Verified Commit 0c1c3664 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧 Committed by Giancarlo Razzolini
Browse files

Introduce AUR role

The ansible role for the Arch User Repository.

Thanks-to: Eli Schwartz <eschwartz@archlinux.org>
parent a15a009b
---
- name: setup aur server
hosts: 127.0.0.1
remote_user: root
roles:
- { role: mariadb, mariadb_innodb_buffer_pool_size: '64M', tags: ['mariadb'] , configure_zabbix_agent: False}
- { role: nginx, tags: ["nginx"] }
- { role: php-fpm, php_extensions: ['pdo_mysql'], tags: ["php-fpm"] }
- { role: aur, tags: ['aur'] }
---
aurweb_domain: 'www.aur.archlinux.org'
aurweb_repository: 'https://git.archlinux.org/aurweb.git'
aurweb_dir: '/srv/http/aurweb'
aurweb_conf_dir: '/etc/aurweb'
aurweb_git_dir: "{{ aurweb_dir }}/aur.git"
aurweb_git_hook: '/usr/local/bin/aurweb-git-update'
aurweb_version: 'master'
aurweb_db: 'aur'
aurweb_db_host: 'localhost'
aurweb_db_user: 'aur'
aurweb_db_password: 'aur'
aurweb_user: 'aurweb'
aurweb_socket: '/run/php-fpm/{{aurweb_user}}.socket'
[Unit]
Description=Update aurweb blacklist
Requires=mysqld.service
After=mysqld.service
[Service]
Type=Oneshot
User=aur
ExecStart=/usr/local/bin/aurweb-aurblup
[Unit]
Description=Update aurweb blacklist
[Timer]
OnStartupSec=2h
OnUnitActiveSec=2h
[Install]
WantedBy=timers.target
[Unit]
Description=Regenerate aurweb package and user lists
Requires=mysqld.service
After=mysqld.service
[Service]
Type=Oneshot
User=aur
ExecStart=/usr/local/bin/aurweb-mkpkglists
[Unit]
Description=Regenerate aurweb package and user lists
[Timer]
OnStartupSec=5m
OnUnitActiveSec=5m
[Install]
WantedBy=timers.target
[Unit]
Description=Delete old, empty reserved aurweb pkgbases
Requires=mysqld.service
After=mysqld.service
[Service]
Type=Oneshot
User=aur
ExecStart=/usr/local/bin/aurweb-pkgmaint
[Unit]
Description=Delete old, empty reserved aurweb pkgbases
[Timer]
OnStartupSec=2h
OnUnitActiveSec=2h
[Install]
WantedBy=timers.target
[Unit]
Description=Update aurweb per-package popularity counts
Requires=mysqld.service
After=mysqld.service
[Service]
Type=Oneshot
User=aur
ExecStart=/usr/local/bin/aurweb-popupdate
[Unit]
Description=Update aurweb per-package popularity counts
[Timer]
OnStartupSec=2h
OnUnitActiveSec=2h
[Install]
WantedBy=timers.target
[Unit]
Description=Send aurweb TU vote reminder emails
Requires=mysqld.service
After=mysqld.service
[Service]
Type=Oneshot
User=aur
ExecStart=/usr/local/bin/aurweb-tuvotereminder
[Unit]
Description=Send aurweb TU vote reminder emails
[Timer]
OnStartupSec=12h
OnUnitActiveSec=12h
[Install]
WantedBy=timers.target
---
- name: daemon reload
command: systemctl daemon-reload
- name: restart php-fpm@aurweb
service: name=php-fpm@{{ aurweb_user }} state=restarted
---
- name: install required packages
pacman: name=git,sudo,python-mysql-connector,python-pygit2,python-srcinfo,python-bleach,python-markdown,make,asciidoc state=present
- name: make aur user
user: name="{{ aurweb_user }}" shell=/bin/bash createhome=yes
- name: Create directory
file: path={{ aurweb_dir }} state=directory owner={{aurweb_user}} group=http mode=0775
- name: clone aurweb repo
git: >
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
version={{ aurweb_version }}
become: true
become_user: "{{aurweb_user}}"
register: release
- name: create aur db
mysql_db: name="{{ aurweb_db }}" login_host="{{ aurweb_db_host }}" login_password="{{ mariadb_users.root }}" encoding=utf8
register: db_created
- name: create aur db user
mysql_user: name={{ aurweb_db_user }} password={{ aurweb_db_password }}
login_host="{{ aurweb_db_host }}" login_password="{{ mariadb_users.root }}"
priv="{{ aurweb_db }}.*:ALL"
- name: enable innodb_large_prefix
mysql_variables:
login_host: "{{ aurweb_db_host }}"
login_password: "{{ mariadb_users.root }}"
variable: innodb_large_prefix
value: 1
- name: enable innodb_file_format
mysql_variables:
login_host: "{{ aurweb_db_host }}"
login_password: "{{ mariadb_users.root }}"
variable: innodb_file_format
value: Barracuda
- name: check if db is imported
shell: mysql -u {{ aurweb_db_user }} -p{{ aurweb_db_password }} -e "SELECT ID FROM Users" {{ aurweb_db }}
ignore_errors: true
register: db_imported
- name: import aur sql db
mysql_db:
state: import
name: "{{ aurweb_db }}"
login_host: "{{ aurweb_db_host }}"
login_password: "{{ mariadb_users.root }}"
target: "{{ aurweb_dir }}/schema/aur-schema.sql"
when: db_imported.rc != 0
- name: create aurweb conf dir
file: path={{ aurweb_conf_dir }} state=directory
- name: copy aurweb configuration file
copy: src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes
- name: install custom aurweb configuration
template: src=config.j2 dest={{ aurweb_conf_dir }}/config
- name: Install python module
shell: "python3 setup.py install --install-scripts=/usr/local/bin"
args:
chdir: "{{ aurweb_dir }}"
- name: Generate HTML documentation
make:
chdir: "{{ aurweb_dir }}/doc"
become: true
become_user: "{{aurweb_user}}"
- name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/aurweb.conf owner=root group=root mode=644
notify: reload nginx
tags: ['nginx']
- name: make nginx log dir
file: path=/var/log/nginx/{{ aurweb_domain }} state=directory owner=root group=root mode=0755
- name: configure php-fpm
template:
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ aurweb_user }}.conf"
owner=root group=root mode=0644
notify:
- restart php-fpm@{{ aurweb_user }}
- name: start and enable systemd socket
service: name=php-fpm@{{ aurweb_user }}.socket state=started enabled=true
- name: create git repo dir
file: path={{ aurweb_git_dir }} state=directory owner={{aurweb_user}} group=http mode=0775
- name: init git directory
command: git init --bare {{ aurweb_git_dir }}
args:
creates: "{{ aurweb_git_dir }}/HEAD"
become: true
become_user: "{{aurweb_user}}"
- shell: git config --local --get-all transfer.hideRefs
register: git_config
args:
chdir: "{{ aurweb_git_dir }}"
failed_when: git_config.rc == 2 # FIXME: does not work.
- name: configure git tranfser.hideRefs
command: git config --local transfer.hideRefs '^refs/'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{aurweb_user}}"
when: git_config.stdout.find('^refs/') == -1
- name: configure git transfer.hideRefs second
command: git config --local --add transfer.hideRefs '!refs/'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{aurweb_user}}"
when: git_config.stdout.find('!refs/') == -1
- name: configure git transfer.hideRefs third
command: git config --local --add transfer.hideRefs '!HEAD'
args:
chdir: "{{ aurweb_git_dir }}"
become: true
become_user: "{{aurweb_user}}"
when: git_config.stdout.find('!HEAD') == -1
- name: create symlink for git hook
file:
src: "{{ aurweb_git_hook }}"
dest: "{{ aurweb_git_dir }}/hooks/update"
state: link
- name: install AUR maintenance services/timers
copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- aurweb-aurblup.service
- aurweb-aurblup.timer
- aurweb-mkpkglists.service
- aurweb-mkpkglists.timer
- aurweb-pkgmaint.service
- aurweb-pkgmaint.timer
- aurweb-popupdate.service
- aurweb-popupdate.timer
- aurweb-tuvotereminder.service
- aurweb-tuvotereminder.timer
- name: start and enable AUR maintenance timers
service: name={{ item }} enabled=yes state=started
with_items:
- aurweb-aurblup.timer
- aurweb-mkpkglists.timer
- aurweb-pkgmaint.timer
- aurweb-popupdate.timer
- aurweb-tuvotereminder.timer
- name: install AUR git gc service/timer
template: src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items:
- aurweb-git.service
- aurweb-git.timer
- name: start and enable AUR git gc timer
service: name=aurweb-git.timer enabled=yes state=started
[Unit]
Description=Git gc AUR
[Service]
Type=Oneshot
User=aur
WorkingDirectory={{ aurweb_git_dir }}
ExecStart=/usr/bin/git gc
Nice=5
[Unit]
Description=Git gc & repack AUR
[Timer]
OnCalendar=daily
[Install]
WantedBy=timers.target
[database]
name = {{ aurweb_db }}
user = {{ aurweb_db_user }}
password = {{ aurweb_db_password }}
[options]
enable-maintenance = 0
localedir = {{ aurweb_dir }}/web/locale/
[serve]
repo-path = {{ aurweb_git_dir }}
git-shell-cmd = /usr/bin/sh
[aurblup]
db-path = {{ aurweb_dir }}/aurblup
server = https://mirrors.kernel.org/archlinux/%s/os/x86_64
[mkpkglists]
packagesfile = {{ aurweb_dir }}/web/html/packages.gz
pkgbasefile = {{ aurweb_dir }}/web/html/pkgbase.gz
userfile = {{ aurweb_dir }}/web/html/users.gz
upstream aurweb {
server unix://{{aurweb_socket}};
}
server {
listen 80;
listen [::]:80;
server_name {{ aurweb_domain }};
access_log /var/log/nginx/{{ aurweb_domain }}/access.log main;
error_log /var/log/nginx/{{ aurweb_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://{{ aurweb_domain }}$1 permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ aurweb_domain }};
access_log /var/log/nginx/{{ aurweb_domain }}/access.log main;
error_log /var/log/nginx/{{ aurweb_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ aurweb_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ aurweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ aurweb_domain }}/chain.pem;
root {{ aurweb_dir }}/web/html;
index index.php;
location ~ ^/[^/]+\.php($|/) {
fastcgi_pass aurweb;
fastcgi_index index.php;
fastcgi_split_path_info ^(/[^/]+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
location ~ .* {
rewrite ^/(.*)$ /index.php/$1 last;
}
}
[global]
error_log = syslog
daemonize = no
[{{ aurweb_user }}]
listen = {{ aurweb_socket }}
listen.owner = {{ aurweb_user }}
listen.group = http
listen.mode = 0660
pm = dynamic
pm.max_children = 80
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 20
pm.max_requests = 2000
php_admin_value[open_basedir] = {{aurweb_dir}}:/etc/aurweb/
php_admin_value[upload_tmp_dir] = {{ aurweb_dir }}/uploads
php_admin_value[session.save_path] = {{ aurweb_dir }}/sessions
env[TMPDIR] = {{ aurweb_dir }}/uploads
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment