Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
194bc84b
Commit
194bc84b
authored
Dec 08, 2020
by
Morten Linderud
🏄
Committed by
Kristian Klausen
Feb 04, 2022
Browse files
debuginfod: Implement role
Signed-off-by:
Morten Linderud
<
morten@linderud.pw
>
parent
85bb8f0e
Changes
6
Hide whitespace changes
Inline
Side-by-side
playbooks/debuginfod.archlinux.org.yml
0 → 100644
View file @
194bc84b
---
-
name
:
setup debuginfod.archlinux.org
hosts
:
debuginfod.archlinux.org
remote_user
:
root
roles
:
-
{
role
:
common
}
-
{
role
:
firewalld
}
-
{
role
:
wireguard
}
-
{
role
:
hardening
}
-
{
role
:
sshd
}
-
{
role
:
root_ssh
}
-
{
role
:
certbot
}
-
{
role
:
nginx
}
-
{
role
:
debuginfod
}
-
{
role
:
syncdebug
}
-
{
role
:
prometheus_exporters
}
-
{
role
:
promtail
}
roles/debuginfod/defaults/main.yml
0 → 100644
View file @
194bc84b
---
debuginfod_httpd
:
false
debuginfod_domain
:
debuginfod.archlinux.org
debuginfod_port
:
8002
debuginfod_database
:
/var/cache/debuginfod/debuginfod.sqlite
debuginfod_package_paths
:
-
/srv/ftp/pool/packages-debug
-
/srv/ftp/pool/community-debug
roles/debuginfod/handlers/main.yml
0 → 100644
View file @
194bc84b
---
-
name
:
reload debuginfod
service
:
name=debuginfod state=reloaded
roles/debuginfod/tasks/main.yml
0 → 100644
View file @
194bc84b
---
-
name
:
install debuginfod
pacman
:
name=debuginfod state=present
-
name
:
create ssl cert
include_role
:
name
:
certificate
vars
:
domains
:
[
"
{{
debuginfod_domain
}}"
]
when
:
debuginfod_domain
-
name
:
configure debuginfod systemd service
template
:
src=debuginfod.service.j2 dest=/usr/lib/systemd/system/debuginfod.service owner=root group=root mode=0644
vars
:
debuginfod_package_path
:
"
{{
debuginfod_package_paths
|
join('
')
}}"
notify
:
-
reload debuginfod
-
name
:
make nginx log dir
file
:
path=/var/log/nginx/{{ debuginfod_domain }} state=directory owner=root group=root mode=0755
-
name
:
set up nginx
template
:
src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/debuginfod.conf owner=root group=root mode=0644
notify
:
-
reload nginx
when
:
debuginfod_domain
tags
:
[
'
nginx'
]
-
name
:
start and enable debuginfod
service
:
name=debuginfod enabled=yes state=started
roles/debuginfod/templates/debuginfod.service.j2
0 → 100644
View file @
194bc84b
[Unit]
Description=debuginfod server
After=network.target network-online.target nss-lookup.target
[Service]
Type=simple
ExecStart=/usr/bin/debuginfod -d {{debuginfod_database}} -p {{debuginfod_port}} -F -Z .tar.zst=zstdcat {{debuginfod_package_path}}
Restart=on-failure
DynamicUser=yes
PrivateDevices=true
PrivateUsers=true
ProtectKernelTunables=true
ProtectControlGroups=true
ProtectKernelLogs=true
ProtectKernelModules=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
ReadOnlyPaths={{debuginfod_package_path}}
CacheDirectory=debuginfod
[Install]
WantedBy=multi-user.target
roles/debuginfod/templates/nginx.d.conf.j2
0 → 100644
View file @
194bc84b
server {
listen 80;
listen [::]:80;
server_name {{ debuginfod_domain }};
access_log /var/log/nginx/{{ debuginfod_domain }}/access.log reduced;
access_log /var/log/nginx/{{ debuginfod_domain }}/access.log.json json_reduced;
error_log /var/log/nginx/{{ debuginfod_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
access_log off;
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ debuginfod_domain }};
access_log /var/log/nginx/{{ debuginfod_domain }}/access.log reduced;
access_log /var/log/nginx/{{ debuginfod_domain }}/access.log.json json_reduced;
error_log /var/log/nginx/{{ debuginfod_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ debuginfod_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ debuginfod_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ debuginfod_domain }}/chain.pem;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass http://127.0.0.1:8002;
}
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment