Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
infrastructure
Commits
f6bf5165
Verified
Commit
f6bf5165
authored
Feb 06, 2020
by
Giancarlo Razzolini
Browse files
roles/aur: Renamed to aurweb.
Renamed to aurweb
parent
850e278b
Changes
19
Hide whitespace changes
Inline
Side-by-side
roles/aur/defaults/main.yml
deleted
100644 → 0
View file @
850e278b
---
aurweb_domain
:
'
www.aur.archlinux.org'
aurweb_repository
:
'
https://git.archlinux.org/aurweb.git'
aurweb_dir
:
'
/srv/http/aurweb'
aurweb_conf_dir
:
'
/etc/aurweb'
aurweb_git_dir
:
"
{{
aurweb_dir
}}/aur.git"
aurweb_git_hook
:
'
/usr/local/bin/aurweb-git-update'
aurweb_version
:
'
master'
aurweb_db
:
'
aur'
aurweb_db_host
:
'
localhost'
aurweb_db_user
:
'
aur'
aurweb_db_password
:
'
aur'
aurweb_user
:
'
aurweb'
aurweb_socket
:
'
/run/php-fpm/{{aurweb_user}}.socket'
roles/aur/files/aurweb-aurblup.service
deleted
100644 → 0
View file @
850e278b
[Unit]
Description
=
Update aurweb blacklist
Requires
=
mysqld.service
After
=
mysqld.service
[Service]
Type
=
Oneshot
User
=
aur
ExecStart
=
/usr/local/bin/aurweb-aurblup
roles/aur/files/aurweb-aurblup.timer
deleted
100644 → 0
View file @
850e278b
[Unit]
Description=Update aurweb blacklist
[Timer]
OnStartupSec=2h
OnUnitActiveSec=2h
[Install]
WantedBy=timers.target
roles/aur/files/aurweb-mkpkglists.service
deleted
100644 → 0
View file @
850e278b
[Unit]
Description
=
Regenerate aurweb package and user lists
Requires
=
mysqld.service
After
=
mysqld.service
[Service]
Type
=
Oneshot
User
=
aur
ExecStart
=
/usr/local/bin/aurweb-mkpkglists
roles/aur/files/aurweb-mkpkglists.timer
deleted
100644 → 0
View file @
850e278b
[Unit]
Description=Regenerate aurweb package and user lists
[Timer]
OnStartupSec=5m
OnUnitActiveSec=5m
[Install]
WantedBy=timers.target
roles/aur/files/aurweb-pkgmaint.service
deleted
100644 → 0
View file @
850e278b
[Unit]
Description
=
Delete old, empty reserved aurweb pkgbases
Requires
=
mysqld.service
After
=
mysqld.service
[Service]
Type
=
Oneshot
User
=
aur
ExecStart
=
/usr/local/bin/aurweb-pkgmaint
roles/aur/files/aurweb-pkgmaint.timer
deleted
100644 → 0
View file @
850e278b
[Unit]
Description=Delete old, empty reserved aurweb pkgbases
[Timer]
OnStartupSec=2h
OnUnitActiveSec=2h
[Install]
WantedBy=timers.target
roles/aur/files/aurweb-popupdate.service
deleted
100644 → 0
View file @
850e278b
[Unit]
Description
=
Update aurweb per-package popularity counts
Requires
=
mysqld.service
After
=
mysqld.service
[Service]
Type
=
Oneshot
User
=
aur
ExecStart
=
/usr/local/bin/aurweb-popupdate
roles/aur/files/aurweb-popupdate.timer
deleted
100644 → 0
View file @
850e278b
[Unit]
Description=Update aurweb per-package popularity counts
[Timer]
OnStartupSec=2h
OnUnitActiveSec=2h
[Install]
WantedBy=timers.target
roles/aur/files/aurweb-tuvotereminder.service
deleted
100644 → 0
View file @
850e278b
[Unit]
Description
=
Send aurweb TU vote reminder emails
Requires
=
mysqld.service
After
=
mysqld.service
[Service]
Type
=
Oneshot
User
=
aur
ExecStart
=
/usr/local/bin/aurweb-tuvotereminder
roles/aur/files/aurweb-tuvotereminder.timer
deleted
100644 → 0
View file @
850e278b
[Unit]
Description=Send aurweb TU vote reminder emails
[Timer]
OnStartupSec=12h
OnUnitActiveSec=12h
[Install]
WantedBy=timers.target
roles/aur/handlers/main.yml
deleted
100644 → 0
View file @
850e278b
---
-
name
:
daemon reload
command
:
systemctl daemon-reload
-
name
:
restart php-fpm@aurweb
service
:
name=php-fpm@{{ aurweb_user }} state=restarted
-
name
:
restart sshd
service
:
name=sshd state=restarted
roles/aur/tasks/main.yml
deleted
100644 → 0
View file @
850e278b
---
-
name
:
install required packages
pacman
:
name=git,sudo,python-mysql-connector,python-pygit2,python-srcinfo,python-bleach,python-markdown,make,asciidoc state=present
-
name
:
make aur user
user
:
name="{{ aurweb_user }}" shell=/bin/bash createhome=yes
-
name
:
Create directory
file
:
path={{ aurweb_dir }} state=directory owner={{aurweb_user}} group=http mode=0775
-
name
:
clone aurweb repo
git
:
>
repo={{ aurweb_repository }}
dest="{{ aurweb_dir }}"
version={{ aurweb_version }}
become
:
true
become_user
:
"
{{aurweb_user}}"
register
:
release
-
name
:
create aur db
mysql_db
:
name="{{ aurweb_db }}" login_host="{{ aurweb_db_host }}" login_password="{{ mariadb_users.root }}" encoding=utf8
register
:
db_created
-
name
:
create aur db user
mysql_user
:
name={{ aurweb_db_user }} password={{ aurweb_db_password }}
login_host="{{ aurweb_db_host }}" login_password="{{ mariadb_users.root }}"
priv="{{ aurweb_db }}.*:ALL"
-
name
:
enable innodb_large_prefix
mysql_variables
:
login_host
:
"
{{
aurweb_db_host
}}"
login_password
:
"
{{
mariadb_users.root
}}"
variable
:
innodb_large_prefix
value
:
1
-
name
:
enable innodb_file_format
mysql_variables
:
login_host
:
"
{{
aurweb_db_host
}}"
login_password
:
"
{{
mariadb_users.root
}}"
variable
:
innodb_file_format
value
:
Barracuda
-
name
:
check if db is imported
shell
:
mysql -u {{ aurweb_db_user }} -p{{ aurweb_db_password }} -e "SELECT ID FROM Users" {{ aurweb_db }}
ignore_errors
:
true
register
:
db_imported
-
name
:
import aur sql db
mysql_db
:
state
:
import
name
:
"
{{
aurweb_db
}}"
login_host
:
"
{{
aurweb_db_host
}}"
login_password
:
"
{{
mariadb_users.root
}}"
target
:
"
{{
aurweb_dir
}}/schema/aur-schema.sql"
when
:
db_imported.rc !=
0
-
name
:
create aurweb conf dir
file
:
path={{ aurweb_conf_dir }} state=directory
-
name
:
copy aurweb configuration file
copy
:
src={{ aurweb_dir }}/conf/config.defaults dest={{ aurweb_conf_dir }}/config.defaults remote_src=yes
-
name
:
install custom aurweb configuration
template
:
src=config.j2 dest={{ aurweb_conf_dir }}/config
-
name
:
Install python module
shell
:
"
python3
setup.py
install
--install-scripts=/usr/local/bin"
args
:
chdir
:
"
{{
aurweb_dir
}}"
-
name
:
Generate HTML documentation
make
:
chdir
:
"
{{
aurweb_dir
}}/doc"
become
:
true
become_user
:
"
{{aurweb_user}}"
-
name
:
set up nginx
template
:
src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/aurweb.conf owner=root group=root mode=644
notify
:
reload nginx
tags
:
[
'
nginx'
]
-
name
:
make nginx log dir
file
:
path=/var/log/nginx/{{ aurweb_domain }} state=directory owner=root group=root mode=0755
-
name
:
configure php-fpm
template
:
src=php-fpm.conf.j2 dest="/etc/php/php-fpm.d/{{ aurweb_user }}.conf"
owner=root group=root mode=0644
notify
:
-
restart php-fpm@{{ aurweb_user }}
-
name
:
start and enable systemd socket
service
:
name=php-fpm@{{ aurweb_user }}.socket state=started enabled=true
-
name
:
create git repo dir
file
:
path={{ aurweb_git_dir }} state=directory owner={{aurweb_user}} group=http mode=0775
-
name
:
init git directory
command
:
git init --bare {{ aurweb_git_dir }}
args
:
creates
:
"
{{
aurweb_git_dir
}}/HEAD"
become
:
true
become_user
:
"
{{aurweb_user}}"
-
shell
:
git config --local --get-all transfer.hideRefs
register
:
git_config
args
:
chdir
:
"
{{
aurweb_git_dir
}}"
failed_when
:
git_config.rc ==
2
# FIXME: does not work.
-
name
:
configure git tranfser.hideRefs
command
:
git config --local transfer.hideRefs '^refs/'
args
:
chdir
:
"
{{
aurweb_git_dir
}}"
become
:
true
become_user
:
"
{{aurweb_user}}"
when
:
git_config.stdout.find('^refs/') == -1
-
name
:
configure git transfer.hideRefs second
command
:
git config --local --add transfer.hideRefs '!refs/'
args
:
chdir
:
"
{{
aurweb_git_dir
}}"
become
:
true
become_user
:
"
{{aurweb_user}}"
when
:
git_config.stdout.find('!refs/') == -1
-
name
:
configure git transfer.hideRefs third
command
:
git config --local --add transfer.hideRefs '!HEAD'
args
:
chdir
:
"
{{
aurweb_git_dir
}}"
become
:
true
become_user
:
"
{{aurweb_user}}"
when
:
git_config.stdout.find('!HEAD') == -1
-
name
:
create symlink for git hook
file
:
src
:
"
{{
aurweb_git_hook
}}"
dest
:
"
{{
aurweb_git_dir
}}/hooks/update"
state
:
link
-
name
:
install AUR maintenance services/timers
copy
:
src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items
:
-
aurweb-aurblup.service
-
aurweb-aurblup.timer
-
aurweb-mkpkglists.service
-
aurweb-mkpkglists.timer
-
aurweb-pkgmaint.service
-
aurweb-pkgmaint.timer
-
aurweb-popupdate.service
-
aurweb-popupdate.timer
-
aurweb-tuvotereminder.service
-
aurweb-tuvotereminder.timer
-
name
:
start and enable AUR maintenance timers
service
:
name={{ item }} enabled=yes state=started
with_items
:
-
aurweb-aurblup.timer
-
aurweb-mkpkglists.timer
-
aurweb-pkgmaint.timer
-
aurweb-popupdate.timer
-
aurweb-tuvotereminder.timer
-
name
:
install AUR git gc service/timer
template
:
src={{ item }}.j2 dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
with_items
:
-
aurweb-git.service
-
aurweb-git.timer
-
name
:
start and enable AUR git gc timer
service
:
name=aurweb-git.timer enabled=yes state=started
-
name
:
configure sshd
template
:
src=sshd_config.j2 dest=/etc/ssh/sshd_config owner=root group=root mode=0644 validate='/usr/sbin/sshd -t -f %s'
notify
:
-
restart sshd
roles/aur/templates/aurweb-git.service.j2
deleted
100644 → 0
View file @
850e278b
[Unit]
Description=Git gc AUR
[Service]
Type=Oneshot
User=aur
WorkingDirectory={{ aurweb_git_dir }}
ExecStart=/usr/bin/git gc
Nice=5
roles/aur/templates/aurweb-git.timer.j2
deleted
100644 → 0
View file @
850e278b
[Unit]
Description=Git gc & repack AUR
[Timer]
OnCalendar=daily
[Install]
WantedBy=timers.target
roles/aur/templates/config.j2
deleted
100644 → 0
View file @
850e278b
[database]
name = {{ aurweb_db }}
user = {{ aurweb_db_user }}
password = {{ aurweb_db_password }}
[options]
enable-maintenance = 0
localedir = {{ aurweb_dir }}/web/locale/
[serve]
repo-path = {{ aurweb_git_dir }}
git-shell-cmd = /usr/bin/sh
[aurblup]
db-path = {{ aurweb_dir }}/aurblup
server = https://mirrors.kernel.org/archlinux/%s/os/x86_64
[mkpkglists]
packagesfile = {{ aurweb_dir }}/web/html/packages.gz
pkgbasefile = {{ aurweb_dir }}/web/html/pkgbase.gz
userfile = {{ aurweb_dir }}/web/html/users.gz
roles/aur/templates/nginx.d.conf.j2
deleted
100644 → 0
View file @
850e278b
upstream aurweb {
server unix://{{aurweb_socket}};
}
server {
listen 80;
listen [::]:80;
server_name {{ aurweb_domain }};
access_log /var/log/nginx/{{ aurweb_domain }}/access.log main;
error_log /var/log/nginx/{{ aurweb_domain }}/error.log;
include snippets/letsencrypt.conf;
location / {
rewrite ^(.*) https://{{ aurweb_domain }}$1 permanent;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name {{ aurweb_domain }};
access_log /var/log/nginx/{{ aurweb_domain }}/access.log main;
error_log /var/log/nginx/{{ aurweb_domain }}/error.log;
ssl_certificate /etc/letsencrypt/live/{{ aurweb_domain }}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/{{ aurweb_domain }}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/{{ aurweb_domain }}/chain.pem;
root {{ aurweb_dir }}/web/html;
index index.php;
location ~ ^/[^/]+\.php($|/) {
fastcgi_pass aurweb;
fastcgi_index index.php;
fastcgi_split_path_info ^(/[^/]+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
}
location ~ .* {
rewrite ^/(.*)$ /index.php/$1 last;
}
}
roles/aur/templates/php-fpm.conf.j2
deleted
100644 → 0
View file @
850e278b
[global]
error_log = syslog
daemonize = no
[{{ aurweb_user }}]
listen = {{ aurweb_socket }}
listen.owner = {{ aurweb_user }}
listen.group = http
listen.mode = 0660
pm = dynamic
pm.max_children = 80
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 20
pm.max_requests = 2000
php_admin_value[open_basedir] = {{aurweb_dir}}:/etc/aurweb/
php_admin_value[upload_tmp_dir] = {{ aurweb_dir }}/uploads
php_admin_value[session.save_path] = {{ aurweb_dir }}/sessions
env[TMPDIR] = {{ aurweb_dir }}/uploads
roles/aur/templates/sshd_config.j2
deleted
100644 → 0
View file @
850e278b
# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options override the
# default value.
#Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_ecdsa_key
#HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
#RekeyLimit default none
# Logging
#SyslogFacility AUTH
LogLevel VERBOSE
# Authentication:
#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
#PubkeyAuthentication yes
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
#AuthorizedPrincipalsFile none
#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no # pam does that
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none
# no default banner path
#Banner none
# override default of no subsystems
Subsystem sftp /usr/lib/ssh/sftp-server
# unlink forwarded sockets; for gpg agent forwarding
StreamLocalBindUnlink yes
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# PermitTTY no
# ForceCommand cvs server
Match User aur
PasswordAuthentication no
AuthorizedKeysCommand /usr/local/bin/aurweb-git-auth "%t" "%k"
AuthorizedKeysCommandUser aur
AcceptEnv AUR_OVERWRITE
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
