Add Archive

playbooks/orion.yml

@@ -19,3 +19,4 @@
     - { role: sudo, tags: ['sudo', 'archusers'] }
     - { role: archweb, archweb_site: false, archweb_services: true, archweb_mirrorcheck_locations: [5, 6], tags: ['archweb'] }
     - { role: sources, sources_domain: "sources.archlinux.org", sources_dir: "/srv/sources", tags: ['sources'] }
+    - { role: archive, archive_domain: "archive.archlinux.org", archive_dir: "/srv/archive", tags: ['archive'] }

roles/archive/tasks/main.yml

+---
+
+- name: install archivetools package
+  pacman: name=archivetools state=present
+
+- name: make archive dir
+  file:
+    path: "{{ archive_dir }}"
+    state: directory
+    owner: archive
+    group: archive
+    mode: 0755
+
+- name: setup archive configuration
+  template:
+    src: archive.conf.j2
+    dest: /etc/archive.conf
+    owner: root
+    group: root
+    mode: 0644
+
+- name: setup archive timer
+  systemd: name=archive.timer enabled=yes state=started
+
+- name: setup archive-hardlink timer
+  systemd: name=archive-hardlink.timer enabled=yes state=started
+
+- name: set up nginx
+  template:
+    src: nginx.d.conf.j2
+    dest: /etc/nginx/nginx.d/archive.conf
+    owner: root
+    group: root
+    mode: 0644
+  notify:
+    - reload nginx
+
+- name: make nginx log dir
+  file:
+    path: /var/log/nginx/{{ archive_domain }}
+    state: directory
+    owner: root
+    group: root
+    mode: 0755

roles/archive/templates/archive.conf.j2

+# vim:set sw=2 ts=2 ft=sh et:
+# This file is managed by Ansible. Local updates will be lost!
+
+# Archlinux remote rsync server
+ARCHIVE_RSYNC='rsync://rsync.archlinux.org/kitchensink_tier1/'
+
+# Archive local directory
+ARCHIVE_DIR='{{ archive_dir }}'
+
+# Archive User and Group
+ARCHIVE_USER=archive
+ARCHIVE_GROUP=archive
+
+# Package extensions
+PKGEXT='.pkg.tar.xz'
+PKGSIG="$PKGEXT.sig"
+
+# Umask used when archiving
+UMASK=022
+
+##############################################################################
+#### Repositories
+##############################################################################
+
+# Enable repositories archiving
+ARCHIVE_REPO=1
+
+# Enable daily repo trees
+# This offer daily, weekly, monthly, yearly snapshot trees
+REPO_DAYLY=1
+
+# Enable packages tree
+# Create a dedicated tree with packages sorted by name
+REPO_PACKAGES=1
+
+# Enable repository package index
+# Needed by agetpkg to list packages
+REPO_PACKAGES_INDEX=1
+
+# Search in all repository snapshop. This is slow.
+# Better option is to let it to 0 to look only in the last snapshot
+REPO_PACKAGES_FULL_SEARCH=0
+
+# Max duration in second of the rsyncing of the daily snapshot
+REPO_RSYNC_TIMEOUT=80000
+
+##############################################################################
+#### ISO
+##############################################################################
+
+# Enable ISO archiving
+ARCHIVE_ISO=1
+
+# Max duration in second of the rsyncing of the iso images
+ISO_RSYNC_TIMEOUT=6400

roles/archive/templates/nginx.d.conf.j2

+server {
+    listen       80;
+    listen       [::]:80;
+    server_name  {{ archive_domain }};
+
+    access_log   /var/log/nginx/{{ archive_domain }}/access.log;
+    error_log    /var/log/nginx/{{ archive_domain }}/error.log;
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        rewrite ^(.*) https://$server_name$1 permanent;
+    }
+}
+
+server {
+    listen       443 ssl http2;
+    listen       [::]:443 ssl http2;
+    server_name  {{ archive_domain }};
+
+    access_log   /var/log/nginx/{{ archive_domain }}/access.log;
+    error_log    /var/log/nginx/{{ archive_domain }}/error.log;
+
+    ssl_certificate      /etc/letsencrypt/live/{{ archive_domain }}/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/{{ archive_domain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ archive_domain }}/chain.pem;
+
+    root         {{ archive_dir }};
+
+    autoindex on;
+    autoindex_exact_size off;
+}