Verified Commit d69a1ec5 authored by Jelle van der Waa's avatar Jelle van der Waa 🚧
Browse files

Switch to rebuilderd-website package

Instead of relying on the mess of downloading a tarball release, use the
nicely packaged webapp.
parent ba9a77b8
rebuilderd_domain: reproducible.archlinux.org rebuilderd_domain: reproducible.archlinux.org
rebuilderd_nginx_conf: /etc/nginx/nginx.d/rebuilderd.conf rebuilderd_nginx_conf: /etc/nginx/nginx.d/rebuilderd.conf
rebuilder_website_release: 0.2 rebuilder_website_loc: /usr/share/webapps/rebuilderd-website
rebuilder_website_gpg: E499C79F53C96A54E572FEE1C06086337C50773E
rebuilder_website_tar: /tmp/website-{{ rebuilder_website_release }}.tar.gz
rebuilder_website_asc: /tmp/website-{{ rebuilder_website_release }}.tar.gz.asc
rebuilder_website_base: /srv/http/rebuilder
rebuilder_website_loc: "{{ rebuilder_website_base }}/rebuilder-website-{{ rebuilder_website_release }}"
rebuilder_website_url: https://github.com/jelly/archlinux-reproducible-status
- name: install required packages - name: install required packages
pacman: name=rebuilderd state=present pacman: name=rebuilderd,rebuilderd-website state=present
- name: create ssl cert - name: create ssl cert
command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ rebuilderd_domain }}' creates='/etc/letsencrypt/live/{{ rebuilderd_domain }}/fullchain.pem' command: certbot certonly --email webmaster@archlinux.org --agree-tos --rsa-key-size 4096 --renew-by-default --webroot -w {{ letsencrypt_validation_dir }} -d '{{ rebuilderd_domain }}' creates='/etc/letsencrypt/live/{{ rebuilderd_domain }}/fullchain.pem'
...@@ -14,37 +14,6 @@ ...@@ -14,37 +14,6 @@
- name: make nginx log dir - name: make nginx log dir
file: path=/var/log/nginx/{{ rebuilderd_domain }} state=directory owner=root group=root mode=0755 file: path=/var/log/nginx/{{ rebuilderd_domain }} state=directory owner=root group=root mode=0755
- name: make nginx http dir
file: path={{ rebuilder_website_base }} state=directory owner=root group=root mode=0755
- name: check latest release
stat: path={{ rebuilder_website_loc }}
register: rebuilder_release_dir
- name: receive valid signing keys
command: /usr/bin/gpg --keyserver pool.sks-keyservers.net --recv "{{ rebuilder_website_gpg }}"
when: not rebuilder_release_dir.stat.exists
- name: download latest rebuilderd website tar.gz
get_url:
url: "{{ rebuilder_website_url }}/releases/download/{{ rebuilder_website_release }}/rebuilder-website-{{ rebuilder_website_release }}.tar.gz"
dest: "{{ rebuilder_website_tar }}"
when: not rebuilder_release_dir.stat.exists
- name: download latest rebuilderd website tar.gz.asc
get_url:
url: "{{ rebuilder_website_url }}/releases/download/{{ rebuilder_website_release }}/rebuilder-website-{{ rebuilder_website_release }}.tar.gz.asc"
dest: "{{ rebuilder_website_asc }}"
when: not rebuilder_release_dir.stat.exists
- name: verify website release
command: /usr/bin/gpg --verify {{ rebuilder_website_asc }} {{ rebuilder_website_tar }}
when: not rebuilder_release_dir.stat.exists
- name: unpack website to /srv
unarchive: src={{ rebuilder_website_tar }} dest={{ rebuilder_website_base }} remote_src=yes owner=root group=root mode=0755
when: not rebuilder_release_dir.stat.exists
- name: set up nginx - name: set up nginx
template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/rebuilderd.conf owner=root group=root mode=0644 template: src=nginx.d.conf.j2 dest=/etc/nginx/nginx.d/rebuilderd.conf owner=root group=root mode=0644
notify: notify:
......
...@@ -3,7 +3,6 @@ distro = "archlinux" ...@@ -3,7 +3,6 @@ distro = "archlinux"
suite = "core" suite = "core"
architecture = "x86_64" architecture = "x86_64"
source = "https://mirror.pkgbuild.com/$repo/os/$arch" source = "https://mirror.pkgbuild.com/$repo/os/$arch"
excludes = ["gcc*"]
[profile."archlinux-extra"] [profile."archlinux-extra"]
distro = "archlinux" distro = "archlinux"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment