diff options
Diffstat (limited to 'ansible/roles/apt-repository')
| -rw-r--r-- | ansible/roles/apt-repository/files/process-incoming | 13 | ||||
| -rw-r--r-- | ansible/roles/apt-repository/handlers/main.yml | 4 | ||||
| -rw-r--r-- | ansible/roles/apt-repository/tasks/main.yml | 133 | ||||
| -rw-r--r-- | ansible/roles/apt-repository/templates/000-default.conf | 18 | ||||
| -rw-r--r-- | ansible/roles/apt-repository/templates/distributions.j2 | 12 | ||||
| -rw-r--r-- | ansible/roles/apt-repository/templates/incoming.j2 | 5 | ||||
| -rw-r--r-- | ansible/roles/apt-repository/templates/uploaders.j2 | 1 |
7 files changed, 186 insertions, 0 deletions
diff --git a/ansible/roles/apt-repository/files/process-incoming b/ansible/roles/apt-repository/files/process-incoming new file mode 100644 index 0000000..b668c88 --- /dev/null +++ b/ansible/roles/apt-repository/files/process-incoming @@ -0,0 +1,13 @@ +#!/bin/bash + +( + # sleep for a few seconds so that dput has time to chmod the uploaded + # file. + sleep 10 + date + echo "Processing incoming" + reprepro -v -b /srv/apt processincoming default + reprepro -v -b /srv/apt export + rm -f incoming/*.buildinfo + echo "Finished processing incoming" +) 2>&1 >>/home/apt/reprepro.log diff --git a/ansible/roles/apt-repository/handlers/main.yml b/ansible/roles/apt-repository/handlers/main.yml new file mode 100644 index 0000000..a7ec2ee --- /dev/null +++ b/ansible/roles/apt-repository/handlers/main.yml @@ -0,0 +1,4 @@ +- name: restart apache2 + service: + name: apache2 + state: restarted diff --git a/ansible/roles/apt-repository/tasks/main.yml b/ansible/roles/apt-repository/tasks/main.yml new file mode 100644 index 0000000..6bf8412 --- /dev/null +++ b/ansible/roles/apt-repository/tasks/main.yml @@ -0,0 +1,133 @@ +- name: "install software needed for APT repository management" + apt: + name: + - apache2 + - incron + - reprepro + +- name: "create root directory for APT repository" + file: + state: directory + path: /srv/apt + owner: apt + group: apt + mode: 0755 + +- name: "create incoming directory for APT repository" + file: + state: directory + path: /srv/apt/incoming + owner: apt + group: incoming + mode: 0775 + +- name: "create .gnupg for apt user" + file: + state: directory + dest: /home/apt/.gnupg + owner: apt + group: apt + mode: 0700 + +- name: "install temporary copies of gpg keys for repository signing" + copy: + content: "{{ item.content }}" + dest: "/home/apt/{{ item.name }}" + owner: apt + group: apt + mode: 0600 + with_items: + - content: "{{ apt_signing_key }}" + name: key + - content: "{{ apt_signing_key_pub }}" + name: key.pub + +- name: "import gpg keys for apt" + shell: | + cd /home/apt + sudo -u apt gpg --import key key.pub + +- name: "delete temporary copies of keys" + file: + dest: "/home/apt/{{ item }}" + state: absent + with_items: + - key + - key.pub + +- name: "allow apt user to use incron" + lineinfile: + dest: /etc/incron.allow + line: apt + +- name: "crate reprepro configuration directory" + file: + path: /srv/apt/conf + state: directory + +- name: "create reprepro temp directory" + file: + state: directory + dest: /srv/apt/tmp + owner: apt + group: apt + mode: 0755 + +- name: "configure reprepro distributions" + template: + src: distributions.j2 + dest: /srv/apt/conf/distributions + +- name: "configure reprepro uploaders" + template: + src: uploaders.j2 + dest: /srv/apt/conf/uploaders + +- name: "configure reprepro incoming" + template: + src: incoming.j2 + dest: /srv/apt/conf/incoming + owner: apt + group: incoming + mode: 01777 + +- name: "create web root directory" + file: + state: directory + path: /srv/http + +- name: "install an index page in the web root directory" + copy: + content: | + {{ apt_index_content }} + dest: /srv/http/index.html + +- name: "configure apache to server APT repository over http" + template: + src: 000-default.conf + dest: /etc/apache2/sites-enabled/000-default.conf + owner: root + group: root + mode: 0644 + notify: restart apache2 + +- name: "install script to process uploads to APT" + copy: + src: process-incoming + dest: /home/apt/process-incoming + owner: apt + group: apt + mode: 0755 + +- name: "create incrontab for apt" + copy: + content: | + /srv/apt/incoming IN_CLOSE_WRITE /home/apt/process-incoming + dest: /home/apt/incrontab + owner: apt + group: apt + mode: 0644 + +- name: "set up incrontab for processing incoming uploads" + shell: | + sudo -u apt incrontab /home/apt/incrontab diff --git a/ansible/roles/apt-repository/templates/000-default.conf b/ansible/roles/apt-repository/templates/000-default.conf new file mode 100644 index 0000000..b62e1fd --- /dev/null +++ b/ansible/roles/apt-repository/templates/000-default.conf @@ -0,0 +1,18 @@ +<VirtualHost _default_> + ServerAdmin {{ apt_admin_email }} + + DocumentRoot /srv/http + Alias "/debian" "/srv/apt" + + <Directory /srv/http> + Require all granted + </Directory> + + <Directory /srv/apt> + Options +Indexes + Require all granted + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> diff --git a/ansible/roles/apt-repository/templates/distributions.j2 b/ansible/roles/apt-repository/templates/distributions.j2 new file mode 100644 index 0000000..ab3f861 --- /dev/null +++ b/ansible/roles/apt-repository/templates/distributions.j2 @@ -0,0 +1,12 @@ +{% for dist in apt_distributions %} + +Codename: {{ dist.codename }} +Suite: {{ dist.codename }} +Origin: {{ apt_domain }} +Description: {{ dist.description }} +Architectures: source {{ dist.architectures|default('amd64') }} +Components: {{ dist.components|default('main') }} +Uploaders: uploaders +Tracking: keep +SignWith: {{ apt_signing_key_fingerprint }} +{% endfor %} diff --git a/ansible/roles/apt-repository/templates/incoming.j2 b/ansible/roles/apt-repository/templates/incoming.j2 new file mode 100644 index 0000000..548c44b --- /dev/null +++ b/ansible/roles/apt-repository/templates/incoming.j2 @@ -0,0 +1,5 @@ +Name: default +IncomingDir: incoming +TempDir: tmp +Cleanup: on_error +Allow: {% for dist in apt_distributions %} {{ dist.codename }} {% endfor %} diff --git a/ansible/roles/apt-repository/templates/uploaders.j2 b/ansible/roles/apt-repository/templates/uploaders.j2 new file mode 100644 index 0000000..0891e6d --- /dev/null +++ b/ansible/roles/apt-repository/templates/uploaders.j2 @@ -0,0 +1 @@ +allow * by unsigned |