mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
fix/tempo
infrastructure/roles/dbscripts/tasks/main.yml
Kristian Klausen 7fdcc76928
Revert "dbscripts: Add tmpfiles.d/rsyncd.conf for abs and friends" 
It is unclear why this was added, as we can just use the default lock
file path (/var/run/rsyncd.lock). Using a non-default path was not added
in the offending commit, but remove it in this revert commit
nevertheless, so the commit can be reverted.

This reverts commit e4e07516a3c78da22a0984b35cbc86f00836bfe9.
2024-06-08 20:32:05 +02:00

267 lines
11 KiB
YAML
Raw Permalink Blame History

- name: Install git, rsync and some perl stuff
pacman: name=git,rsync,perl-dbd-pg,perl-timedate,diffstat state=present
- name: Install sourceballs requirements (makepkg download dependencies)
pacman: name=git,subversion,mercurial,breezy state=present
- name: Install binutils for createlinks script
pacman: name=binutils state=present
- name: Install fcgiwrap for the Git repo
pacman: name=fcgiwrap state=present
- name: Install fcgiwrap for the Git repo
systemd: name=fcgiwrap.socket enabled=yes state=started
- name: Allow state repo to be exported
file: path="/srv/repos/state/.git/git-daemon-export-ok" state=touch owner=git-packages group=junior-packager mode=0644
- name: Create dbscripts users
user: name="{{ item }}" shell=/bin/bash
with_items:
- git-packages
- name: Add cleanup user
user: name=cleanup groups=junior-dev,dev,junior-packager,packager shell=/sbin/nologin
- name: Add sourceballs user
user: name=sourceballs shell=/sbin/nologin
- name: Set up sudoers.d for special users
copy: src=sudoers.d dest=/etc/sudoers.d/dbscripts owner=root group=root mode=0600 validate='visudo -cf %s'
- name: Create ssl cert
include_role:
name: certificate
vars:
domains: ["{{ repos_domain }}", "{{ repos_rsync_domain }}"]
- name: Make nginx log dir
file: path=/var/log/nginx/{{ repos_domain }} state=directory owner=root group=root mode=0755
- name: Set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/dbscripts.conf owner=root group=root mode=0644
notify:
- Reload nginx
tags:
- nginx
- name: Create Arch Linux-specific users
ansible.builtin.user:
name: "{{ item.key }}"
group: users
groups: "{{ item.value.groups | join(',') }}"
comment: "{{ item.value.name }}"
state: present
with_dict: "{{ arch_users }}"
- name: Create /etc/dbscripts directory
file: path=/etc/dbscripts state=directory owner=root group=root mode=0755
- name: Generate dbscripts authors mapping
template: src=authors.conf.j2 dest=/etc/dbscripts/authors.conf owner=root group=root mode=644
vars:
packager_groups: ['packager', 'junior-packager', 'dev', 'junior-dev']
tags: ['archusers']
- name: Create staging directories in user homes
dbscripts_mkdirs:
pathtmpl: '/home/{user}/staging/{dirname}'
permissions: '755'
directories: ['', 'core', 'extra', 'multilib', 'multilib-staging', 'multilib-testing', 'core-testing', 'core-staging', 'extra-testing', 'extra-staging']
users: "{{ arch_users.keys() | list }}"
group: users
tags: ["archusers"]
- name: Create dbscripts paths
file: path="{{ item }}" state=directory owner=root group=root mode=0755
with_items:
- /srv/repos/git-packages
- name: Create git-packages/package-cleanup directory
file: path="/srv/repos/git-packages/package-cleanup" state=directory owner=git-packages group=junior-packager mode=0775
- name: Add acl user:cleanup:rwx to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="user:cleanup:rwx" state=present
- name: Add acl default:user::rwx to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="default:user::rwx" state=present
- name: Add acl default:user:cleanup:rwx to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="default:user:cleanup:rwx" state=present
- name: Add acl default:group::rwx to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="default:group::rwx" state=present
- name: Add acl default:other::r-x to /srv/repos/git-packages/package-cleanup
acl: name=/srv/repos/git-packages/package-cleanup entry="default:other::r-x" state=present
- name: Create git-packages/source-cleanup directory
file: path="/srv/repos/git-packages/source-cleanup" state=directory owner=sourceballs group=git-packages mode=0755
- name: Add acl default:junior-packager::rwx to /srv/repos/state
acl: name=/srv/repos/git-packages/package-cleanup entry="default:group:junior-packager:rwx" state=present
- name: Create pkg cache directory
file: path="{{ git_pkg_cache }}" state=directory owner=git-packages group=junior-packager mode=0775
- name: Create state directory
file: path="{{ git_state_repo }}" state=directory owner=git-packages group=junior-packager mode=0775
- name: Create lock directory
file: path="{{ lock_dir }}" state=directory owner=git-packages group=junior-packager mode=0775
- name: Add acl default:group:junior-packager:rw- to lock_dir
acl: name="{{ lock_dir }}" entry="default:group:junior-packager:rw-" state=present
- name: Set permissions for state directory
file: path="{{ git_state_repo }}" state=directory owner=git-packages group=junior-packager mode=0775
- name: Add acl default:group:junior-packager:rw- to git_state_repo
acl: name="{{ git_state_repo }}" entry="default:group:junior-packager:rw-" state=present
- name: Git init repository # noqa command-instead-of-module
command: /usr/bin/git init --shared=group "{{ git_state_repo }}"
args:
creates: "{{ git_state_repo }}/.git/config"
- name: Create git-packages/tmp directory
file: path="/srv/repos/git-packages/tmp" state=directory owner=git-packages group=junior-packager mode=1775
- name: Add acl user:sourceballs:rwx to /srv/repos/git-packages/tmp
acl: name=/srv/repos/git-packages/tmp entry="user:sourceballs:rwx" state=present
- name: Add acl user:cleanup:rwx to /srv/repos/git-packages/tmp
acl: name=/srv/repos/git-packages/tmp entry="user:cleanup:rwx" state=present
- name: Touch /srv/ftp/lastsync file
file: path="/srv/ftp/lastsync" state=touch owner=ftp group=ftp mode=0644
- name: Touch /srv/ftp/lastupdate file
file: path="/srv/ftp/lastupdate" state=touch owner=ftp group=ftp mode=0644
- name: Add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:packager:rw-" state=present
- name: Add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:junior-packager:rw-" state=present
- name: Add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:dev:rw-" state=present
- name: Add acl group:dev:rw- to /srv/ftp/lastupdate
acl: name=/srv/ftp/lastupdate entry="group:junior-dev:rw-" state=present
- name: Fetch dbscripts PGP key
command: /usr/bin/gpg --keyserver keys.openpgp.org --auto-key-locate wkd,keyserver --locate-keys {{ item }}
with_items: '{{ dbscripts_pgp_emails }}'
register: gpg
changed_when: "gpg.rc == 0"
- name: Clone dbscripts git repo
git: >
dest=/srv/repos/git-packages/dbscripts
repo=https://gitlab.archlinux.org/archlinux/dbscripts.git
version={{ dbscripts_commit }} update={{ dbscripts_update }}
verify_commit=yes
- name: Symlink config file
file: path=/srv/repos/git-packages/dbscripts/config.local src=config.local.git state=link owner=root group=root mode=0644
- name: Symlink /packages to /srv/repos/git-packages/dbscripts
file: path=/packages src=/srv/repos/git-packages/dbscripts state=link owner=root group=root mode=0755
- name: Symlink dbscript binaries to /usr/local/bin
file: path=/usr/local/bin/{{ item }} src=/packages/{{ item }} state=link owner=root group=root mode=0755
with_items:
- db-move
- db-update
- db-remove
- db-repo-add
- db-repo-remove
- testing2x
- name: Make debug packages pool
file: path=/srv/ftp/pool/packages state=directory owner=root group=junior-packager mode=0775
- name: Make debug packages-debug pool
file: path=/srv/ftp/pool/packages-debug state=directory owner=root group=junior-packager mode=0775
- name: Make junior developer root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ junior_developer_repos }}'
- name: Make junior developer repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-dev mode=0775
with_items: '{{ junior_developer_repos }}'
- name: Make developer root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ developer_repos }}'
- name: Make developer repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=dev mode=0775
with_items: '{{ developer_repos }}'
- name: Make junior packager root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ junior_packager_repos }}'
- name: Make junior packager repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=junior-packager mode=0775
with_items: '{{ junior_packager_repos }}'
- name: Make packager root repos
file: path=/srv/ftp/{{ item }}/os state=directory owner=root group=root mode=0755
with_items: '{{ packager_repos }}'
- name: Make packager repos
file: path=/srv/ftp/{{ item }}/os/x86_64 state=directory owner=root group=packager mode=0775
with_items: '{{ packager_repos }}'
- name: Make /srv/ftp/other/packages available
file: path=/srv/ftp/other/packages state=directory owner=root group=junior-dev mode=0775
- name: Create rsyncd-conf-genscripts
file: path=/etc/rsyncd-conf-genscripts state=directory owner=root group=root mode=0700
- name: Install rsync.conf.proto
template: src=rsyncd.conf.proto.j2 dest=/etc/rsyncd-conf-genscripts/rsyncd.conf.proto owner=root group=root mode=0644
- name: Configure gen_rsyncd.conf.pl
template: src=gen_rsyncd.conf.pl dest=/etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl owner=root group=root mode=0700
no_log: true
- name: Generate mirror config
command: /etc/rsyncd-conf-genscripts/gen_rsyncd.conf.pl
register: gen_rsyncd
changed_when: "gen_rsyncd.rc == 0"
- name: Install createlinks script
copy: src=createlinks dest=/usr/local/bin/createlinks owner=root group=root mode=0755
- name: Start and enable rsync
service: name=rsyncd.socket enabled=yes state=started
- name: Open firewall holes for rsync
ansible.posix.firewalld: service=rsyncd permanent=true state=enabled immediate=yes
when: configure_firewall
tags:
- firewall
- name: Install systemd timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- cleanup.timer
- cleanup.service
- sourceballs.timer
- sourceballs.service
- lastsync.timer
- lastsync.service
- gen_rsyncd.timer
- gen_rsyncd.service
- createlinks.timer
- createlinks.service
- name: Activate systemd timers
service: name={{ item }} enabled=yes state=started
with_items:
- cleanup.timer
- sourceballs.timer
- lastsync.timer
- gen_rsyncd.timer
- createlinks.timer
# Allow different maintainers (unix users) to touch the git state repositories
# https://git-scm.com/docs/git-config/2.35.2#Documentation/git-config.txt-safedirectory
- name: Install gitconfig
copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644
View Git Blame Copy Permalink