aurutils install working

ansible/inventory/host_vars/hv00.balsillie.house/ansible_connection.yaml

@@ -4,6 +4,6 @@ ansible_fqdn: hv00.balsillie.house
 ansible_remote_addr: 10.192.110.100
 ansible_port: 22
 ansible_user: ladmin
-ansible_become_user: root
-ansible_become_method: sudo
-static_fqdn: hv00.balsillie.house
+# ansible_become_user: root
+ansible_become_method: ansible.builtin.sudo
+static_fqdn: hv00.balsillie.house

ansible/inventory/host_vars/hv00.balsillie.house/aur_repo.yaml

@@ -0,0 +1,5 @@
+aur_repo_packager_name: "Balsillie Family"
+aur_repo_packager_email: "admin@balsillie.net"
+aur_repo_dir: "/aur"
+
+aur_repo_build_account: "aur-builder"

ansible/inventory/host_vars/hv00_balsillie_net/hv00_balsillie_net.yaml

@@ -1,2 +0,0 @@
----
-ansible_host: hv00.balsillie.net

ansible/inventory/host_vars/kodi00.balsillie.house/nginx.yaml

@@ -2,7 +2,7 @@ nginx_sites:
   - name: tv.balsillie.house
     upstream:
       host: 127.0.0.1
-      port: 8080
+      port: 8989
   - name: movies.balsillie.house
     upstream:
       host: 127.0.0.1
@@ -24,4 +24,4 @@ nginx_sites:
       host: 127.0.0.1
       port: 8082
 
-nginx_user: "http"
+nginx_user: "http"

ansible/playbooks/infra/hv00.yaml

@@ -0,0 +1,9 @@
+---
+
+- name: Setup core home router
+  hosts:
+    - hv00.balsillie.house
+  gather_facts: true
+  become: true
+  roles:
+    - role: aur_repo

ansible/playbooks/infra/kodi.yaml

@@ -1,4 +1,6 @@
-- name: Install media services
+---
+
+- name: Setup Kodi boxes
   hosts:
     - kodi00.balsillie.house
   gather_facts: true
@@ -7,3 +9,4 @@
     # - role: sshd
     # - role: ufw
     - role: nginx
+    - role: arr

ansible/playbooks/infra/vp2420.yaml

@@ -1,41 +0,0 @@
----
-
-# Arch install bare metal
-
-# Systemd networking
-
-# - name: Setup systemd-networkd
-#   hosts: hv00.balsillie.house
-#   become: true
-#   roles:
-#     - name: systemd_networkd
-#       vars:
-#         ansible_host: 192.168.1.106
-
-# Serial console
-
-# - name: Setup serial console
-#   hosts: hv00.balsillie.house
-#   become: true
-#   roles:
-#     - name: serial_console
-
-# Hypervisor setup
-
-# - name: Configure hypervisor
-#   hosts: hv00.balsillie.house
-#   gather_facts: true
-#   become: true
-#   roles:
-#     - name: hypervisor
-
-# SSHd setup
-
-- name: Configure sshd
-  hosts: hv00.balsillie.house
-  gather_facts: true
-  become: true
-  roles:
-    - name: sshd_setup
-
-# VM setup

ansible/roles/arr/tasks/main.yaml

@@ -0,0 +1,24 @@
+---
+
+- name: Check if Pikaur is installed
+  when: ansible_facts['os_family'] == "Archlinux"
+  ansible.builtin.stat:
+    follow: true
+    path: /usr/bin/pikaur
+  register: pikaur_stat
+
+- name: Branch to Pikaur setup role if Pikaur is not installed
+  when:
+    - ansible_facts['os_family'] == "Archlinux"
+    - not pikaur_stat.stat.exists
+  ansible.builtin.include_role:
+    name: pikaur
+
+- name: Install arr packages from AUR
+  when: ansible_facts['os_family'] == "Archlinux"
+  community.general.pacman:
+    executable: pikaur
+    name: "{{ item }}"
+    state: present
+    update_cache: "{{ item == arr_packages.0 }}"
+  loop: "{{ arr_packages }}"

ansible/roles/arr/vars/main.yaml

@@ -0,0 +1,6 @@
+arr_packages:
+  - sonarr
+  - radarr
+  - lidarr
+  - bazarr
+  - prowlarr

ansible/roles/aur_repo/tasks/main.yaml

@@ -0,0 +1,170 @@
+---
+
+- name: Create the makepkg drop-in config file
+  ansible.builtin.template:
+    dest: /etc/makepkg.conf.d/makepkg.conf
+    src: makepkg.conf.j2
+    owner: root
+    group: root
+    mode: "0644"
+
+- name: Create the build user group
+  ansible.builtin.group:
+    name: "{{ aur_repo_build_account }}"
+    system: true
+    state: present
+
+- name: Create the build user
+  ansible.builtin.user:
+    name: "{{ aur_repo_build_account }}"
+    password: '!'
+    group: "{{ aur_repo_build_account }}"
+    comment: "AUR Package Builder"
+    shell: /sbin/nologin
+    home: "{{ aur_repo_dir }}"
+    createhome: true
+    system: true
+    state: present
+
+- name: Create the parent build dir
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ aur_repo_build_account }}"
+    group: "{{ aur_repo_build_account }}"
+    mode: "0755"
+  loop:
+    - "{{ aur_repo_dir }}"
+    - "{{ aur_repo_dir }}/packages"
+    - "{{ aur_repo_dir }}/sources"
+    - "{{ aur_repo_dir }}/srcpackages"
+    - /var/log/makepkg
+    - /tmp/build
+
+- name: Check if the singing key is in build user's keyring
+  become: true
+  become_user: "{{ aur_repo_build_account }}"
+  ansible.builtin.command:
+    cmd: gpg2 --list-secret-key --with-colons {{ aur_repo_key_thumbprint }}
+  failed_when: key_result.rc not in [0, 2]
+  changed_when: false
+  register: key_result
+
+- name: GPG key import block
+  when: key_result.rc == 2
+  block:
+
+    - name: Template out the signing private key
+      ansible.builtin.template:
+        dest: "/tmp/build/signing_key.asc"
+        src: signing_key.asc.j2
+        owner: "{{ aur_repo_build_account }}"
+        group: "{{ aur_repo_build_account }}"
+        mode: "0600"
+
+    - name: Import the signing key
+      become: true
+      become_user: "{{ aur_repo_build_account }}"
+      ansible.builtin.command:
+        cmd: gpg2 --import /tmp/build/signing_key.asc
+      changed_when: true
+
+    - name: Delete the signing key
+      ansible.builtin.file:
+        path: "/tmp/build/signing_key.asc"
+        state: absent
+
+- name: Check if aurutils is already installed
+  ansible.builtin.stat:
+    follow: true
+    path: /usr/bin/aur
+  register: aurutils_stat
+
+- name: Aurutils install block
+  when: not aurutils_stat.stat.exists
+  block:
+
+    - name: Install makepkg dependencies
+      community.general.pacman:
+        name:
+          - git
+          - base-devel
+        state: present
+        update_cache: true
+
+    - name: Clone aurutils
+      ansible.builtin.git:
+        depth: 1
+        dest: /tmp/aurutils
+        repo: https://aur.archlinux.org/aurutils.git
+        single_branch: true
+        version: master
+
+    - name: Slurp PKGBUILD contents
+      ansible.builtin.slurp:
+        path: /tmp/aurutils/PKGBUILD
+      register: aurutils_pkgbuild
+
+    - name: Parse PKGBUILD into facts
+      ansible.builtin.set_fact:
+        aurutils_dependencies: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^depends=\\().*(?=\\)$)', multiline=True) | replace(\"'\", '') | split(' ') }}" # noqa: yaml[line-length]
+        aurutils_pkgver: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^pkgver=).*(?=$)', multiline=True) }}"
+        aurutils_pkgrel: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^pkgrel=).*(?=$)', multiline=True) }}"
+        aurutils_arch: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^arch=\\().*(?=\\)$)', multiline=True) | replace(\"'\", '') }}"
+
+    - name: Debug aurutils dependencies
+      ansible.builtin.debug:
+        msg: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4"
+
+    - name: Install aurutils dependencies
+      community.general.pacman:
+        name: "{{ aurutils_dependencies }}"
+        state: present
+        reason: dependency
+        update_cache: false
+
+    - name: Build aurutils
+      become: true
+      become_user: "{{ aur_repo_build_account }}"
+      ansible.builtin.command:
+        cmd: makepkg
+        chdir: /tmp/aurutils
+        creates: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4"
+
+    - name: Check if the signing key is in pacman keyring
+      ansible.builtin.command:
+        argv:
+          - pacman-key
+          - -l
+          - "{{ aur_repo_key_thumbprint }}"
+      failed_when: pacman_key_result.rc not in [0, 2]
+      changed_when: false
+      register: pacman_key_result
+
+    - name: Pacman key import block
+      when: pacman_key_result.rc == 2
+      block:
+
+        - name: Import the signing public key to arch keyring
+          ansible.builtin.command:
+            argv:
+              - pacman-key
+              - -r
+              - "{{ aur_repo_key_thumbprint }}"
+              - --keyserver
+              - hkps://keyserver.ubuntu.com
+          changed_when: true
+
+        - name: Locally sign the imported pacman key
+          ansible.builtin.command:
+            argv:
+              - pacman-key
+              - --lsign-key
+              - "{{ aur_repo_key_thumbprint }}"
+          changed_when: true
+
+    - name: Install aurutils
+      community.general.pacman:
+        name: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4"
+        state: present
+        update_cache: false

ansible/roles/aur_repo/templates/makepkg.conf.j2

@@ -0,0 +1,21 @@
+
+# Global Options
+
+OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge debug lto autodeps)
+MAKEFLAGS="-j{{ (ansible_processor_nproc - 1) }}"
+PACKAGER="{{ aur_repo_packager_name }} <{{ aur_repo_packager_email }}>"
+
+# Build Environment
+
+BUILDDIR=/tmp/build
+BUILDENV=(!distcc color !ccache check sign)
+GPGKEY={{ aur_repo_key_thumbprint }}
+
+# Outputs
+
+PKGDEST={{ aur_repo_dir }}/packages
+SRCDEST={{ aur_repo_dir }}/sources
+SRCPKGDEST={{ aur_repo_dir }}/srcpackages
+LOGDEST=/var/log/makepkg
+PKGEXT=".pkg.tar.lz4"
+SRCEXT=".src.tar.lz4"

ansible/roles/aur_repo/templates/signing_key.asc.j2

@@ -0,0 +1 @@
+{{ aur_repo_private_key }}