aur repo wip

2024-04-23 00:49:49 +12:00 · 2024-04-23 00:49:49 +12:00 · a6eb508cf0
commit a6eb508cf0
parent 85330c8645
17 changed files with 171 additions and 34 deletions
--- a/ansible/inventory/host_vars/hv00.balsillie.house/aur_repo_host.yaml
+++ b/ansible/inventory/host_vars/hv00.balsillie.house/aur_repo_host.yaml
--- a/ansible/inventory/host_vars/hv00.balsillie.house/certbot.yaml
+++ b/ansible/inventory/host_vars/hv00.balsillie.house/certbot.yaml
@ -0,0 +1,8 @@
 certbot_rfc2136_server: '10.208.240.1'
 certbot_rfc2136_key_name: 'rndc-house'
 certbot_rfc2136_key_algorithm: 'hmac-sha256'
 certbot_webserver_type: 'nginx' # 'nginx' or 'apache'
 certbot_dns_plugin: 'rfc2136'
 certbot_email: "certbot.hv00@balsillie.email"
 certbot_acme_server: "acme-v02.api.letsencrypt.org"
--- a/ansible/inventory/host_vars/hv00.balsillie.house/nginx.yaml
+++ b/ansible/inventory/host_vars/hv00.balsillie.house/nginx.yaml
@ -0,0 +1,16 @@
 nginx_sites:
  - name: repo.balsillie.house
    type: site
    root: /var/www/aur
  - name: unifi.balsillie.house
    type: proxy
    upstream:
      host: 127.0.0.1
      port: 8989
  - name: hv00.balsillie.house
    type: proxy
    upstream:
      host: 127.0.0.1
      port: 9443
 nginx_user: "http"
--- a/ansible/inventory/host_vars/kodi00.balsillie.house/certbot.yaml
+++ b/ansible/inventory/host_vars/kodi00.balsillie.house/certbot.yaml
@ -6,6 +6,3 @@ certbot_webserver_type: 'nginx' # 'nginx' or 'apache'
 certbot_dns_plugin: 'rfc2136'
 certbot_email: "certbot.kodi00@balsillie.email"
 certbot_acme_server: "acme-v02.api.letsencrypt.org"
 certbot_domains:
  - kodi.balsillie.house
--- a/ansible/inventory/host_vars/kodi00.balsillie.house/nginx.yaml
+++ b/ansible/inventory/host_vars/kodi00.balsillie.house/nginx.yaml
@ -1,25 +1,31 @@
 nginx_sites:
  - name: tv.balsillie.house
    type: proxy
    upstream:
      host: 127.0.0.1
      port: 8989
  - name: movies.balsillie.house
    type: proxy
    upstream:
      host: 127.0.0.1
      port: 8081
  - name: index.balsillie.house
    type: proxy
    upstream:
      host: 127.0.0.1
      port: 8082
  - name: torrent.balsillie.house
    type: proxy
    upstream:
      host: 127.0.0.1
      port: 9090
  - name: jellyfin.balsillie.house
    type: proxy
    upstream:
      host: 127.0.0.1
      port: 8096
  - name: kodi.balsillie.house
    type: proxy
    upstream:
      host: 127.0.0.1
      port: 8082
--- a/ansible/playbooks/infra/hv00.yaml
+++ b/ansible/playbooks/infra/hv00.yaml
@ -6,4 +6,5 @@
  gather_facts: true
  become: true
  roles:
-    - role: aur_repo
+    - role: aur_repo_host
    - role: nginx
--- a/ansible/playbooks/infra/kodi.yaml
+++ b/ansible/playbooks/infra/kodi.yaml
@ -9,4 +9,5 @@
    # - role: sshd
    # - role: ufw
    - role: nginx
    - role: aur_repo_client
    - role: arr
--- a/ansible/roles/arr/tasks/main.yaml
+++ b/ansible/roles/arr/tasks/main.yaml
@ -1,24 +1,8 @@
 ---
- name: Check if Pikaur is installed
+- name: Install arr packages
  when: ansible_facts['os_family'] == "Archlinux"
  ansible.builtin.stat:
    follow: true
    path: /usr/bin/pikaur
  register: pikaur_stat
 - name: Branch to Pikaur setup role if Pikaur is not installed
  when:
    - ansible_facts['os_family'] == "Archlinux"
    - not pikaur_stat.stat.exists
  ansible.builtin.include_role:
    name: pikaur
 - name: Install arr packages from AUR
  when: ansible_facts['os_family'] == "Archlinux"
  community.general.pacman:
-    executable: pikaur
+    name: "{{ arr_packages }}"
    name: "{{ item }}"
    state: present
-    update_cache: "{{ item == arr_packages.0 }}"
+    update_cache: true
  loop: "{{ arr_packages }}"
--- a/ansible/roles/aur_repo_client/handlers/main.yaml
+++ b/ansible/roles/aur_repo_client/handlers/main.yaml
@ -0,0 +1,5 @@
 ---
 - name: Update pacman
  community.general.pacman:
    update_cache: true
--- a/ansible/roles/aur_repo_client/tasks/main.yaml
+++ b/ansible/roles/aur_repo_client/tasks/main.yaml
@ -0,0 +1,45 @@
 ---
 - name: Check if repo public key is in pacman keyring
  ansible.builtin.command:
    argv:
      - pacman-key
      - --list-keys
      - "{{ aur_repo_client_repo_name }}"
  register: repo_key_check
  failed_when: repo_key_check.rc not in [0, 2]
  changed_when: false
 - name: Add repo public key to pacman keyring
  when: repo_key_check.rc == 2
  block:
    - name: Import the repo public key
      ansible.builtin.command:
        argv:
          - pacman-key
          - --recv-keys
          - "{{ aur_repo_client_public_key_fingerprint }}"
          - --keyserver
          - "{{ aur_repo_client_keyserver }}"
      changed_when: true
    - name: Trust the repo public key
      ansible.builtin.command:
        argv:
          - pacman-key
          - --lsign-key
          - "{{ aur_repo_client_public_key }}"
      changed_when: true
 - name: Add home repo block to pacman.conf
  ansible.builtin.blockinfile:
    path: /etc/pacman.conf
    block: |
      [{{ aur_repo_client_repo_name }}]
      SigLevel = Required TrustedOnly
      Server = {{ aur_repo_client_repo_address }}
    create: false
    state: present
    insertafter: EOF
  notify: Update pacman
--- a/ansible/roles/aur_repo_client/vars/main.yaml
+++ b/ansible/roles/aur_repo_client/vars/main.yaml
@ -0,0 +1,4 @@
 aur_repo_client_repo_name: "home"
 aur_repo_client_repo_address: "https://repo.balsillie.house"
 aur_repo_client_public_key: DB529158B99DD8311D78CA2FBE6003C744F56EE2
 aur_repo_client_keyserver: hkps://keyserver.ubuntu.com
--- a/ansible/roles/aur_repo_host/tasks/main.yaml
+++ b/ansible/roles/aur_repo_host/tasks/main.yaml
@ -112,10 +112,6 @@
        aurutils_pkgrel: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^pkgrel=).*(?=$)', multiline=True) }}"
        aurutils_arch: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^arch=\\().*(?=\\)$)', multiline=True) | replace(\"'\", '') }}"
    - name: Debug aurutils dependencies
      ansible.builtin.debug:
        msg: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4"
    - name: Install aurutils dependencies
      community.general.pacman:
        name: "{{ aurutils_dependencies }}"
@ -129,7 +125,23 @@
      ansible.builtin.command:
        cmd: makepkg
        chdir: /tmp/aurutils
-        creates: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4"
+        creates: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar"
    - name: Update repo database
      become: true
      become_user: "{{ aur_repo_build_account }}"
      ansible.builtin.command:
        argv:
          - repo-add
          - --prevent-downgrade
          - --remove
          - --sign
          - --key
          - "{{ aur_repo_key_thumbprint }}"
          - repo.db.tar
          - aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar
        chdir: "{{ aur_repo_dir }}/packages"
      changed_when: true
    - name: Check if the signing key is in pacman keyring
      ansible.builtin.command:
@ -163,8 +175,36 @@
              - "{{ aur_repo_key_thumbprint }}"
          changed_when: true
    - name: Add custom repo block to pacman.conf
      ansible.builtin.blockinfile:
        path: /etc/pacman.conf
        block: |
          [custom]
          SigLevel = Required TrustedOnly
          Server = file://{{ aur_repo_dir }}/packages
        create: false
        state: present
        insertafter: EOF
    - name: Install aurutils
      community.general.pacman:
-        name: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4"
+        name: aurutils
        state: present
-        update_cache: false
+        update_cache: true
 - name: Add the root www folder if it doesn't exist
  ansible.builtin.file:
    path: /var/www
    state: directory
    owner: http
    group: http
    mode: "0775"
 - name: Link the aur repo to the web root
  ansible.builtin.file:
    src: "{{ aur_repo_dir }}/packages"
    dest: /var/www{{ aur_repo_dir }}
    state: link
    owner: http
    group: http
    mode: "0775"
--- a/ansible/roles/aur_repo_host/templates/makepkg.conf.j2
+++ b/ansible/roles/aur_repo_host/templates/makepkg.conf.j2
@ -17,5 +17,5 @@ PKGDEST={{ aur_repo_dir }}/packages
 SRCDEST={{ aur_repo_dir }}/sources
 SRCPKGDEST={{ aur_repo_dir }}/srcpackages
 LOGDEST=/var/log/makepkg
-PKGEXT=".pkg.tar.lz4"
+PKGEXT=".pkg.tar"
-SRCEXT=".src.tar.lz4"
+SRCEXT=".src.tar"
--- a/ansible/roles/aur_repo_host/templates/signing_key.asc.j2
+++ b/ansible/roles/aur_repo_host/templates/signing_key.asc.j2
--- a/ansible/roles/nginx/tasks/main.yaml
+++ b/ansible/roles/nginx/tasks/main.yaml
@ -68,14 +68,26 @@
    mode: "0644"
  notify: Restart nginx
- name: Template out nginx site configs
+- name: Template out nginx reverse proxy configs
  ansible.builtin.template:
-    src: site.conf.j2
+    src: nginx-proxy.conf.j2
    dest: /etc/nginx/sites-available/{{ item.name }}.conf
    owner: root
    group: root
    mode: "0644"
  loop: "{{ nginx_sites }}"
  when: item.type == "proxy"
  notify: Restart nginx
 - name: Template out nginx site configs
  ansible.builtin.template:
    src: nginx-site.conf.j2
    dest: /etc/nginx/sites-available/{{ item.name }}.conf
    owner: root
    group: root
    mode: "0644"
  loop: "{{ nginx_sites }}"
  when: item.type == "site"
  notify: Restart nginx
 - name: Enable site configs
--- a/ansible/roles/nginx/templates/nginx-proxy.conf.j2
+++ b/ansible/roles/nginx/templates/nginx-proxy.conf.j2
--- a/ansible/roles/nginx/templates/nginx-site.conf.j2
+++ b/ansible/roles/nginx/templates/nginx-site.conf.j2
@ -0,0 +1,18 @@
 server {
    listen 80;
    server_name {{ item.name }};
    location / {
        return 301 https://$host$request_uri;
    }
 }
 server {
    listen 443 ssl http2;
    server_name {{ item.name }};
    ssl_certificate     /etc/letsencrypt/live/{{ item.name }}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{{ item.name }}/privkey.pem;
    index index.html;
    root {{ item.root }};
    location / {
    }
 }