From f354ae357b38b2cbfecbf44a3cd081f6f2a84d1b Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Sun, 19 Jan 2025 11:22:17 +0100
Subject: [PATCH] dbscripts: Bump to latest commit for repos/archive split
 fixes

0ebae15 ("chore(cron-jobs): Remove obsolete integrity-check script and friends")
2edd43d ("feat(db-archive): Archive package files atomically")
a56c710 ("feat(db-functions): Check the archive index in check_reproducible")
ea98599 ("fix(db-functions): Suppress realpath error output")

Fix #531
---
 roles/dbscripts/defaults/main.yml              |  4 ++--
 roles/dbscripts/files/archive-index.service    | 11 +++++++++++
 roles/dbscripts/files/archive-index.timer      |  6 ++++++
 roles/dbscripts/tasks/main.yml                 |  3 +++
 roles/dbscripts/templates/rsyncd.conf.proto.j2 |  1 +
 5 files changed, 23 insertions(+), 2 deletions(-)
 create mode 100644 roles/dbscripts/files/archive-index.service
 create mode 100644 roles/dbscripts/files/archive-index.timer

diff --git a/roles/dbscripts/defaults/main.yml b/roles/dbscripts/defaults/main.yml
index e67e0d8f7..39fe9ebb1 100644
--- a/roles/dbscripts/defaults/main.yml
+++ b/roles/dbscripts/defaults/main.yml
@@ -1,6 +1,6 @@
-dbscripts_commit: cde46716a8cde5424297c9ed350d43ad26e8b1f1
+dbscripts_commit: 0ebae15384d0f4acd79445a4beaf1599a7b379f7
 dbscripts_update: true
-dbscripts_pgp_emails: ['jelle@archlinux.org', 'anthraxx@archlinux.org', 'foxboron@archlinux.org']
+dbscripts_pgp_emails: ['jelle@archlinux.org', 'anthraxx@archlinux.org', 'foxboron@archlinux.org', 'kristian@klausen.dk']
 
 git_state_repo: /srv/repos/state
 git_pkg_cache: /srv/repos/pkg-cache
diff --git a/roles/dbscripts/files/archive-index.service b/roles/dbscripts/files/archive-index.service
new file mode 100644
index 000000000..705a8cd27
--- /dev/null
+++ b/roles/dbscripts/files/archive-index.service
@@ -0,0 +1,11 @@
+[Unit]
+# Fail-safe in case this is accidentally deployed on an archive server
+ConditionPathExists=!/srv/archive/repos
+
+[Service]
+User=archive
+Type=oneshot
+ExecStart=/srv/repos/git-packages/dbscripts/cron-jobs/archive-index
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/srv/archive
diff --git a/roles/dbscripts/files/archive-index.timer b/roles/dbscripts/files/archive-index.timer
new file mode 100644
index 000000000..bcd82802a
--- /dev/null
+++ b/roles/dbscripts/files/archive-index.timer
@@ -0,0 +1,6 @@
+[Timer]
+OnCalendar=hourly
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/dbscripts/tasks/main.yml b/roles/dbscripts/tasks/main.yml
index b2aab27ae..6e8fa7412 100644
--- a/roles/dbscripts/tasks/main.yml
+++ b/roles/dbscripts/tasks/main.yml
@@ -258,6 +258,8 @@
     - createlinks.service
     - archive-cleanup.service
     - archive-cleanup.timer
+    - archive-index.service
+    - archive-index.timer
 
 - name: Activate systemd timers
   service: name={{ item }} enabled=yes state=started
@@ -268,6 +270,7 @@
     - gen_rsyncd.timer
     - createlinks.timer
     - archive-cleanup.timer
+    - archive-index.timer
 
 # Allow different maintainers (unix users) to touch the git state repositories
 # https://git-scm.com/docs/git-config/2.35.2#Documentation/git-config.txt-safedirectory
diff --git a/roles/dbscripts/templates/rsyncd.conf.proto.j2 b/roles/dbscripts/templates/rsyncd.conf.proto.j2
index e6c85ecfd..ae62ca856 100644
--- a/roles/dbscripts/templates/rsyncd.conf.proto.j2
+++ b/roles/dbscripts/templates/rsyncd.conf.proto.j2
@@ -22,6 +22,7 @@ hosts deny = *
 [archive]
 	path = /srv/archive
 	comment = archive
+	exclude = .*
 	hosts allow = {{ hostvars['gemini.archlinux.org']['ipv4_address'] }} {{ hostvars['gemini.archlinux.org']['ipv6_address'] }}
 
 # Just the release/stable iso/packages (for most mirrors)
-- 
GitLab