diff --git a/pillars/servers/env/server/pkg.sls b/pillars/servers/env/server/pkg.sls index 2fdef9a..b8500d2 100644 --- a/pillars/servers/env/server/pkg.sls +++ b/pillars/servers/env/server/pkg.sls @@ -1 +1 @@ -env: prod +env: dev diff --git a/pillars/servers/roles/server/pkg.sls b/pillars/servers/roles/server/pkg.sls index c17476c..e49b3f5 100644 --- a/pillars/servers/roles/server/pkg.sls +++ b/pillars/servers/roles/server/pkg.sls @@ -5,5 +5,5 @@ grains: - nrpe - saltminion - pkg-cache - - aurblobs + - aurutils - nginx-proxy diff --git a/states/repos/aur/aur-local b/states/repos/aur/aur-local new file mode 100644 index 0000000..7b8486b --- /dev/null +++ b/states/repos/aur/aur-local @@ -0,0 +1,3 @@ +[aur-local] +SigLevel = Never +Server = http://pkg.actcur.com/archlinux/$repo/os/$arch diff --git a/states/repos/aur/aur.conf b/states/repos/aur/aur.conf deleted file mode 100644 index 13fd976..0000000 --- a/states/repos/aur/aur.conf +++ /dev/null @@ -1,3 +0,0 @@ -[aur-local] -SigLevel = Never -Server = http://pkg.actcur.com/$repo/os/$arch diff --git a/states/repos/aur/init.sls b/states/repos/aur/init.sls index 42375d6..e0d3251 100644 --- a/states/repos/aur/init.sls +++ b/states/repos/aur/init.sls @@ -1,5 +1,17 @@ {%- if grains['os'] != "Arch ARM" -%} -/etc/pacman.conf: +aur_local_repo: + file.managed: + - name: /etc/pacman.d/aur-local + - source: salt://repos/aur/aur-local + +include_aur_local_repo: file.append: - - source: salt://repos/aur/aur.conf + - name: /etc/pacman.conf + - text: Include = /etc/pacman.d/aur-local + +remove_old_aur_local_repo: + file.replace: + - name: /etc/pacman.conf + - pattern: '\[aur-local\]\n.*SigLevel = Never\n.*Server = http:\/\/pkg\.actcur\.com\/\$repo\/os\/\$arch' + - repl: '' {%- endif -%} diff --git a/states/roles/build/aurutils/aurutils.pkg.tar.zst b/states/roles/build/aurutils/aurutils.pkg.tar.zst new file mode 100644 index 0000000..1992877 Binary files /dev/null and b/states/roles/build/aurutils/aurutils.pkg.tar.zst differ diff --git a/states/roles/build/aurutils/autofs.pkg.tar.zst b/states/roles/build/aurutils/autofs.pkg.tar.zst new file mode 100644 index 0000000..ca8beec Binary files /dev/null and b/states/roles/build/aurutils/autofs.pkg.tar.zst differ diff --git a/states/roles/build/aurutils/init.sls b/states/roles/build/aurutils/init.sls new file mode 100644 index 0000000..059a76d --- /dev/null +++ b/states/roles/build/aurutils/init.sls @@ -0,0 +1,5 @@ +install_old_dependencies: + pkg.installed: + - sources: + - aurutils: salt://roles/build/aurutils/aurutils.pkg.tar.zst + - autofs: salt://roles/build/aurutils/autofs.pkg.tar.zst diff --git a/states/roles/maintain/aurutils/aur_builder b/states/roles/maintain/aurutils/aur_builder new file mode 100644 index 0000000..56352a9 --- /dev/null +++ b/states/roles/maintain/aurutils/aur_builder @@ -0,0 +1,3 @@ +[aur_builder] +SigLevel = Optional TrustAll +Server = file:///repo diff --git a/states/roles/maintain/aurutils/init.sls b/states/roles/maintain/aurutils/init.sls new file mode 100644 index 0000000..4933314 --- /dev/null +++ b/states/roles/maintain/aurutils/init.sls @@ -0,0 +1,49 @@ +sudo: + pkg.installed + +base-devel: + pkg.installed + +aur_builder_repo: + file.managed: + - name: /etc/pacman.d/aur_builder + - source: salt://roles/maintain/aurutils/aur_builder + +include_aur_builder_repo: + file.append: + - name: /etc/pacman.conf + - text: Include = /etc/pacman.d/aur_builder + +user-build: + user.present: + - name: build + - createhome: true + file.append: + - name: /etc/sudoers + - text: "build ALL=(ALL) NOPASSWD: ALL" + +/repo: + file.symlink: + - target: /mnt/pkgs/aur-local/os/x86_64/ + +/build: + file.symlink: + - target: /mnt/build/ + +"/usr/lib/systemd/system/updateaur.service": + file.managed: + - source: salt://roles/maintain/aurutils/updateaur.service + - user: root + - group: root + - mode: 644 + +"/usr/lib/systemd/system/updateaur.timer": + file.managed: + - source: salt://roles/maintain/aurutils/updateaur.timer + - user: root + - group: root + - mode: 644 + +#"updateaur.timer": +# service.running: +# - enable: true diff --git a/states/roles/maintain/aurutils/updateaur.service b/states/roles/maintain/aurutils/updateaur.service new file mode 100644 index 0000000..551af26 --- /dev/null +++ b/states/roles/maintain/aurutils/updateaur.service @@ -0,0 +1,12 @@ +[Unit] +Description=Update AUR package repository + +[Service] +Type=oneshot +RemainAfterExit=no +User=build +Group=build +ExecStart=/bin/bash -c "AUR_PAGER=ls aur sync -u --margs --noconfirm" + +[Install] +WantedBy=multi-user.target diff --git a/states/roles/maintain/aurutils/updateaur.timer b/states/roles/maintain/aurutils/updateaur.timer new file mode 100644 index 0000000..414921d --- /dev/null +++ b/states/roles/maintain/aurutils/updateaur.timer @@ -0,0 +1,13 @@ +[Unit] +Description=Updates AUR package repository every 24 hours + +[Timer] +# Time to wait after booting before we run first time +OnBootSec=10min +# Time between running each consecutive time +OnUnitActiveSec=1d +Unit=updateaur.service + +[Install] +WantedBy=multi-user.target + diff --git a/states/roles/maintain/pkg-cache.tmp/init.sls b/states/roles/maintain/pkg-cache.tmp/init.sls new file mode 100644 index 0000000..0de1ebc --- /dev/null +++ b/states/roles/maintain/pkg-cache.tmp/init.sls @@ -0,0 +1,22 @@ +nginx-pkg-cache: + pkg.installed: + - pkgs: + - nginx + service.running: + - name: nginx + - enable: true + - watch: + - file: /etc/nginx/conf.d/* + +/srv/http/pacman-cache: + file.symlink: + - target: /mnt/pkgs + +/etc/nginx/conf.d/pkg-cache.conf: + file.managed: + - makedirs: true + - source: salt://roles/maintain/pkg-cache/pkg-cache.conf + - user: root + - group: root + - mode: 644 + - template: jinja diff --git a/states/roles/maintain/pkg-cache/nginx.conf b/states/roles/maintain/pkg-cache.tmp/nginx.conf similarity index 100% rename from states/roles/maintain/pkg-cache/nginx.conf rename to states/roles/maintain/pkg-cache.tmp/nginx.conf diff --git a/states/roles/maintain/pkg-cache/pkg-cache.conf b/states/roles/maintain/pkg-cache.tmp/pkg-cache.conf similarity index 93% rename from states/roles/maintain/pkg-cache/pkg-cache.conf rename to states/roles/maintain/pkg-cache.tmp/pkg-cache.conf index 680b5fc..43cc081 100644 --- a/states/roles/maintain/pkg-cache/pkg-cache.conf +++ b/states/roles/maintain/pkg-cache.tmp/pkg-cache.conf @@ -12,10 +12,6 @@ server location ~ aur-local\.(db|sig){ try_files $uri @pkg_mirror; } - #TEMPORARY. Requests for teampass.db and sig files should stay here - location ~ teampass-temp\.(db|sig){ - try_files $uri @pkg_mirror; - } # Requests for package db and signature files should redirect upstream without caching location ~ \.(db|sig)$ { diff --git a/states/roles/maintain/pkg-cache/cache.conf b/states/roles/maintain/pkg-cache/cache.conf new file mode 100644 index 0000000..94b9fb1 --- /dev/null +++ b/states/roles/maintain/pkg-cache/cache.conf @@ -0,0 +1,47 @@ +log_format pkg-cache '$remote_addr - $upstream_cache_status [$time_local] $request_method $host$request_uri $server_protocol $status $body_bytes_sent $request_time $upstream_response_time'; + +proxy_cache_path /cache + levels=1:2 keys_zone=pkg-cache:60m + inactive=365d use_temp_path=off max_size=10g; +server { + listen 8000; + server_name pkg.actcur.com; + + access_log /var/log/nginx/pkg-cache.access.log pkg-cache; + error_log /var/log/nginx/pkg-cache.error.log; + + # Force proxy to use TLS for upstream server requests + proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + # Use previously negotiated connection parameters + proxy_ssl_session_reuse on; + # Enables revalidation of expired cache items using conditional requests with the "If-Modified-Since" and "If-None-Match" header fields. + proxy_cache_revalidate on; + # Only one request at a time will be allowed to populate a new cache element + proxy_cache_lock on; + # Cache any responses for 1 minute by default, can be overridden by more specific response codes + proxy_cache_valid any 1m; + + # Keep connections to upstream server open + proxy_http_version 1.1; + proxy_set_header Connection ""; + proxy_read_timeout 300; + proxy_connect_timeout 300; + + location /archlinux/aur-local { + root /mnt/pkgs; + } + + location / { + proxy_pass http://repo.miserver.it.umich.edu/; + proxy_cache pkg-cache; # This directive should match the keys_zone option + proxy_cache_revalidate on; + proxy_cache_min_uses 0; + proxy_cache_valid 200 5m; + proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; + proxy_cache_lock on; + + # Add some cache status headers for debugging purposes, you can remove these lines if you want + add_header X-Upstream-Status $upstream_status; + add_header X-Cache-Status $upstream_cache_status; + } +} diff --git a/states/roles/maintain/pkg-cache/init.sls b/states/roles/maintain/pkg-cache/init.sls index 0de1ebc..76acefa 100644 --- a/states/roles/maintain/pkg-cache/init.sls +++ b/states/roles/maintain/pkg-cache/init.sls @@ -8,15 +8,14 @@ nginx-pkg-cache: - watch: - file: /etc/nginx/conf.d/* -/srv/http/pacman-cache: +/cache: file.symlink: - - target: /mnt/pkgs + - target: /mnt/pkgs/cache -/etc/nginx/conf.d/pkg-cache.conf: +/etc/nginx/conf.d/cache.conf: file.managed: - makedirs: true - - source: salt://roles/maintain/pkg-cache/pkg-cache.conf + - source: salt://roles/maintain/pkg-cache/cache.conf - user: root - group: root - mode: 644 - - template: jinja diff --git a/states/systems/arch/mirrors/mirrorlist b/states/systems/arch/mirrors/mirrorlist index e0ee537..e61e460 100644 --- a/states/systems/arch/mirrors/mirrorlist +++ b/states/systems/arch/mirrors/mirrorlist @@ -1,2 +1,2 @@ -Server = http://pkg.actcur.com/$repo/os/$arch +Server = http://pkg.actcur.com/archlinux/$repo/os/$arch {% include 'mirrors.list' %} diff --git a/states/top.sls b/states/top.sls index 3a547df..3adcde1 100644 --- a/states/top.sls +++ b/states/top.sls @@ -38,4 +38,4 @@ {%- endif -%} {%- endif -%} {%- endfor %} - - systems.core.fstrim \ No newline at end of file + - systems.core.fstrim