actcur/salt
3
0
Fork 0
Code Issues 5 Pull requests Projects Releases Wiki Activity

Updated package cache

Browse source
This commit is contained in:
Actaeus Curabitur 2022-08-17 09:19:57 -05:00
parent 032c527dbd
commit ca2a958ba2
19 changed files with 176 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pillars/servers/env/server/pkg.sls vendored
View file

@ -1 +1 @@
env: prod env: dev

2
pillars/servers/roles/server/pkg.sls
View file

@ -5,5 +5,5 @@ grains:
- nrpe - nrpe
- saltminion - saltminion
- pkg-cache - pkg-cache
- aurblobs - aurutils
- nginx-proxy - nginx-proxy

3
states/repos/aur/aur-local Normal file
View file

@ -0,0 +1,3 @@
[aur-local]
SigLevel = Never
Server = http://pkg.actcur.com/archlinux/$repo/os/$arch

3
states/repos/aur/aur.conf
View file

@ -1,3 +0,0 @@
[aur-local]
SigLevel = Never
Server = http://pkg.actcur.com/$repo/os/$arch

16
states/repos/aur/init.sls
View file

@ -1,5 +1,17 @@
{%- if grains['os'] != "Arch ARM" -%} {%- if grains['os'] != "Arch ARM" -%}
/etc/pacman.conf: aur_local_repo:
file.managed:
- name: /etc/pacman.d/aur-local
- source: salt://repos/aur/aur-local
include_aur_local_repo:
file.append: file.append:
- source: salt://repos/aur/aur.conf - name: /etc/pacman.conf
- text: Include = /etc/pacman.d/aur-local
remove_old_aur_local_repo:
file.replace:
- name: /etc/pacman.conf
- pattern: '\[aur-local\]\n.*SigLevel = Never\n.*Server = http:\/\/pkg\.actcur\.com\/\$repo\/os\/\$arch'
- repl: ''
{%- endif -%} {%- endif -%}

BIN
states/roles/build/aurutils/aurutils.pkg.tar.zst Normal file
View file

Binary file not shown.

BIN
states/roles/build/aurutils/autofs.pkg.tar.zst Normal file
View file

Binary file not shown.

5
states/roles/build/aurutils/init.sls Normal file
View file

@ -0,0 +1,5 @@
install_old_dependencies:
pkg.installed:
- sources:
- aurutils: salt://roles/build/aurutils/aurutils.pkg.tar.zst
- autofs: salt://roles/build/aurutils/autofs.pkg.tar.zst

3
states/roles/maintain/aurutils/aur_builder Normal file
View file

@ -0,0 +1,3 @@
[aur_builder]
SigLevel = Optional TrustAll
Server = file:///repo

49
states/roles/maintain/aurutils/init.sls Normal file
View file

@ -0,0 +1,49 @@
sudo:
pkg.installed
base-devel:
pkg.installed
aur_builder_repo:
file.managed:
- name: /etc/pacman.d/aur_builder
- source: salt://roles/maintain/aurutils/aur_builder
include_aur_builder_repo:
file.append:
- name: /etc/pacman.conf
- text: Include = /etc/pacman.d/aur_builder
user-build:
user.present:
- name: build
- createhome: true
file.append:
- name: /etc/sudoers
- text: "build ALL=(ALL) NOPASSWD: ALL"
/repo:
file.symlink:
- target: /mnt/pkgs/aur-local/os/x86_64/
/build:
file.symlink:
- target: /mnt/build/
"/usr/lib/systemd/system/updateaur.service":
file.managed:
- source: salt://roles/maintain/aurutils/updateaur.service
- user: root
- group: root
- mode: 644
"/usr/lib/systemd/system/updateaur.timer":
file.managed:
- source: salt://roles/maintain/aurutils/updateaur.timer
- user: root
- group: root
- mode: 644
#"updateaur.timer":
# service.running:
# - enable: true

12
states/roles/maintain/aurutils/updateaur.service Normal file
View file

@ -0,0 +1,12 @@
[Unit]
Description=Update AUR package repository
[Service]
Type=oneshot
RemainAfterExit=no
User=build
Group=build
ExecStart=/bin/bash -c "AUR_PAGER=ls aur sync -u --margs --noconfirm"
[Install]
WantedBy=multi-user.target

13
states/roles/maintain/aurutils/updateaur.timer Normal file
View file

@ -0,0 +1,13 @@
[Unit]
Description=Updates AUR package repository every 24 hours
[Timer]
# Time to wait after booting before we run first time
OnBootSec=10min
# Time between running each consecutive time
OnUnitActiveSec=1d
Unit=updateaur.service
[Install]
WantedBy=multi-user.target

22
states/roles/maintain/pkg-cache.tmp/init.sls Normal file
View file

@ -0,0 +1,22 @@
nginx-pkg-cache:
pkg.installed:
- pkgs:
- nginx
service.running:
- name: nginx
- enable: true
- watch:
- file: /etc/nginx/conf.d/*
/srv/http/pacman-cache:
file.symlink:
- target: /mnt/pkgs
/etc/nginx/conf.d/pkg-cache.conf:
file.managed:
- makedirs: true
- source: salt://roles/maintain/pkg-cache/pkg-cache.conf
- user: root
- group: root
- mode: 644
- template: jinja

0
states/roles/maintain/pkg-cache/nginx.conf → states/roles/maintain/pkg-cache.tmp/nginx.conf
View file

4
states/roles/maintain/pkg-cache/pkg-cache.conf → states/roles/maintain/pkg-cache.tmp/pkg-cache.conf
View file

@ -12,10 +12,6 @@ server
location ~ aur-local\.(db|sig){ location ~ aur-local\.(db|sig){
try_files $uri @pkg_mirror; try_files $uri @pkg_mirror;
} }
#TEMPORARY. Requests for teampass.db and sig files should stay here
location ~ teampass-temp\.(db|sig){
try_files $uri @pkg_mirror;
}
# Requests for package db and signature files should redirect upstream without caching # Requests for package db and signature files should redirect upstream without caching
location ~ \.(db|sig)$ { location ~ \.(db|sig)$ {

47
states/roles/maintain/pkg-cache/cache.conf Normal file
View file

@ -0,0 +1,47 @@
log_format pkg-cache '$remote_addr - $upstream_cache_status [$time_local] $request_method $host$request_uri $server_protocol $status $body_bytes_sent $request_time $upstream_response_time';
proxy_cache_path /cache
levels=1:2 keys_zone=pkg-cache:60m
inactive=365d use_temp_path=off max_size=10g;
server {
listen 8000;
server_name pkg.actcur.com;
access_log /var/log/nginx/pkg-cache.access.log pkg-cache;
error_log /var/log/nginx/pkg-cache.error.log;
# Force proxy to use TLS for upstream server requests
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Use previously negotiated connection parameters
proxy_ssl_session_reuse on;
# Enables revalidation of expired cache items using conditional requests with the "If-Modified-Since" and "If-None-Match" header fields.
proxy_cache_revalidate on;
# Only one request at a time will be allowed to populate a new cache element
proxy_cache_lock on;
# Cache any responses for 1 minute by default, can be overridden by more specific response codes
proxy_cache_valid any 1m;
# Keep connections to upstream server open
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_read_timeout 300;
proxy_connect_timeout 300;
location /archlinux/aur-local {
root /mnt/pkgs;
}
location / {
proxy_pass http://repo.miserver.it.umich.edu/;
proxy_cache pkg-cache; # This directive should match the keys_zone option
proxy_cache_revalidate on;
proxy_cache_min_uses 0;
proxy_cache_valid 200 5m;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_cache_lock on;
# Add some cache status headers for debugging purposes, you can remove these lines if you want
add_header X-Upstream-Status $upstream_status;
add_header X-Cache-Status $upstream_cache_status;
}
}

9
states/roles/maintain/pkg-cache/init.sls
View file

@ -8,15 +8,14 @@ nginx-pkg-cache:
- watch: - watch:
- file: /etc/nginx/conf.d/* - file: /etc/nginx/conf.d/*
/srv/http/pacman-cache: /cache:
file.symlink: file.symlink:
- target: /mnt/pkgs - target: /mnt/pkgs/cache
/etc/nginx/conf.d/pkg-cache.conf: /etc/nginx/conf.d/cache.conf:
file.managed: file.managed:
- makedirs: true - makedirs: true
- source: salt://roles/maintain/pkg-cache/pkg-cache.conf - source: salt://roles/maintain/pkg-cache/cache.conf
- user: root - user: root
- group: root - group: root
- mode: 644 - mode: 644
- template: jinja

2
states/systems/arch/mirrors/mirrorlist
View file

@ -1,2 +1,2 @@
Server = http://pkg.actcur.com/$repo/os/$arch Server = http://pkg.actcur.com/archlinux/$repo/os/$arch
{% include 'mirrors.list' %} {% include 'mirrors.list' %}