diff options
Diffstat (limited to 'roles/apt_repository/tasks/main.yml')
-rw-r--r-- | roles/apt_repository/tasks/main.yml | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/roles/apt_repository/tasks/main.yml b/roles/apt_repository/tasks/main.yml new file mode 100644 index 0000000..c3c7760 --- /dev/null +++ b/roles/apt_repository/tasks/main.yml @@ -0,0 +1,136 @@ +- name: create Unix users for repository, uploaders + user: + name: "{{ item.username }}" + shell: /bin/false + with_items: + - username: apt + - username: incoming + +- name: install uploader ssh keys into incoming authorized_keys + authorized_key: + user: incoming + key: "{{ item }}" + with_items: + - "{{ apt_uploader_ssh_public_keys }}" + +- name: install reprepro and related stuff + apt: + name: "{{ item }}" + with_items: + - reprepro + - incron + - apache2 + +- name: install apache tls module + apache2_module: + name: ssl + +- name: create APT repository directory + file: + state: directory + dest: /srv/apt + owner: apt + group: apt + mode: 0755 + +- name: configure apache to server repo over http + template: + src: "{{ item.src }}" + dest: "/etc/apache2/sites-available/{{ item.dest }}" + owner: root + group: root + mode: 0644 + notify: restart apache2 + with_items: + - src: apache-http.conf + dest: 000-default.conf + +- name: mkdir /src/apt/conf + file: + path: /srv/apt/conf + state: directory + +- name: create conf/distributions + template: + src: distributions.j2 + dest: /srv/apt/conf/distributions + +- name: create conf/uploaders + template: + src: uploaders + dest: /srv/apt/conf/uploaders + +- name: create conf/incoming + template: + src: incoming + dest: /srv/apt/conf/incoming + +- name: create incoming directory + file: + state: directory + dest: /srv/apt/incoming + owner: apt + group: incoming + mode: 01777 + +- name: create temp directory + file: + state: directory + dest: /srv/apt/tmp + owner: apt + group: apt + mode: 0755 + +- name: create .gnupg for apt user + file: + state: directory + dest: /home/apt/.gnupg + owner: apt + group: apt + mode: 0700 + +- name: copy over gpg keys to apt + copy: + content: "{{ item.content }}" + dest: "/home/apt/{{ item.name }}" + owner: apt + group: apt + mode: 0600 + with_items: + - content: "{{ apt_signing_key }}" + name: key + - content: "{{ apt_signing_key_pub }}" + name: key.pub + +- name: import gpg keys for apt + become_user: apt + shell: | + gpg --import key key.pub + +- name: delete temp key copies + file: + dest: "/home/apt/{{ item }}" + state: absent + with_items: + - key + - key.pub + +- name: allow aptuser use incron + lineinfile: + dest: /etc/incron.allow + line: apt + +- name: create process-incoming script + copy: + src: process-incoming + dest: /srv/apt/process-incoming + owner: apt + group: apt + mode: 0755 + +- name: set up incrontab for processing incoming uploads + shell: | + incrontab - << EOF + /srv/apt/incoming IN_CLOSE_WRITE /srv/apt/process-incoming + EOF + become_user: apt |