1 files changed, 136 insertions, 0 deletions

diff --git a/roles/apt_repository/tasks/main.yml b/roles/apt_repository/tasks/main.yml
new file mode 100644
index 0000000..c3c7760
--- /dev/null
+++ b/roles/apt_repository/tasks/main.yml
@@ -0,0 +1,136 @@
+- name: create Unix users for repository, uploaders
+  user:
+    name: "{{ item.username }}"
+    shell: /bin/false
+  with_items:
+    - username: apt
+    - username: incoming
+
+- name: install uploader ssh keys into incoming authorized_keys
+  authorized_key:
+    user: incoming
+    key: "{{ item }}"
+  with_items:
+    - "{{ apt_uploader_ssh_public_keys }}"
+
+- name: install reprepro and related stuff
+  apt:
+    name: "{{ item }}"
+  with_items:
+    - reprepro
+    - incron
+    - apache2
+
+- name: install apache tls module
+  apache2_module:
+    name: ssl
+
+- name: create APT repository directory
+  file:
+    state: directory
+    dest: /srv/apt
+    owner: apt
+    group: apt
+    mode: 0755
+
+- name: configure apache to server repo over http
+  template:
+    src: "{{ item.src }}"
+    dest: "/etc/apache2/sites-available/{{ item.dest }}"
+    owner: root
+    group: root
+    mode: 0644
+  notify: restart apache2
+  with_items:
+    - src: apache-http.conf
+      dest: 000-default.conf
+
+- name: mkdir /src/apt/conf
+  file:
+    path: /srv/apt/conf
+    state: directory
+
+- name: create conf/distributions
+  template:
+    src: distributions.j2
+    dest: /srv/apt/conf/distributions
+
+- name: create conf/uploaders
+  template:
+    src: uploaders
+    dest: /srv/apt/conf/uploaders
+
+- name: create conf/incoming
+  template:
+    src: incoming
+    dest: /srv/apt/conf/incoming
+
+- name: create incoming directory
+  file:
+    state: directory
+    dest: /srv/apt/incoming
+    owner: apt
+    group: incoming
+    mode: 01777
+
+- name: create temp directory
+  file:
+    state: directory
+    dest: /srv/apt/tmp
+    owner: apt
+    group: apt
+    mode: 0755
+
+- name: create .gnupg for apt user
+  file:
+    state: directory
+    dest: /home/apt/.gnupg
+    owner: apt
+    group: apt
+    mode: 0700
+
+- name: copy over gpg keys to apt
+  copy:
+    content: "{{ item.content }}"
+    dest: "/home/apt/{{ item.name }}"
+    owner: apt
+    group: apt
+    mode: 0600
+  with_items:
+    - content: "{{ apt_signing_key }}"
+      name: key
+    - content: "{{ apt_signing_key_pub }}"
+      name: key.pub
+
+- name: import gpg keys for apt
+  become_user: apt
+  shell: |
+    gpg --import key key.pub
+
+- name: delete temp key copies
+  file:
+    dest: "/home/apt/{{ item }}"
+    state: absent
+  with_items:
+    - key
+    - key.pub
+
+- name: allow aptuser use incron
+  lineinfile:
+    dest: /etc/incron.allow
+    line: apt
+
+- name: create process-incoming script
+  copy:
+    src: process-incoming
+    dest: /srv/apt/process-incoming
+    owner: apt
+    group: apt
+    mode: 0755
+
+- name: set up incrontab for processing incoming uploads
+  shell: |
+    incrontab - << EOF
+    /srv/apt/incoming IN_CLOSE_WRITE /srv/apt/process-incoming
+    EOF
+  become_user: apt