
|||||||
argv:
|
argv:
|
||||||
- pacman-key
|
- pacman-key
|
||||||
- --list-keys
|
- --list-keys
|
||||||
- "{{ aur_repo_client_repo_name }}"
|
- "{{ aur_repo_client_public_key_fingerprint }}"
|
||||||
register: repo_key_check
|
register: repo_key_check
|
||||||
failed_when: repo_key_check.rc not in [0, 2]
|
failed_when: repo_key_check.rc not in [0, 1]
|
||||||
changed_when: false
|
changed_when: false
|
||||||
|
|
||||||
- name: Add repo public key to pacman keyring
|
- name: Add repo public key to pacman keyring
|
||||||
when: repo_key_check.rc == 2
|
when: repo_key_check.rc == 1
|
||||||
block:
|
block:
|
||||||
|
|
||||||
- name: Import the repo public key
|
- name: Import the repo public key
|
||||||
@ -29,7 +29,7 @@
|
|||||||
argv:
|
argv:
|
||||||
- pacman-key
|
- pacman-key
|
||||||
- --lsign-key
|
- --lsign-key
|
||||||
- "{{ aur_repo_client_public_key }}"
|
- "{{ aur_repo_client_public_key_fingerprint }}"
|
||||||
changed_when: true
|
changed_when: true
|
||||||
|
|
||||||
- name: Add home repo block to pacman.conf
|
- name: Add home repo block to pacman.conf
|
||||||
@ -42,4 +42,9 @@
|
|||||||
create: false
|
create: false
|
||||||
state: present
|
state: present
|
||||||
insertafter: EOF
|
insertafter: EOF
|
||||||
notify: Update pacman
|
register: add_pacman_repo
|
||||||
|
|
||||||
|
- name: Update pacman database # noqa: no-handler
|
||||||
|
when: add_pacman_repo.changed
|
||||||
|
community.general.pacman:
|
||||||
|
update_cache: true
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
|
---
|
||||||
|
|
||||||
aur_repo_client_repo_name: "home"
|
aur_repo_client_repo_name: "home"
|
||||||
aur_repo_client_repo_address: "https://repo.balsillie.house"
|
aur_repo_client_repo_address: "https://repo.balsillie.house"
|
||||||
aur_repo_client_public_key: DB529158B99DD8311D78CA2FBE6003C744F56EE2
|
aur_repo_client_public_key_fingerprint: DB529158B99DD8311D78CA2FBE6003C744F56EE2
|
||||||
aur_repo_client_keyserver: hkps://keyserver.ubuntu.com
|
aur_repo_client_keyserver: hkps://keyserver.ubuntu.com
|
||||||
|
12
ansible/roles/aur_repo_host/files/aur-sync.service
Normal file
12
ansible/roles/aur_repo_host/files/aur-sync.service
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Sync AUR packages
|
||||||
|
Wants=aur-sync.timer
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/bin/aur sync --no-view --upgrades --no-confirm --clean --rm-deps --sign --database home
|
||||||
|
User=aur-builder
|
||||||
|
Group=aur-builder
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
12
ansible/roles/aur_repo_host/files/aur-sync.timer
Normal file
12
ansible/roles/aur_repo_host/files/aur-sync.timer
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Timer that runs aur sync service
|
||||||
|
Requires=aur-sync.service
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
Unit=aur-sync.service
|
||||||
|
OnCalendar=*-*-* 16:00:00
|
||||||
|
RandomizedDelaySec=120
|
||||||
|
Persistent=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
@ -26,13 +26,21 @@
|
|||||||
system: true
|
system: true
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Create the parent build dir
|
- name: Create the build user sudoer file
|
||||||
|
ansible.builtin.template:
|
||||||
|
dest: /etc/sudoers.d/{{ aur_repo_build_account }}
|
||||||
|
src: aur-sudoer.j2
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0640"
|
||||||
|
|
||||||
|
- name: Create the build dirs
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
||||||
state: directory
|
state: directory
|
||||||
owner: "{{ aur_repo_build_account }}"
|
owner: "{{ aur_repo_build_account }}"
|
||||||
group: "{{ aur_repo_build_account }}"
|
group: "{{ aur_repo_build_account }}"
|
||||||
mode: "0755"
|
mode: "0775"
|
||||||
loop:
|
loop:
|
||||||
- "{{ aur_repo_dir }}"
|
- "{{ aur_repo_dir }}"
|
||||||
- "{{ aur_repo_dir }}/packages"
|
- "{{ aur_repo_dir }}/packages"
|
||||||
@ -41,7 +49,7 @@
|
|||||||
- /var/log/makepkg
|
- /var/log/makepkg
|
||||||
- /tmp/build
|
- /tmp/build
|
||||||
|
|
||||||
- name: Check if the singing key is in build user's keyring
|
- name: Check if the signing key is in build user's keyring
|
||||||
become: true
|
become: true
|
||||||
become_user: "{{ aur_repo_build_account }}"
|
become_user: "{{ aur_repo_build_account }}"
|
||||||
ansible.builtin.command:
|
ansible.builtin.command:
|
||||||
@ -149,12 +157,12 @@
|
|||||||
- pacman-key
|
- pacman-key
|
||||||
- -l
|
- -l
|
||||||
- "{{ aur_repo_key_thumbprint }}"
|
- "{{ aur_repo_key_thumbprint }}"
|
||||||
failed_when: pacman_key_result.rc not in [0, 2]
|
failed_when: pacman_key_result.rc not in [0, 1]
|
||||||
changed_when: false
|
changed_when: false
|
||||||
register: pacman_key_result
|
register: pacman_key_result
|
||||||
|
|
||||||
- name: Pacman key import block
|
- name: Pacman key import block
|
||||||
when: pacman_key_result.rc == 2
|
when: pacman_key_result.rc == 1
|
||||||
block:
|
block:
|
||||||
|
|
||||||
- name: Import the signing public key to arch keyring
|
- name: Import the signing public key to arch keyring
|
||||||
@ -192,6 +200,29 @@
|
|||||||
state: present
|
state: present
|
||||||
update_cache: true
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Enable the multilib repository
|
||||||
|
ansible.builtin.replace:
|
||||||
|
path: /etc/pacman.conf
|
||||||
|
backup: true
|
||||||
|
regexp: '^[#]?\[multilib\]\n[#]?Include = \/etc\/pacman.d\/mirrorlist$'
|
||||||
|
replace: '[multilib]\nInclude = /etc/pacman.d/mirrorlist'
|
||||||
|
register: multilib_enable
|
||||||
|
|
||||||
|
- name: Update the package database # noqa: no-handler
|
||||||
|
when: multilib_enable.changed
|
||||||
|
community.general.pacman:
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Sync AUR packages
|
||||||
|
become: true
|
||||||
|
become_user: "{{ aur_repo_build_account }}"
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: aur sync --no-view -CnrS {{ item }}
|
||||||
|
loop: "{{ aur_repo_host_packages }}"
|
||||||
|
register: aur_sync_result
|
||||||
|
changed_when: (aur_sync_result.stderr_lines | last | replace(':','')) != "sync there is nothing to do"
|
||||||
|
failed_when: aur_sync_result.rc != 0
|
||||||
|
|
||||||
- name: Add the root www folder if it doesn't exist
|
- name: Add the root www folder if it doesn't exist
|
||||||
ansible.builtin.file:
|
ansible.builtin.file:
|
||||||
path: /var/www
|
path: /var/www
|
||||||
@ -205,3 +236,23 @@
|
|||||||
src: "{{ aur_repo_dir }}/packages"
|
src: "{{ aur_repo_dir }}/packages"
|
||||||
path: /var/www{{ aur_repo_dir }}
|
path: /var/www{{ aur_repo_dir }}
|
||||||
state: link
|
state: link
|
||||||
|
|
||||||
|
- name: Add the aur-sync systemd unit files
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "{{ item }}"
|
||||||
|
dest: /usr/lib/systemd/system/
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: "0644"
|
||||||
|
loop:
|
||||||
|
- aur-sync.service
|
||||||
|
- aur-sync.timer
|
||||||
|
register: aur_sync_unit_files
|
||||||
|
|
||||||
|
- name: Enable and start the aur-sync systemd timer # noqa: no-handler
|
||||||
|
when: aur_sync_unit_files.changed
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: aur-sync.timer
|
||||||
|
enabled: true
|
||||||
|
state: started
|
||||||
|
daemon_reload: true
|
||||||
|
1
ansible/roles/aur_repo_host/templates/aur-sudoer.j2
Normal file
1
ansible/roles/aur_repo_host/templates/aur-sudoer.j2
Normal file
@ -0,0 +1 @@
|
|||||||
|
{{ aur_repo_build_account }} ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync
|
@ -1,9 +1,21 @@
|
|||||||
add aur-builder sudoers entry
|
✔ add aur-builder sudoers entry @done(24-04-23 15:22)
|
||||||
|
|
||||||
aur-builder ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync
|
aur-builder ALL = (root) NOPASSWD: /usr/bin/pacman, /usr/bin/pacsync
|
||||||
|
|
||||||
add aur sync command
|
✔ add aur sync command @done(24-04-23 14:09)
|
||||||
|
|
||||||
sudo -u aur-builder aur sync --no-view -CnrS sonarr
|
sudo -u aur-builder aur sync --no-view -CnrS sonarr
|
||||||
|
|
||||||
enable aur sync service/timer
|
✔ enable aur sync service/timer @done(24-04-23 15:22)
|
||||||
|
|
||||||
|
|
||||||
|
aur sync switch break down:
|
||||||
|
--no-view Do not present build files for inspection
|
||||||
|
--upgrades -u Update all obsolete packages
|
||||||
|
--no-confirm -n Do not wait for unser input when installing or removing build dependencies
|
||||||
|
--clean -C Clean up build files after building
|
||||||
|
--rm-deps -r Remove dependencies installed by makepkg
|
||||||
|
--sign -S Sign built packages
|
||||||
|
--database -d Use the specified repository, per it's name in pacman.conf
|
||||||
|
|
||||||
|
aur sync --no-view --upgrades --no-confirm --clean --rm-deps --sign --database home
|
||||||
|
Loading…
Reference in New Issue
Block a user