diff --git a/README.md b/README.md index 84417d7..0a70359 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,8 @@ Un angolo ragionato per facilitare la messa in opera di servizi autogestiti di p ```bash ansible-galaxy collection install community.general ansible-galaxy collection install community.postgresql +ansible-galaxy install nginxinc.nginx +ansible-galaxy install nginxinc.nginx_config ``` Silicone รจ una raccolta di ruoli diff --git a/infra.yml b/infra.yml index a48c66f..7dec924 100644 --- a/infra.yml +++ b/infra.yml @@ -33,6 +33,12 @@ tags: radicale roles: ['stable/common', 'staging/radicale'] +- name: Fdroid + hosts: fdroid + tags: fdroid + roles: [ 'stable/common', 'staging/fdroid' ] + vars_files: vars/fdroid.yml + # TEST - name: Test hosts: test diff --git a/inventory.yml b/inventory.yml index a468a2c..a3990f0 100644 --- a/inventory.yml +++ b/inventory.yml @@ -22,6 +22,9 @@ frontend: radicale: hosts: cisti.cal +fdroid: + hosts: cisti.fdroid + test: hosts: cisti.jolly vars: diff --git a/roles/staging/fdroid/defaults/main.yml b/roles/staging/fdroid/defaults/main.yml new file mode 100644 index 0000000..e4b1d07 --- /dev/null +++ b/roles/staging/fdroid/defaults/main.yml @@ -0,0 +1,11 @@ +--- + +fdroid_user: "fdroid" + +fdroid_base_dir: "/srv/fdroid" +fdroid_android_dir: "{{ fdroid_base_dir }}/androidtools" +fdroid_repo_dir: "{{ fdroid_base_dir }}/repository" +fdroid_utils_dir: "{{ fdroid_base_dir }}/utils" +fdroid_html_dir: "{{ fdroid_base_dir }}/html" + +fdroid_keystore_pass: "" diff --git a/roles/staging/fdroid/files/apk-dl b/roles/staging/fdroid/files/apk-dl new file mode 100644 index 0000000..220ba36 --- /dev/null +++ b/roles/staging/fdroid/files/apk-dl @@ -0,0 +1,8 @@ +#!/bin/sh + +while IFS= read -r line +do + gplaycli -d "$line" -f "$2" +done < "$1" + +fdroid update --create-metadata --pretty --clean diff --git a/roles/staging/fdroid/files/applist b/roles/staging/fdroid/files/applist new file mode 100644 index 0000000..9aa6144 --- /dev/null +++ b/roles/staging/fdroid/files/applist @@ -0,0 +1,16 @@ + +org.mozilla.firefox +org.thoughtcrime.securesms +com.whatsapp +com.lynxspa.prontotreno +com.shazam.android +me.bgregos.brighttask +com.spotify.music +com.generalmagic.magicearth +org.dslul.openboard.inputmethod.latin +com.chimbori.hermitcrab +com.fineco.it +ch.protonmail.android +com.skype.m2 +posteitaliane.posteapp.appposteid +com.smartlifedigital.autodialer diff --git a/roles/staging/fdroid/files/cisti.png b/roles/staging/fdroid/files/cisti.png new file mode 100644 index 0000000..b9cd033 Binary files /dev/null and b/roles/staging/fdroid/files/cisti.png differ diff --git a/roles/staging/fdroid/files/gplaylist b/roles/staging/fdroid/files/gplaylist new file mode 100755 index 0000000..da48472 --- /dev/null +++ b/roles/staging/fdroid/files/gplaylist @@ -0,0 +1,16 @@ +#!/bin/sh + +export ANDROID_HOME=/home/bic/workspace/android/Sdk + +if [ "$1" = "-d" ]; then + while IFS= read -r line + do + echo "$line" + gplaycli -d "$line" -f repo + done < applist +fi + +fdroid update --create-metadata --use-date-from-apk --pretty --clean --verbose +fdroid deploy + + diff --git a/roles/staging/fdroid/meta/main.yml b/roles/staging/fdroid/meta/main.yml new file mode 100644 index 0000000..079703f --- /dev/null +++ b/roles/staging/fdroid/meta/main.yml @@ -0,0 +1,43 @@ +--- +galaxy_info: + role_name: fdroid + author: hacklab underscore + description: install an fdroid server and gplaycli tool + company: cisti.org + + min_ansible_version: 1.2 + + platforms: + - name: Debian + versions: + - buster + +dependencies: + + - role: nginxinc.nginx + - role: nginxinc.nginx_config + vars: + nginx_config_http_template_enable: true + nginx_config_http_template: + app: + template_file: http/default.conf.j2 + conf_file_name: default.conf + conf_file_location: /etc/nginx/conf.d/ + servers: + server1: + listen: + listen_localhost: + port: 80 + server_name: localhost + web_server: + locations: + main_site: + location: / + html_file_location: "{{ fdroid_html_dir }}" + autoindex: true + + - role: stable/restic + when: with_backup | bool + vars: + restic_folders: ['{{ fdroid_repo_dir }}'] + diff --git a/roles/staging/fdroid/tasks/main.yml b/roles/staging/fdroid/tasks/main.yml new file mode 100644 index 0000000..c38c925 --- /dev/null +++ b/roles/staging/fdroid/tasks/main.yml @@ -0,0 +1,127 @@ +--- + +- name: Install fdroid server + become: yes + register: install_fdroid + apt: + pkg: + - python3-pip + - fdroidserver + +- name: Install gplaycli + become: yes + register: install_gplaycli + pip: + name: gplaycli + + +- name: check for fdroid user + user: + name: "{{ fdroid_user }}" + home: "{{ fdroid_base_dir }}" + state: present + +- name: Create directories + file: + path: "{{ item }}" + state: directory + owner: "{{ fdroid_user }}" + mode: 0775 + with_items: + - "{{ fdroid_base_dir }}" + - "{{ fdroid_android_dir }}" + - "{{ fdroid_repo_dir }}" + - "{{ fdroid_utils_dir }}" + - "{{ fdroid_repo_dir }}/repo" + - "{{ fdroid_html_dir }}" + +- name: Unarchive android sdk + become: yes + become_user: "{{ fdroid_user }}" + register: download_sdk + ansible.builtin.unarchive: + src: https://dl.google.com/android/repository/commandlinetools-linux-6858069_latest.zip + dest: "{{ fdroid_android_dir }}" + remote_src: yes + +- name: Initialize android sdk + become: yes + become_user: "{{ fdroid_user }}" + register: download_build_tools + shell: 'yes | {{ fdroid_android_dir }}/cmdline-tools/bin/sdkmanager --sdk_root="$ANDROID_HOME" platform-tools "build-tools;30.0.3"' + environment: + ANDROID_HOME: "{{ fdroid_android_dir }}/android-sdk-linux" + tags: ['skip_ansible_lint'] + +- name: Upload settings + template: + src: config.py.j2 + dest: "{{ fdroid_repo_dir }}/config.py" + owner: "{{ fdroid_user }}" + mode: 0600 + +- name: Upload cisti img + copy: + src: files/cisti.png + dest: "{{ fdroid_repo_dir }}/cisti.png" + owner: "{{ fdroid_user }}" + mode: 0660 + +- name: Local decrypt keystore + delegate_to: localhost + shell: "pass show cisti.org/ansible/fdroid/keystore > /tmp/cisti.keystore" + tags: ['skip_ansible_lint'] + +- name: Upload keystore + copy: + src: /tmp/cisti.keystore + dest: "{{ fdroid_repo_dir }}/cisti.keystore" + owner: "{{ fdroid_user }}" + mode: 0600 + +- name: Remove file (delete file) + delegate_to: localhost + file: + path: /tmp/cisti.keystore + state: absent + +- name: Upload apk list + copy: + src: files/applist + dest: "{{ fdroid_base_dir }}/apklist" + owner: "{{ fdroid_user }}" + mode: 0660 + +- name: Upload apk-dl + copy: + src: files/apk-dl + dest: "{{ fdroid_utils_dir }}/apk-dl" + owner: "{{ fdroid_user }}" + mode: 0700 + +- name: Upload service for apk poller + template: + src: fdroid.service.j2 + dest: /etc/systemd/system/fdroid.service + owner: "{{ fdroid_user }}" + mode: 0660 + +- name: Upload timer for apk poller + template: + src: fdroid.timer.j2 + dest: /etc/systemd/system/fdroid.timer + owner: "{{ fdroid_user }}" + mode: 0660 + +- name: Make sure apk poller is running + systemd: + state: restarted + daemon_reload: yes + name: fdroid + +- name: Link repo into public dir + file: + src: "{{ fdroid_repo_dir }}/repo" + path: "{{ fdroid_html_dir }}/repo" + state: link + owner: "{{ fdroid_user }}" diff --git a/roles/staging/fdroid/templates/config.py.j2 b/roles/staging/fdroid/templates/config.py.j2 new file mode 100644 index 0000000..5918df7 --- /dev/null +++ b/roles/staging/fdroid/templates/config.py.j2 @@ -0,0 +1,39 @@ +#!/usr/bin/env python3 + +sdk_path = "{{ fdroid_android_dir }}/android-sdk-linux" + +build_tools = "30.0.3" + +repo_url = "https://fdroid.cisti.org/repo" +repo_name = "Cisti.org" +repo_icon = "cisti.png" +repo_description = """ +Questo archivio contiene applicazioni scaricate dal play store di google su +richiesta degli utenti di cisti.org +""" + +# `fdroid update` will create a link to the current version of a given app. +# This provides a static path to the current APK. To disable the creation of +# this link, uncomment this: +make_current_version_link = False + +# The key (from the keystore defined below) to be used for signing the +# repository itself. This is the same name you would give to keytool or +# jarsigner using -alias. (Not needed in an unsigned repository). +repo_keyalias = "cisti" + +keystore = "cisti.keystore" + +# The password for the keystore (at least 6 characters). If this password is +# different than the keypass below, it can be OK to store the password in this +# file for real use. But in general, sensitive passwords should not be stored +# in text files! +keystorepass = "{{ fdroid_keystore_pass }}" + +# The password for keys - the same is used for each auto-generated key as well +# as for the repository key. You should not normally store this password in a +# file since it is a sensitive password. +keypass = "{{ fdroid_keystore_pass }}" + +# The distinguished name used for all keys. +keydname = "CN=cisti, OU=Unknown, O=cisti.org, L=Unknown, ST=Unknown, C=Unknown" diff --git a/roles/staging/fdroid/templates/fdroid.service.j2 b/roles/staging/fdroid/templates/fdroid.service.j2 new file mode 100644 index 0000000..5a5b206 --- /dev/null +++ b/roles/staging/fdroid/templates/fdroid.service.j2 @@ -0,0 +1,24 @@ +[Unit] +Description=A simple apk downloader +After=network.target +Requires=network.target + +[Service] +Type=oneshot +ExecStart={{ fdroid_utils_dir }}/apk-dl {{ fdroid_base_dir }}/apklist {{ fdroid_repo_dir }}/repo +WorkingDirectory={{ fdroid_repo_dir }} +User={{ fdroid_user }} + +# Optional security settings +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +PrivateDevices=true +ProtectKernelTunables=true +ProtectKernelModules=true +ProtectControlGroups=true +NoNewPrivileges=true +ReadWritePaths={{ fdroid_repo_dir }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/staging/fdroid/templates/fdroid.timer.j2 b/roles/staging/fdroid/templates/fdroid.timer.j2 new file mode 100644 index 0000000..3e994f6 --- /dev/null +++ b/roles/staging/fdroid/templates/fdroid.timer.j2 @@ -0,0 +1,9 @@ +[Unit] +Description=Google Play store poller timer + +[Timer] +OnCalendar=daily +Unit=fdroid.service + +[Install] +WantedBy=timers.target diff --git a/vars/fdroid.yml b/vars/fdroid.yml new file mode 100644 index 0000000..135552d --- /dev/null +++ b/vars/fdroid.yml @@ -0,0 +1,5 @@ +--- +with_backup: true + +fdroid_repo_dir: "{{ fdroid_base_dir }}/cisti" +fdroid_keystore_pass: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/fdroid/keystore/pass')}}"