mirror/infrastructure
1
1
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/infrastructure.git synced 2025-01-18 08:06:16 +01:00
Code Issues
keycloak-password-reset-time
infrastructure/roles/archbuild/tasks/main.yml
Christian Heusel f38d013c04
validate the sudoers files before using 
This is already done for the 'sudo' role, but we also have a few more
sudoers files which currently go in unverified.

Signed-off-by: Christian Heusel <christian@heusel.eu>
2024-04-24 19:28:19 +02:00

139 lines
3.7 KiB
YAML
Raw Permalink Blame History

- name: Install archbuild
pacman:
name:
- base-devel
- devtools
- zsh
- git
- subversion
- mercurial
- bzr
- ruby
- tig
- colordiff
- pkgdiff
- elinks
- appstream-generator
state: present
- name: Install archbuild scripts
copy: src={{ item }} dest=/usr/local/bin/{{ item }} owner=root group=root mode=0755
with_items:
- mkpkg
- pkgdiffrepo
- clean-chroots
- clean-dests
- clean-offload-build
- gitpkg
- name: Install archbuild config files
copy: src={{ item }} dest=/usr/local/share/{{ item }} owner=root group=root mode=0644
with_items:
- elinks-pkgdiffrepo.conf
- name: Install archbuild units
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- clean-chroots.timer
- clean-chroots.service
- clean-dests.timer
- clean-dests.service
- clean-offload-build.timer
- clean-offload-build.service
- var-lib-archbuilddest.mount
- strictatime@.service
notify:
- Daemon reload
- name: Install archbuild unit
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- var-lib-archbuild.mount
notify:
- Daemon reload
- name: Install archbuild user units
copy: src={{ item }} dest=/etc/systemd/user/{{ item }} owner=root group=root mode=0644
with_items:
- mkpkg@.timer
- mkpkg@.service
- name: Create drop-in directories for devtools
file: path=/etc/systemd/system/{{ item }}.d state=directory owner=root group=root mode=0755
with_items:
- arch-nspawn-.scope
- devtools.slice
- user-.slice
- name: Install drop-in snippets for devtools
copy: src=devtools-override_{{ item }}.conf dest=/etc/systemd/system/{{ item }}.d/override.conf owner=root group=root mode=0644
with_items:
- arch-nspawn-.scope
- devtools.slice
- user-.slice
notify:
- Daemon reload
- name: Start and enable archbuild mounts
service: name={{ item }} enabled={{ "yes" if archbuild_fs == 'tmpfs' else "no" }} state={{ "started" if archbuild_fs == 'tmpfs' else "stopped" }}
with_items:
- var-lib-archbuild.mount
- name: Start and enable archbuilddest mount
service: name={{ item }} enabled=yes state=started
with_items:
- var-lib-archbuilddest.mount
- name: Create archbuilddest
file:
state: directory
path: '/var/lib/{{ "/".join(item) }}'
owner: root
group: root
mode: '0777'
with_nested:
- [archbuilddest]
- [srcdest]
- name: Set acl on archbuilddest
acl:
name: '/var/lib/archbuilddest/{{ item[0] }}'
state: present
entry: '{{ item[1] }}'
with_nested:
- [srcdest]
- ['user::rwx',
'group::rwx',
'group:dev:rwx',
'group:tu:rwx',
'other::rwx',
'mask::rwx',
'default:user::rwx',
'default:group::r-x',
'default:group:dev:rwx',
'default:group:tu:rwx',
'default:other::r-x',
'default:mask::rwx']
- name: Start and enable archbuild units
service: name={{ item }} enabled=yes state=started
with_items:
- clean-chroots.timer
- clean-dests.timer
- clean-offload-build.timer
- name: Override makepkg.conf variables
lineinfile:
path: /etc/makepkg.conf
regexp: '^#?{{ item.name | regex_escape }}='
line: '{{ item.name }}={{ item.value }}'
loop:
- { name: MAKEFLAGS, value: '"-j$(nproc)"' }
- { name: SRCDEST, value: /var/lib/archbuilddest/srcdest }
- name: Install archbuild sudoers config
copy: src=sudoers dest=/etc/sudoers.d/archbuild owner=root group=root mode=0440 validate='visudo -cf %s'
- name: Install gitconfig
copy: src=gitconfig dest=/etc/gitconfig owner=root group=root mode=0644
View Git Blame Copy Permalink