initial commit

Dockerfile

@@ -0,0 +1,34 @@
+FROM archlinux:base-devel
+
+RUN echo -e '\n[multilib]\nInclude = /etc/pacman.d/mirrorlist' >> /etc/pacman.conf
+
+RUN pacman -Syu --noconfirm vim sudo jq pacutils git expect shellcheck vim vifm devtools bash-completion man-db man-pages ninja gnupg
+
+RUN ln -fs /usr/share/zoneinfo/Europe/Oslo /etc/localtime
+
+RUN echo '%wheel ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/wheel
+
+RUN useradd -G wheel -m build
+
+RUN curl https://aur.archlinux.org/cgit/aur.git/snapshot/aurutils.tar.gz > /opt/aurutils.tar.gz && tar -xf /opt/aurutils.tar.gz -C /opt/
+
+RUN chown build:build -R /opt/aurutils
+
+USER build
+
+WORKDIR /opt/aurutils
+
+RUN makepkg -si --noconfirm
+
+COPY scripts/init-aur /usr/local/bin/init-aur
+COPY scripts/sync-list /usr/local/bin/sync-list
+COPY scripts/entry /usr/local/bin/entry
+
+USER build
+WORKDIR /home/build
+
+RUN git config --global user.name "Build" && git config --global user.email "build@northcode.no"
+
+RUN mkdir /home/build/.gnupg && echo 'keyserver-options auto-key-retrieve' > /home/build/.gnupg/gpg.conf
+
+CMD entry

helm/Chart.yaml

@@ -0,0 +1,16 @@
+apiVersion: v2
+name: aurutils
+description: Aur utils wrapper to keep aur packages in sync and expose repo
+
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.1.0"

helm/templates/cm.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}-cm
+data:
+  packages.list: |{{ $.Values.packages | nindent 4 }}
+  keys: |{{ $.Values.keys | nindent 4 }}

helm/templates/cronjob.yml

@@ -0,0 +1,40 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ .Release.Name }}-cron
+spec:
+  concurrencyPolicy: Forbid
+  failedJobsHistoryLimit: 5
+  schedule: '0 0 * * *'
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          restartPolicy: OnFailure
+          containers:
+            - image: {{ .Values.aur.image.repository }}:{{ .Values.aur.image.tag | default "latest" }}
+              imagePullPolicy: Always
+              name: aurutils
+              volumeMounts:
+              {{- if .Values.storage.enabled }}
+                - name: packages
+                  mountPath: '/home/build'
+                  readOnly: false
+              {{- end }}
+                - name: config
+                  mountPath: '/opt'
+                  readOnly: true
+          volumes:
+            {{- if .Values.storage.enabled }}
+            - name: packages
+              persistentVolumeClaim:
+                claimName: {{ .Release.Name }}-pvc
+            {{- end }}
+            - name: config
+              configMap:
+                name: {{ .Release.Name }}-cm
+                items:
+                  - key: 'packages.list'
+                    path: 'packages.list'
+                  - key: 'keys'
+                    path: 'keys'

helm/templates/deployment.yml

@@ -0,0 +1,31 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    release: {{ .Release.Name }}
+spec:
+  selector:
+    matchLabels:
+      release: {{ .Release.Name }}
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        release: {{ .Release.Name }}
+    spec:
+      containers:
+        - image: {{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag | default "latest" }}
+          name: nginx
+          {{- if .Values.storage.enabled }}
+          volumeMounts:
+            - name: packages
+              mountPath: '/usr/share/nginx/html'
+              readOnly: false
+          {{- end }}
+      volumes:
+        {{- if .Values.storage.enabled }}
+        - name: packages
+          persistentVolumeClaim:
+            claimName: {{ .Release.Name }}-pvc
+        {{- end }}

helm/templates/ingress.yml

@@ -0,0 +1,27 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ .Release.Name }}-ingress
+  labels:
+    release: {{ .Release.Name }}
+  annotations: {{ $.Values.ingress.annotations | toYaml | nindent 4 }}
+spec:
+  rules:
+    - host: {{ .Values.ingress.host }}
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: {{ .Release.Name }}-svc
+                port:
+                  number: 80
+  {{- if .Values.ingress.tls_enabled }}
+  tls:
+    - hosts:
+        - {{ .Values.ingress.host }}
+      secretName: {{ .Release.Name }}-ingress-cert
+  {{- end }}
+{{- end }}

helm/templates/pvc.yml

@@ -0,0 +1,13 @@
+{{- if .Values.storage.enabled }}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ .Release.Name }}-pvc
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.storage.size | default "50Gi" }}
+  storageClassName: {{ .Values.storage.storageClass }}
+{{- end }}

helm/templates/svc.yml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Release.Name }}-svc
+spec:
+  type: ClusterIP
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 80
+  selector:
+    release: {{ .Release.Name }}

helm/values.yml

@@ -0,0 +1,49 @@
+nginx:
+  image:
+    repository: nginx
+    tag: latest
+
+aur:
+  image:
+    repository: registry.local/northcode/aur
+    tag: latest
+
+storage:
+  enabled: true
+  storageClass: local-path
+
+keys: |
+  EBE41E90F6F12F6D
+  
+packages: |
+  yay
+  firefox-nightly
+  mu
+  proton-ge-custom-bin
+  aurutils
+  emacs-gcc-wayland-devel-bin
+  greetd
+  greetd-tuigreet
+  proton-ge-custom-bin
+  python-mypy-protobuf
+  python-stringcase
+  python2-stringcase
+  spotify-tui
+  wdisplays
+  mangohud
+  mangohud-common
+  k0sctl-bin
+  arma3-unix-launcher-bin
+  gnome-shell-extension-unite
+  mullvad-vpn
+  polymc
+  spot-client
+  spotify
+  steamcmd
+
+ingress:
+  enabled: true
+  annotations:
+    nginx.ingress.kubernetes.io/whitelist-source-range: "0.0.0.0/0"
+  host: aur.northcode.no
+  tls_enabled: false

scripts/entry

@@ -0,0 +1,29 @@
+#!/bin/bash
+
+KEYS=/opt/keys
+LIST=/opt/packages.list
+
+echo initializing repo
+init-aur
+
+if [ -f $KEYS ]; then
+    echo importing keys:
+    cat $KEYS
+
+    xargs -a $KEYS gpg --recv-keys
+fi
+
+
+echo building packages:
+cat $LIST
+
+if [ -f $LIST ]; then
+    sync-list "$LIST"
+
+    echo end repo:
+    tar --list -f build.db.tar.gz
+
+    echo produced new list:
+    cat "$LIST"
+fi
+

scripts/init-aur

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+BUILD_REPO="file:///home/build"
+
+if ! grep -q "$BUILD_REPO" /etc/pacman.conf; then
+	sudo bash -c "echo -e '[build]\nSigLevel = Optional TrustAll\nServer = $BUILD_REPO' >> /etc/pacman.conf"
+
+	if ! [ -f /home/build/build.db.tar.gz ]; then
+		repo-add /home/build/build.db.tar.gz
+	fi
+
+	sudo pacman -Sy --noconfirm
+fi
+

scripts/sync-list

@@ -0,0 +1,83 @@
+#!/bin/bash
+
+set -e
+argv0=sync-list
+
+# Targets are taken from a file or the command-line, to avoid
+# redirecting stdin to aur-view or aur-build.
+if [[ -s $1 ]]; then
+    list=$(realpath -- "$1")
+else
+    printf >&2 '%s: %s: file is empty or does not exist\n' "$argv0" "$1"
+    exit 1
+fi
+
+# Create a scratch space. /var/tmp ensures sufficient space for built
+# packages (not on tmpfs by default)
+var_tmp=$(mktemp -d --tmpdir="${TMPDIR:-/var/tmp/}")
+tmp=$(mktemp -d)
+trap 'rm -rf "$tmp" "$var_tmp"' EXIT # comment this if inspecting the contents
+
+# 1. Avoid concurrent use
+( flock -n 200 || exit 1
+  cd "$tmp"
+
+  # 2. Retrieve targets and their dependencies from the local repository.
+  aur repo --status-file=db --table | tee db_table | \
+      cut -f1,2 | grep -Fwf "$list" | tsort >db_deps
+
+  # 3. Remove entries that are not in the dependency tree.
+  cut -f1 db_table | grep -Fxvf db_deps | sort -u >db_removals
+
+  # Parse repository information
+  { IFS=: read -r _ db_name
+    IFS=: read -r _ db_root
+    IFS=: read -r _ db_path
+  } <db
+
+  files_path=$(realpath "$db_root/$db_name".files)
+
+  # Create copy of local repository database
+  cp -Pv "$db_path" "$db_root/$db_name".db "$var_tmp"
+  cp -Pv "$files_path" "$db_root/$db_name".files "$var_tmp"
+
+  # 4. Remove entries that are not in the dependency tree.
+  cd "$var_tmp"
+  xargs -a "$tmp"/db_removals -r repo-remove "${db_path##*/}"
+
+  # 5. Add symlinks to built packages.
+  aur repo -d "$db_name" --root "$var_tmp" --field filename | \
+      xargs env -C "$db_root" realpath -z | xargs -0r ln -t "$var_tmp" -s --
+
+  # 6. Point the repository root in pacman.conf to the temporary directory.
+  { printf '[options]\n'
+    pacconf --raw --options
+
+    while IFS= read -r; do
+        # section header
+        printf '[%s]\n' "$REPLY"
+
+        if [[ $REPLY == "$db_name" ]]; then
+            pacconf --raw --repo="$REPLY" --verbose SigLevel
+            printf '%s\n' "Server = file://$var_tmp"
+        else
+            pacconf --raw --repo="$REPLY" --verbose SigLevel Server
+        fi
+    done < <(pacconf --repo-list)
+  } > "$tmp"/pacman.conf
+
+  # 7. Run aur-sync(1) with the new pacman configuration.
+  # Adjust options to preference.
+  AUR_SYNC_USE_NINJA=1 aur sync -k 0 --noview --noconfirm -d "$db_name" --pacman-conf="$tmp"/pacman.conf -Rrn $(<"$list")
+
+  # 8. Synchronize the new repository state to the original location.
+  # Remove --dry-run if the output is as desired.
+  set -x
+  rsync -avh "$var_tmp"/ "$db_root"/ --delete \
+        --copy-links --exclude={"$db_name".db,"$db_name".files} 
+
+  # 9. Save list with new dependency tree
+  cp -v "$list" "$list".old
+  aur repo -d "$db_name" --root "$db_root" --list | cut -f1 > "$list"
+
+) 200> /tmp/lockfile