1
0

aur repo wip

This commit is contained in:
michael 2024-04-23 00:49:49 +12:00
parent 85330c8645
commit a6eb508cf0
17 changed files with 171 additions and 34 deletions

View File

@ -0,0 +1,8 @@
certbot_rfc2136_server: '10.208.240.1'
certbot_rfc2136_key_name: 'rndc-house'
certbot_rfc2136_key_algorithm: 'hmac-sha256'
certbot_webserver_type: 'nginx' # 'nginx' or 'apache'
certbot_dns_plugin: 'rfc2136'
certbot_email: "certbot.hv00@balsillie.email"
certbot_acme_server: "acme-v02.api.letsencrypt.org"

View File

@ -0,0 +1,16 @@
nginx_sites:
- name: repo.balsillie.house
type: site
root: /var/www/aur
- name: unifi.balsillie.house
type: proxy
upstream:
host: 127.0.0.1
port: 8989
- name: hv00.balsillie.house
type: proxy
upstream:
host: 127.0.0.1
port: 9443
nginx_user: "http"

View File

@ -6,6 +6,3 @@ certbot_webserver_type: 'nginx' # 'nginx' or 'apache'
certbot_dns_plugin: 'rfc2136' certbot_dns_plugin: 'rfc2136'
certbot_email: "certbot.kodi00@balsillie.email" certbot_email: "certbot.kodi00@balsillie.email"
certbot_acme_server: "acme-v02.api.letsencrypt.org" certbot_acme_server: "acme-v02.api.letsencrypt.org"
certbot_domains:
- kodi.balsillie.house

View File

@ -1,25 +1,31 @@
nginx_sites: nginx_sites:
- name: tv.balsillie.house - name: tv.balsillie.house
type: proxy
upstream: upstream:
host: 127.0.0.1 host: 127.0.0.1
port: 8989 port: 8989
- name: movies.balsillie.house - name: movies.balsillie.house
type: proxy
upstream: upstream:
host: 127.0.0.1 host: 127.0.0.1
port: 8081 port: 8081
- name: index.balsillie.house - name: index.balsillie.house
type: proxy
upstream: upstream:
host: 127.0.0.1 host: 127.0.0.1
port: 8082 port: 8082
- name: torrent.balsillie.house - name: torrent.balsillie.house
type: proxy
upstream: upstream:
host: 127.0.0.1 host: 127.0.0.1
port: 9090 port: 9090
- name: jellyfin.balsillie.house - name: jellyfin.balsillie.house
type: proxy
upstream: upstream:
host: 127.0.0.1 host: 127.0.0.1
port: 8096 port: 8096
- name: kodi.balsillie.house - name: kodi.balsillie.house
type: proxy
upstream: upstream:
host: 127.0.0.1 host: 127.0.0.1
port: 8082 port: 8082

View File

@ -6,4 +6,5 @@
gather_facts: true gather_facts: true
become: true become: true
roles: roles:
- role: aur_repo - role: aur_repo_host
- role: nginx

View File

@ -9,4 +9,5 @@
# - role: sshd # - role: sshd
# - role: ufw # - role: ufw
- role: nginx - role: nginx
- role: aur_repo_client
- role: arr - role: arr

View File

@ -1,24 +1,8 @@
--- ---
- name: Check if Pikaur is installed - name: Install arr packages
when: ansible_facts['os_family'] == "Archlinux"
ansible.builtin.stat:
follow: true
path: /usr/bin/pikaur
register: pikaur_stat
- name: Branch to Pikaur setup role if Pikaur is not installed
when:
- ansible_facts['os_family'] == "Archlinux"
- not pikaur_stat.stat.exists
ansible.builtin.include_role:
name: pikaur
- name: Install arr packages from AUR
when: ansible_facts['os_family'] == "Archlinux" when: ansible_facts['os_family'] == "Archlinux"
community.general.pacman: community.general.pacman:
executable: pikaur name: "{{ arr_packages }}"
name: "{{ item }}"
state: present state: present
update_cache: "{{ item == arr_packages.0 }}" update_cache: true
loop: "{{ arr_packages }}"

View File

@ -0,0 +1,5 @@
---
- name: Update pacman
community.general.pacman:
update_cache: true

View File

@ -0,0 +1,45 @@
---
- name: Check if repo public key is in pacman keyring
ansible.builtin.command:
argv:
- pacman-key
- --list-keys
- "{{ aur_repo_client_repo_name }}"
register: repo_key_check
failed_when: repo_key_check.rc not in [0, 2]
changed_when: false
- name: Add repo public key to pacman keyring
when: repo_key_check.rc == 2
block:
- name: Import the repo public key
ansible.builtin.command:
argv:
- pacman-key
- --recv-keys
- "{{ aur_repo_client_public_key_fingerprint }}"
- --keyserver
- "{{ aur_repo_client_keyserver }}"
changed_when: true
- name: Trust the repo public key
ansible.builtin.command:
argv:
- pacman-key
- --lsign-key
- "{{ aur_repo_client_public_key }}"
changed_when: true
- name: Add home repo block to pacman.conf
ansible.builtin.blockinfile:
path: /etc/pacman.conf
block: |
[{{ aur_repo_client_repo_name }}]
SigLevel = Required TrustedOnly
Server = {{ aur_repo_client_repo_address }}
create: false
state: present
insertafter: EOF
notify: Update pacman

View File

@ -0,0 +1,4 @@
aur_repo_client_repo_name: "home"
aur_repo_client_repo_address: "https://repo.balsillie.house"
aur_repo_client_public_key: DB529158B99DD8311D78CA2FBE6003C744F56EE2
aur_repo_client_keyserver: hkps://keyserver.ubuntu.com

View File

@ -112,10 +112,6 @@
aurutils_pkgrel: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^pkgrel=).*(?=$)', multiline=True) }}" aurutils_pkgrel: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^pkgrel=).*(?=$)', multiline=True) }}"
aurutils_arch: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^arch=\\().*(?=\\)$)', multiline=True) | replace(\"'\", '') }}" aurutils_arch: "{{ aurutils_pkgbuild['content'] | b64decode | regex_search('(?<=^arch=\\().*(?=\\)$)', multiline=True) | replace(\"'\", '') }}"
- name: Debug aurutils dependencies
ansible.builtin.debug:
msg: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4"
- name: Install aurutils dependencies - name: Install aurutils dependencies
community.general.pacman: community.general.pacman:
name: "{{ aurutils_dependencies }}" name: "{{ aurutils_dependencies }}"
@ -129,7 +125,23 @@
ansible.builtin.command: ansible.builtin.command:
cmd: makepkg cmd: makepkg
chdir: /tmp/aurutils chdir: /tmp/aurutils
creates: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4" creates: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar"
- name: Update repo database
become: true
become_user: "{{ aur_repo_build_account }}"
ansible.builtin.command:
argv:
- repo-add
- --prevent-downgrade
- --remove
- --sign
- --key
- "{{ aur_repo_key_thumbprint }}"
- repo.db.tar
- aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar
chdir: "{{ aur_repo_dir }}/packages"
changed_when: true
- name: Check if the signing key is in pacman keyring - name: Check if the signing key is in pacman keyring
ansible.builtin.command: ansible.builtin.command:
@ -163,8 +175,36 @@
- "{{ aur_repo_key_thumbprint }}" - "{{ aur_repo_key_thumbprint }}"
changed_when: true changed_when: true
- name: Add custom repo block to pacman.conf
ansible.builtin.blockinfile:
path: /etc/pacman.conf
block: |
[custom]
SigLevel = Required TrustedOnly
Server = file://{{ aur_repo_dir }}/packages
create: false
state: present
insertafter: EOF
- name: Install aurutils - name: Install aurutils
community.general.pacman: community.general.pacman:
name: "{{ aur_repo_dir }}/packages/aurutils-{{ aurutils_pkgver }}-{{ aurutils_pkgrel }}-{{ aurutils_arch }}.pkg.tar.lz4" name: aurutils
state: present state: present
update_cache: false update_cache: true
- name: Add the root www folder if it doesn't exist
ansible.builtin.file:
path: /var/www
state: directory
owner: http
group: http
mode: "0775"
- name: Link the aur repo to the web root
ansible.builtin.file:
src: "{{ aur_repo_dir }}/packages"
dest: /var/www{{ aur_repo_dir }}
state: link
owner: http
group: http
mode: "0775"

View File

@ -17,5 +17,5 @@ PKGDEST={{ aur_repo_dir }}/packages
SRCDEST={{ aur_repo_dir }}/sources SRCDEST={{ aur_repo_dir }}/sources
SRCPKGDEST={{ aur_repo_dir }}/srcpackages SRCPKGDEST={{ aur_repo_dir }}/srcpackages
LOGDEST=/var/log/makepkg LOGDEST=/var/log/makepkg
PKGEXT=".pkg.tar.lz4" PKGEXT=".pkg.tar"
SRCEXT=".src.tar.lz4" SRCEXT=".src.tar"

View File

@ -68,14 +68,26 @@
mode: "0644" mode: "0644"
notify: Restart nginx notify: Restart nginx
- name: Template out nginx site configs - name: Template out nginx reverse proxy configs
ansible.builtin.template: ansible.builtin.template:
src: site.conf.j2 src: nginx-proxy.conf.j2
dest: /etc/nginx/sites-available/{{ item.name }}.conf dest: /etc/nginx/sites-available/{{ item.name }}.conf
owner: root owner: root
group: root group: root
mode: "0644" mode: "0644"
loop: "{{ nginx_sites }}" loop: "{{ nginx_sites }}"
when: item.type == "proxy"
notify: Restart nginx
- name: Template out nginx site configs
ansible.builtin.template:
src: nginx-site.conf.j2
dest: /etc/nginx/sites-available/{{ item.name }}.conf
owner: root
group: root
mode: "0644"
loop: "{{ nginx_sites }}"
when: item.type == "site"
notify: Restart nginx notify: Restart nginx
- name: Enable site configs - name: Enable site configs

View File

@ -0,0 +1,18 @@
server {
listen 80;
server_name {{ item.name }};
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name {{ item.name }};
ssl_certificate /etc/letsencrypt/live/{{ item.name }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ item.name }}/privkey.pem;
index index.html;
root {{ item.root }};
location / {
}
}