commit 4cc86547029fce74eb166a40e9b97b2f9c310871 Author: Andreas Larsen Date: Sun Jun 12 18:30:01 2022 +0200 initial commit diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..378c089 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,34 @@ +FROM archlinux:base-devel + +RUN echo -e '\n[multilib]\nInclude = /etc/pacman.d/mirrorlist' >> /etc/pacman.conf + +RUN pacman -Syu --noconfirm vim sudo jq pacutils git expect shellcheck vim vifm devtools bash-completion man-db man-pages ninja gnupg + +RUN ln -fs /usr/share/zoneinfo/Europe/Oslo /etc/localtime + +RUN echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/wheel + +RUN useradd -G wheel -m build + +RUN curl https://aur.archlinux.org/cgit/aur.git/snapshot/aurutils.tar.gz > /opt/aurutils.tar.gz && tar -xf /opt/aurutils.tar.gz -C /opt/ + +RUN chown build:build -R /opt/aurutils + +USER build + +WORKDIR /opt/aurutils + +RUN makepkg -si --noconfirm + +COPY scripts/init-aur /usr/local/bin/init-aur +COPY scripts/sync-list /usr/local/bin/sync-list +COPY scripts/entry /usr/local/bin/entry + +USER build +WORKDIR /home/build + +RUN git config --global user.name "Build" && git config --global user.email "build@northcode.no" + +RUN mkdir /home/build/.gnupg && echo 'keyserver-options auto-key-retrieve' > /home/build/.gnupg/gpg.conf + +CMD entry diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..44e4271 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v2 +name: aurutils +description: Aur utils wrapper to keep aur packages in sync and expose repo + +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.1.0" diff --git a/helm/templates/cm.yml b/helm/templates/cm.yml new file mode 100644 index 0000000..1ad3daf --- /dev/null +++ b/helm/templates/cm.yml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-cm +data: + packages.list: |{{ $.Values.packages | nindent 4 }} + keys: |{{ $.Values.keys | nindent 4 }} diff --git a/helm/templates/cronjob.yml b/helm/templates/cronjob.yml new file mode 100644 index 0000000..2a573f5 --- /dev/null +++ b/helm/templates/cronjob.yml @@ -0,0 +1,40 @@ +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ .Release.Name }}-cron +spec: + concurrencyPolicy: Forbid + failedJobsHistoryLimit: 5 + schedule: '0 0 * * *' + jobTemplate: + spec: + template: + spec: + restartPolicy: OnFailure + containers: + - image: {{ .Values.aur.image.repository }}:{{ .Values.aur.image.tag | default "latest" }} + imagePullPolicy: Always + name: aurutils + volumeMounts: + {{- if .Values.storage.enabled }} + - name: packages + mountPath: '/home/build' + readOnly: false + {{- end }} + - name: config + mountPath: '/opt' + readOnly: true + volumes: + {{- if .Values.storage.enabled }} + - name: packages + persistentVolumeClaim: + claimName: {{ .Release.Name }}-pvc + {{- end }} + - name: config + configMap: + name: {{ .Release.Name }}-cm + items: + - key: 'packages.list' + path: 'packages.list' + - key: 'keys' + path: 'keys' diff --git a/helm/templates/deployment.yml b/helm/templates/deployment.yml new file mode 100644 index 0000000..9ba5fe1 --- /dev/null +++ b/helm/templates/deployment.yml @@ -0,0 +1,31 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + labels: + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + release: {{ .Release.Name }} + replicas: 1 + template: + metadata: + labels: + release: {{ .Release.Name }} + spec: + containers: + - image: {{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag | default "latest" }} + name: nginx + {{- if .Values.storage.enabled }} + volumeMounts: + - name: packages + mountPath: '/usr/share/nginx/html' + readOnly: false + {{- end }} + volumes: + {{- if .Values.storage.enabled }} + - name: packages + persistentVolumeClaim: + claimName: {{ .Release.Name }}-pvc + {{- end }} diff --git a/helm/templates/ingress.yml b/helm/templates/ingress.yml new file mode 100644 index 0000000..03ebfb6 --- /dev/null +++ b/helm/templates/ingress.yml @@ -0,0 +1,27 @@ +{{- if .Values.ingress.enabled }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ .Release.Name }}-ingress + labels: + release: {{ .Release.Name }} + annotations: {{ $.Values.ingress.annotations | toYaml | nindent 4 }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: {{ .Release.Name }}-svc + port: + number: 80 + {{- if .Values.ingress.tls_enabled }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Release.Name }}-ingress-cert + {{- end }} +{{- end }} diff --git a/helm/templates/pvc.yml b/helm/templates/pvc.yml new file mode 100644 index 0000000..58ba5c6 --- /dev/null +++ b/helm/templates/pvc.yml @@ -0,0 +1,13 @@ +{{- if .Values.storage.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Release.Name }}-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.storage.size | default "50Gi" }} + storageClassName: {{ .Values.storage.storageClass }} +{{- end }} diff --git a/helm/templates/svc.yml b/helm/templates/svc.yml new file mode 100644 index 0000000..51ed848 --- /dev/null +++ b/helm/templates/svc.yml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Release.Name }}-svc +spec: + type: ClusterIP + ports: + - port: 80 + protocol: TCP + targetPort: 80 + selector: + release: {{ .Release.Name }} diff --git a/helm/values.yml b/helm/values.yml new file mode 100644 index 0000000..a95221c --- /dev/null +++ b/helm/values.yml @@ -0,0 +1,49 @@ +nginx: + image: + repository: nginx + tag: latest + +aur: + image: + repository: registry.local/northcode/aur + tag: latest + +storage: + enabled: true + storageClass: local-path + +keys: | + EBE41E90F6F12F6D + +packages: | + yay + firefox-nightly + mu + proton-ge-custom-bin + aurutils + emacs-gcc-wayland-devel-bin + greetd + greetd-tuigreet + proton-ge-custom-bin + python-mypy-protobuf + python-stringcase + python2-stringcase + spotify-tui + wdisplays + mangohud + mangohud-common + k0sctl-bin + arma3-unix-launcher-bin + gnome-shell-extension-unite + mullvad-vpn + polymc + spot-client + spotify + steamcmd + +ingress: + enabled: true + annotations: + nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0" + host: aur.northcode.no + tls_enabled: false diff --git a/scripts/entry b/scripts/entry new file mode 100755 index 0000000..a1244cd --- /dev/null +++ b/scripts/entry @@ -0,0 +1,29 @@ +#!/bin/bash + +KEYS=/opt/keys +LIST=/opt/packages.list + +echo initializing repo +init-aur + +if [ -f $KEYS ]; then + echo importing keys: + cat $KEYS + + xargs -a $KEYS gpg --recv-keys +fi + + +echo building packages: +cat $LIST + +if [ -f $LIST ]; then + sync-list "$LIST" + + echo end repo: + tar --list -f build.db.tar.gz + + echo produced new list: + cat "$LIST" +fi + diff --git a/scripts/init-aur b/scripts/init-aur new file mode 100755 index 0000000..dbe4453 --- /dev/null +++ b/scripts/init-aur @@ -0,0 +1,14 @@ +#!/bin/bash + +BUILD_REPO="file:///home/build" + +if ! grep -q "$BUILD_REPO" /etc/pacman.conf; then + sudo bash -c "echo -e '[build]\nSigLevel = Optional TrustAll\nServer = $BUILD_REPO' >> /etc/pacman.conf" + + if ! [ -f /home/build/build.db.tar.gz ]; then + repo-add /home/build/build.db.tar.gz + fi + + sudo pacman -Sy --noconfirm +fi + diff --git a/scripts/sync-list b/scripts/sync-list new file mode 100755 index 0000000..5a6613a --- /dev/null +++ b/scripts/sync-list @@ -0,0 +1,83 @@ +#!/bin/bash + +set -e +argv0=sync-list + +# Targets are taken from a file or the command-line, to avoid +# redirecting stdin to aur-view or aur-build. +if [[ -s $1 ]]; then + list=$(realpath -- "$1") +else + printf >&2 '%s: %s: file is empty or does not exist\n' "$argv0" "$1" + exit 1 +fi + +# Create a scratch space. /var/tmp ensures sufficient space for built +# packages (not on tmpfs by default) +var_tmp=$(mktemp -d --tmpdir="${TMPDIR:-/var/tmp/}") +tmp=$(mktemp -d) +trap 'rm -rf "$tmp" "$var_tmp"' EXIT # comment this if inspecting the contents + +# 1. Avoid concurrent use +( flock -n 200 || exit 1 + cd "$tmp" + + # 2. Retrieve targets and their dependencies from the local repository. + aur repo --status-file=db --table | tee db_table | \ + cut -f1,2 | grep -Fwf "$list" | tsort >db_deps + + # 3. Remove entries that are not in the dependency tree. + cut -f1 db_table | grep -Fxvf db_deps | sort -u >db_removals + + # Parse repository information + { IFS=: read -r _ db_name + IFS=: read -r _ db_root + IFS=: read -r _ db_path + } "$tmp"/pacman.conf + + # 7. Run aur-sync(1) with the new pacman configuration. + # Adjust options to preference. + AUR_SYNC_USE_NINJA=1 aur sync -k 0 --noview --noconfirm -d "$db_name" --pacman-conf="$tmp"/pacman.conf -Rrn $(<"$list") + + # 8. Synchronize the new repository state to the original location. + # Remove --dry-run if the output is as desired. + set -x + rsync -avh "$var_tmp"/ "$db_root"/ --delete \ + --copy-links --exclude={"$db_name".db,"$db_name".files} + + # 9. Save list with new dependency tree + cp -v "$list" "$list".old + aur repo -d "$db_name" --root "$db_root" --list | cut -f1 > "$list" + +) 200> /tmp/lockfile