Updated package cache"

pillars/servers/env/server/pkg.sls

@@ -1 +1 @@
-env: prod
+env: dev

pillars/servers/roles/server/pkg.sls

@@ -5,5 +5,5 @@ grains:
     - nrpe
     - saltminion
     - pkg-cache
-    - aurblobs
+    - aurutils
     - nginx-proxy

states/repos/aur/aur-local

@@ -0,0 +1,3 @@
+[aur-local]
+SigLevel = Never
+Server = http://pkg.actcur.com/archlinux/$repo/os/$arch

states/repos/aur/aur.conf

@@ -1,3 +0,0 @@
-[aur-local]
-SigLevel = Never
-Server = http://pkg.actcur.com/$repo/os/$arch

states/repos/aur/init.sls

@@ -1,5 +1,17 @@
 {%- if grains['os'] != "Arch ARM" -%}
-/etc/pacman.conf:
+aur_local_repo:
+  file.managed:
+    - name: /etc/pacman.d/aur-local
+    - source: salt://repos/aur/aur-local
+
+include_aur_local_repo:
   file.append:
-    - source: salt://repos/aur/aur.conf
+    - name: /etc/pacman.conf
+    - text: Include = /etc/pacman.d/aur-local
+
+remove_old_aur_local_repo:
+  file.replace:
+    - name: /etc/pacman.conf
+    - pattern: '\[aur-local\]\n.*SigLevel = Never\n.*Server = http:\/\/pkg\.actcur\.com\/\$repo\/os\/\$arch'
+    - repl: ''
 {%- endif -%}

states/roles/build/aurutils/init.sls

@@ -0,0 +1,5 @@
+install_old_dependencies:
+  pkg.installed:
+    - sources:
+      - aurutils: salt://roles/build/aurutils/aurutils.pkg.tar.zst
+      - autofs: salt://roles/build/aurutils/autofs.pkg.tar.zst

states/roles/maintain/aurutils/aur_builder

@@ -0,0 +1,3 @@
+[aur_builder]
+SigLevel = Optional TrustAll
+Server = file:///repo

states/roles/maintain/aurutils/init.sls

@@ -0,0 +1,49 @@
+sudo:
+  pkg.installed
+
+base-devel:
+  pkg.installed
+
+aur_builder_repo:
+  file.managed:
+    - name: /etc/pacman.d/aur_builder
+    - source: salt://roles/maintain/aurutils/aur_builder
+
+include_aur_builder_repo:
+  file.append:
+    - name: /etc/pacman.conf
+    - text: Include = /etc/pacman.d/aur_builder
+
+user-build:
+  user.present:
+    - name: build
+    - createhome: true
+  file.append:
+    - name: /etc/sudoers
+    - text: "build ALL=(ALL) NOPASSWD: ALL"
+
+/repo:
+  file.symlink:
+    - target: /mnt/pkgs/aur-local/os/x86_64/
+
+/build:
+  file.symlink:
+    - target: /mnt/build/
+
+"/usr/lib/systemd/system/updateaur.service":
+  file.managed:
+    - source: salt://roles/maintain/aurutils/updateaur.service
+    - user: root
+    - group: root
+    - mode: 644
+
+"/usr/lib/systemd/system/updateaur.timer":
+  file.managed:
+    - source: salt://roles/maintain/aurutils/updateaur.timer
+    - user: root
+    - group: root
+    - mode: 644
+
+#"updateaur.timer":
+#  service.running:
+#    - enable: true

states/roles/maintain/aurutils/updateaur.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Update AUR package repository
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+User=build
+Group=build
+ExecStart=/bin/bash -c "AUR_PAGER=ls aur sync -u --margs --noconfirm" 
+
+[Install]
+WantedBy=multi-user.target

states/roles/maintain/aurutils/updateaur.timer

@@ -0,0 +1,13 @@
+[Unit]
+Description=Updates AUR package repository every 24 hours
+
+[Timer]
+# Time to wait after booting before we run first time
+OnBootSec=10min
+# Time between running each consecutive time
+OnUnitActiveSec=1d
+Unit=updateaur.service
+
+[Install]
+WantedBy=multi-user.target
+

states/roles/maintain/pkg-cache.tmp/init.sls

@@ -0,0 +1,22 @@
+nginx-pkg-cache:
+  pkg.installed:
+    - pkgs:
+      - nginx
+  service.running:
+    - name: nginx
+    - enable: true
+    - watch:
+      - file: /etc/nginx/conf.d/*
+
+/srv/http/pacman-cache:
+  file.symlink:
+    - target: /mnt/pkgs
+
+/etc/nginx/conf.d/pkg-cache.conf:
+  file.managed:
+    - makedirs: true
+    - source: salt://roles/maintain/pkg-cache/pkg-cache.conf
+    - user: root
+    - group: root
+    - mode: 644
+    - template: jinja

states/roles/maintain/pkg-cache.tmp/pkg-cache.conf

@@ -12,10 +12,6 @@ server
 	location ~ aur-local\.(db|sig){
 		try_files $uri @pkg_mirror;
 	}
-	#TEMPORARY. Requests for teampass.db and sig files should stay here
-	location ~ teampass-temp\.(db|sig){
-		try_files $uri @pkg_mirror;
-	}
 
 	# Requests for package db and signature files should redirect upstream without caching
 	location ~ \.(db|sig)$ {

states/roles/maintain/pkg-cache/cache.conf

@@ -0,0 +1,47 @@
+log_format pkg-cache '$remote_addr - $upstream_cache_status [$time_local] $request_method $host$request_uri $server_protocol $status $body_bytes_sent $request_time $upstream_response_time';
+
+proxy_cache_path /cache
+                     levels=1:2  keys_zone=pkg-cache:60m
+                     inactive=365d use_temp_path=off max_size=10g;
+server {
+        listen 8000;
+        server_name pkg.actcur.com;
+
+        access_log /var/log/nginx/pkg-cache.access.log pkg-cache;
+        error_log /var/log/nginx/pkg-cache.error.log;
+
+        # Force proxy to use TLS for upstream server requests
+        proxy_ssl_protocols     TLSv1 TLSv1.1 TLSv1.2;
+        # Use previously negotiated connection parameters
+        proxy_ssl_session_reuse on;
+        # Enables revalidation of expired cache items using conditional requests with the "If-Modified-Since" and "If-None-Match" header fields.
+        proxy_cache_revalidate  on;
+        # Only one request at a time will be allowed to populate a new cache element
+        proxy_cache_lock        on;
+        # Cache any responses for 1 minute by default, can be overridden by more specific response codes
+        proxy_cache_valid       any 1m;
+
+        # Keep connections to upstream server open
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+        proxy_read_timeout     300;
+        proxy_connect_timeout  300;
+
+        location /archlinux/aur-local {
+                root /mnt/pkgs;
+        }
+
+        location / {
+                proxy_pass             http://repo.miserver.it.umich.edu/;
+                proxy_cache            pkg-cache; # This directive should match the keys_zone option
+                proxy_cache_revalidate on;
+                proxy_cache_min_uses   0;
+                proxy_cache_valid      200 5m;
+                proxy_cache_use_stale  error timeout invalid_header updating http_500 http_502 http_503 http_504;
+                proxy_cache_lock       on;
+
+                # Add some cache status headers for debugging purposes, you can remove these lines if you want
+                add_header X-Upstream-Status $upstream_status;
+                add_header X-Cache-Status $upstream_cache_status;
+        }
+}

states/roles/maintain/pkg-cache/init.sls

@@ -8,15 +8,14 @@ nginx-pkg-cache:
     - watch:
       - file: /etc/nginx/conf.d/*
 
-/srv/http/pacman-cache:
+/cache:
   file.symlink:
-    - target: /mnt/pkgs
+    - target: /mnt/pkgs/cache
 
-/etc/nginx/conf.d/pkg-cache.conf:
+/etc/nginx/conf.d/cache.conf:
   file.managed:
     - makedirs: true
-    - source: salt://roles/maintain/pkg-cache/pkg-cache.conf
+    - source: salt://roles/maintain/pkg-cache/cache.conf
     - user: root
     - group: root
     - mode: 644
-    - template: jinja

states/systems/arch/mirrors/mirrorlist

@@ -1,2 +1,2 @@
-Server = http://pkg.actcur.com/$repo/os/$arch
+Server = http://pkg.actcur.com/archlinux/$repo/os/$arch
 {% include 'mirrors.list' %}

states/top.sls

@@ -38,4 +38,4 @@
   {%- endif -%}
 {%- endif -%}
 {%- endfor %}
-    - systems.core.fstrim
+    - systems.core.fstrim