blob: 84a796211bbcc7fdf58c863e99940b4002528bcf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
|
- name: create Unix users for repository, uploaders
user:
name: "{{ item.username }}"
with_items:
- username: apt
- username: incoming
- name: install uploader ssh keys into incoming authorized_keys
authorized_key:
user: incoming
key: "{{ item }}"
with_items:
- "{{ apt_uploader_ssh_public_keys }}"
- name: install reprepro and related stuff
apt:
name: "{{ item }}"
with_items:
- reprepro
- incron
- apache2
# - name: install apache tls module
# apache2_module:
# name: ssl
- name: create APT repository directory
file:
state: directory
dest: /srv/apt
owner: apt
group: apt
mode: 0755
- name: configure apache to only listen on port 8080
lineinfile:
dest: /etc/apache2/ports.conf
regexp: "^ *Listen .*$"
line: "Listen 8080"
- name: configure apache to server repo over http
template:
src: "{{ item.src }}"
dest: "/etc/apache2/sites-available/{{ item.dest }}"
owner: root
group: root
mode: 0644
notify: restart apache2
with_items:
- src: apache-http.conf
dest: 000-default.conf
- name: restart Apache
systemd:
name: apache2
state: restarted
- name: mkdir /src/apt/conf
file:
path: /srv/apt/conf
state: directory
- name: create conf/distributions
template:
src: distributions.j2
dest: /srv/apt/conf/distributions
- name: create conf/uploaders
template:
src: uploaders
dest: /srv/apt/conf/uploaders
- name: create conf/incoming
template:
src: incoming
dest: /srv/apt/conf/incoming
- name: create incoming directory
file:
state: directory
dest: /srv/apt/incoming
owner: apt
group: incoming
mode: 01777
- name: create temp directory
file:
state: directory
dest: /srv/apt/tmp
owner: apt
group: apt
mode: 0755
- name: create .gnupg for apt user
file:
state: directory
dest: /home/apt/.gnupg
owner: apt
group: apt
mode: 0700
- name: copy over gpg keys to apt
copy:
content: "{{ item.content }}"
dest: "/home/apt/{{ item.name }}"
owner: apt
group: apt
mode: 0600
with_items:
- content: "{{ apt_signing_key }}"
name: key
- content: "{{ apt_signing_key_pub }}"
name: key.pub
- name: import gpg keys for apt
become_user: apt
shell: |
cd /home/apt
gpg --import key key.pub
- name: delete temp key copies
file:
dest: "/home/apt/{{ item }}"
state: absent
with_items:
- key
- key.pub
- name: allow aptuser use incron
lineinfile:
dest: /etc/incron.allow
line: apt
- name: create process-incoming script
copy:
src: process-incoming
dest: /srv/apt/process-incoming
owner: apt
group: apt
mode: 0755
- name: set up incrontab for processing incoming uploads
shell: |
incrontab - << EOF
/srv/apt/incoming IN_CLOSE_WRITE /srv/apt/process-incoming
EOF
become_user: apt
|