Add new role which sync arch-boxes images to the repos

Fix #272

playbooks/gemini.archlinux.org.yml

@@ -18,6 +18,7 @@
     - { role: nginx }
     - { role: archusers }
     - { role: dbscripts, repos_domain: "repos.archlinux.org", repos_rsync_domain: "rsync.archlinux.org", svntogit_repos: "/srv/svntogit/repos", postgres_ssl: 'on', tags: ['archusers'] }
+    - { role: arch_boxes_sync }
     - { role: archweb, archweb_site: false, archweb_services: true, archweb_mirrorcheck_locations: [5, 6] }
     - { role: sources, sources_domain: "sources.archlinux.org", sources_dir: "/srv/sources" }
     - { role: archive }

roles/arch_boxes_sync/files/arch-boxes-sync.service

+[Unit]
+Description=Sync arch-boxes releases
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/arch-boxes-sync

roles/arch_boxes_sync/files/arch-boxes-sync.sh

+#!/bin/bash
+set -o nounset -o errexit -o pipefail
+# https://docs.gitlab.com/ee/api/README.html#namespaced-path-encoding
+readonly PROJECT_ID="archlinux%2Farch-boxes"
+readonly JOB_NAME="build:secure"
+readonly ARCH_BOXES_PATH="/srv/ftp/images"
+readonly MAX_RELEASES="6" # 3 months
+
+RELEASES="$(curl --silent --show-error --fail "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/releases")"
+LATEST_RELEASE_TAG="$(jq -r .[0].tag_name <<< "${RELEASES}")"
+
+if [[ -d ${ARCH_BOXES_PATH}/${LATEST_RELEASE_TAG} ]]; then
+  echo "Nothing to do"
+  exit
+fi
+echo "Adding release: ${LATEST_RELEASE_TAG}"
+
+readonly TMPDIR="$(mktemp --directory --tmpdir="/var/tmp")"
+trap "rm -rf \"${TMPDIR}\"" EXIT
+cd "${TMPDIR}"
+
+curl --silent --show-error --fail --output "output.zip" "https://gitlab.archlinux.org/api/v4/projects/${PROJECT_ID}/jobs/artifacts/${LATEST_RELEASE_TAG}/download?job=${JOB_NAME}"
+mkdir "${LATEST_RELEASE_TAG}"
+unzip output.zip
+# People should download the vagrant images from Vagrant Cloud
+rm output/*.box{,.*}
+mv output/* "${LATEST_RELEASE_TAG}"
+
+mv "${LATEST_RELEASE_TAG}" "${ARCH_BOXES_PATH}/"
+ln -sf "${LATEST_RELEASE_TAG}" "${ARCH_BOXES_PATH}/latest"
+
+echo "Removing old releases"
+cd "${ARCH_BOXES_PATH}"
+comm --output-delimiter="" -3 <({ ls | grep -v latest | sort -r | head -n "${MAX_RELEASES}"; echo latest; } | sort) <(ls | sort) | xargs --no-run-if-empty rm -rvf

roles/arch_boxes_sync/files/arch-boxes-sync.timer

+[Unit]
+Description=Sync arch-boxes releases hourly
+
+[Timer]
+OnCalendar=hourly
+RandomizedDelaySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target

roles/arch_boxes_sync/tasks/main.yml

+---
+- name: install arch-boxes-sync.sh script dependencies
+  pacman: name=curl,jq,unzip state=present
+
+- name: install arch-boxes-sync.sh script
+  copy: src=arch-boxes-sync.sh dest=/usr/local/bin/ owner=root group=root mode=0755
+
+- name: install arch-boxes-sync.{service,timer}
+  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
+  loop:
+    - arch-boxes-sync.service
+    - arch-boxes-sync.timer
+  notify:
+    - daemon reload
+
+- name: start and enable arch-boxes-sync.timer
+  systemd: name=arch-boxes-sync.timer enabled=yes daemon_reload=yes state=started