add fdroid role

Signed-off-by: bic <bicno@autistici.org>

README.md

@@ -6,6 +6,8 @@ Un angolo ragionato per facilitare la messa in opera di servizi autogestiti di p
 ```bash
 ansible-galaxy collection install community.general
 ansible-galaxy collection install community.postgresql
+ansible-galaxy install nginxinc.nginx
+ansible-galaxy install nginxinc.nginx_config
 ```
 
 Silicone è una raccolta di ruoli

infra.yml

@@ -33,6 +33,12 @@
   tags: radicale
   roles: ['stable/common', 'staging/radicale']
 
+- name: Fdroid
+  hosts: fdroid
+  tags: fdroid
+  roles: [ 'stable/common', 'staging/fdroid' ]
+  vars_files: vars/fdroid.yml
+
 # TEST
 - name: Test
   hosts: test

inventory.yml

@@ -22,6 +22,9 @@ frontend:
 radicale:
   hosts: cisti.cal
 
+fdroid:
+  hosts: cisti.fdroid
+
 test:
   hosts: cisti.jolly
   vars:

roles/staging/fdroid/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+
+fdroid_user: "fdroid"
+
+fdroid_base_dir: "/srv/fdroid"
+fdroid_android_dir: "{{ fdroid_base_dir }}/androidtools"
+fdroid_repo_dir: "{{ fdroid_base_dir }}/repository"
+fdroid_utils_dir: "{{ fdroid_base_dir }}/utils"
+fdroid_html_dir: "{{ fdroid_base_dir }}/html"
+
+fdroid_keystore_pass: ""

roles/staging/fdroid/files/apk-dl

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+while IFS= read -r line
+do
+	gplaycli -d "$line" -f "$2"
+done < "$1"
+
+fdroid update --create-metadata --pretty --clean

roles/staging/fdroid/files/applist

@@ -0,0 +1,16 @@
+
+org.mozilla.firefox
+org.thoughtcrime.securesms
+com.whatsapp
+com.lynxspa.prontotreno
+com.shazam.android
+me.bgregos.brighttask
+com.spotify.music
+com.generalmagic.magicearth
+org.dslul.openboard.inputmethod.latin
+com.chimbori.hermitcrab
+com.fineco.it
+ch.protonmail.android
+com.skype.m2
+posteitaliane.posteapp.appposteid
+com.smartlifedigital.autodialer

roles/staging/fdroid/files/gplaylist

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+export ANDROID_HOME=/home/bic/workspace/android/Sdk
+
+if [ "$1" = "-d" ]; then
+	while IFS= read -r line
+	do
+		echo "$line"
+		gplaycli -d "$line" -f repo
+	done < applist
+fi
+
+fdroid update --create-metadata --use-date-from-apk --pretty --clean --verbose
+fdroid deploy
+
+

roles/staging/fdroid/meta/main.yml

@@ -0,0 +1,43 @@
+---
+galaxy_info:
+  role_name: fdroid
+  author: hacklab underscore
+  description: install an fdroid server and gplaycli tool
+  company: cisti.org
+
+  min_ansible_version: 1.2
+
+  platforms:
+  - name: Debian
+    versions:
+    - buster
+
+dependencies:
+
+  - role: nginxinc.nginx
+  - role: nginxinc.nginx_config
+    vars:
+      nginx_config_http_template_enable: true
+      nginx_config_http_template:
+        app:
+          template_file: http/default.conf.j2
+          conf_file_name: default.conf
+          conf_file_location: /etc/nginx/conf.d/
+          servers:
+            server1:
+              listen:
+                listen_localhost:
+                  port: 80
+              server_name: localhost
+              web_server:
+                locations:
+                  main_site:
+                    location: /
+                    html_file_location: "{{ fdroid_html_dir }}"
+                    autoindex: true
+
+  - role: stable/restic
+    when: with_backup | bool
+    vars:
+        restic_folders: ['{{ fdroid_repo_dir }}']
+

roles/staging/fdroid/tasks/main.yml

@@ -0,0 +1,127 @@
+---
+
+- name: Install fdroid server
+  become: yes
+  register: install_fdroid
+  apt:
+    pkg:
+      - python3-pip
+      - fdroidserver
+
+- name: Install gplaycli
+  become: yes
+  register: install_gplaycli
+  pip:
+    name: gplaycli
+
+
+- name: check for fdroid user
+  user:
+    name: "{{ fdroid_user }}"
+    home: "{{ fdroid_base_dir }}"
+    state: present
+
+- name: Create directories
+  file:
+    path: "{{ item }}"
+    state: directory
+    owner: "{{ fdroid_user }}"
+    mode: 0775
+  with_items:
+    - "{{ fdroid_base_dir }}"
+    - "{{ fdroid_android_dir }}"
+    - "{{ fdroid_repo_dir }}"
+    - "{{ fdroid_utils_dir }}"
+    - "{{ fdroid_repo_dir }}/repo"
+    - "{{ fdroid_html_dir }}"
+
+- name: Unarchive android sdk
+  become: yes
+  become_user: "{{ fdroid_user }}"
+  register: download_sdk
+  ansible.builtin.unarchive:
+    src: https://dl.google.com/android/repository/commandlinetools-linux-6858069_latest.zip
+    dest: "{{ fdroid_android_dir }}"
+    remote_src: yes
+
+- name: Initialize android sdk
+  become: yes
+  become_user: "{{ fdroid_user }}"
+  register: download_build_tools
+  shell: 'yes | {{ fdroid_android_dir }}/cmdline-tools/bin/sdkmanager --sdk_root="$ANDROID_HOME" platform-tools "build-tools;30.0.3"'
+  environment:
+    ANDROID_HOME: "{{ fdroid_android_dir }}/android-sdk-linux"
+  tags: ['skip_ansible_lint']
+
+- name: Upload settings
+  template:
+    src: config.py.j2
+    dest: "{{ fdroid_repo_dir }}/config.py"
+    owner: "{{ fdroid_user }}"
+    mode: 0600
+
+- name: Upload cisti img
+  copy:
+    src: files/cisti.png
+    dest: "{{ fdroid_repo_dir }}/cisti.png"
+    owner: "{{ fdroid_user }}"
+    mode: 0660
+
+- name: Local decrypt keystore
+  delegate_to: localhost
+  shell: "pass show cisti.org/ansible/fdroid/keystore > /tmp/cisti.keystore"
+  tags: ['skip_ansible_lint']
+
+- name: Upload keystore
+  copy:
+    src: /tmp/cisti.keystore
+    dest: "{{ fdroid_repo_dir }}/cisti.keystore"
+    owner: "{{ fdroid_user }}"
+    mode: 0600
+
+- name: Remove file (delete file)
+  delegate_to: localhost
+  file:
+    path: /tmp/cisti.keystore
+    state: absent
+
+- name: Upload apk list
+  copy:
+    src: files/applist
+    dest: "{{ fdroid_base_dir }}/apklist"
+    owner: "{{ fdroid_user }}"
+    mode: 0660
+
+- name: Upload apk-dl
+  copy:
+    src: files/apk-dl
+    dest: "{{ fdroid_utils_dir }}/apk-dl"
+    owner: "{{ fdroid_user }}"
+    mode: 0700
+
+- name: Upload service for apk poller
+  template:
+    src: fdroid.service.j2
+    dest: /etc/systemd/system/fdroid.service
+    owner: "{{ fdroid_user }}"
+    mode: 0660
+
+- name: Upload timer for apk poller
+  template:
+    src: fdroid.timer.j2
+    dest: /etc/systemd/system/fdroid.timer
+    owner: "{{ fdroid_user }}"
+    mode: 0660
+
+- name: Make sure apk poller is running
+  systemd:
+    state: restarted
+    daemon_reload: yes
+    name: fdroid
+
+- name: Link repo into public dir
+  file:
+    src: "{{ fdroid_repo_dir }}/repo"
+    path: "{{ fdroid_html_dir }}/repo"
+    state: link
+    owner: "{{ fdroid_user }}"

roles/staging/fdroid/templates/config.py.j2

@@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+
+sdk_path = "{{ fdroid_android_dir }}/android-sdk-linux"
+
+build_tools = "30.0.3"
+
+repo_url = "https://fdroid.cisti.org/repo"
+repo_name = "Cisti.org"
+repo_icon = "cisti.png"
+repo_description = """
+Questo archivio contiene applicazioni scaricate dal play store di google su
+richiesta degli utenti di cisti.org
+"""
+
+# `fdroid update` will create a link to the current version of a given app.
+# This provides a static path to the current APK. To disable the creation of
+# this link, uncomment this:
+make_current_version_link = False
+
+# The key (from the keystore defined below) to be used for signing the
+# repository itself. This is the same name you would give to keytool or
+# jarsigner using -alias. (Not needed in an unsigned repository).
+repo_keyalias = "cisti"
+
+keystore = "cisti.keystore"
+
+# The password for the keystore (at least 6 characters). If this password is
+# different than the keypass below, it can be OK to store the password in this
+# file for real use. But in general, sensitive passwords should not be stored
+# in text files!
+keystorepass = "{{ fdroid_keystore_pass }}"
+
+# The password for keys - the same is used for each auto-generated key as well
+# as for the repository key. You should not normally store this password in a
+# file since it is a sensitive password.
+keypass = "{{ fdroid_keystore_pass }}"
+
+# The distinguished name used for all keys.
+keydname = "CN=cisti, OU=Unknown, O=cisti.org, L=Unknown, ST=Unknown, C=Unknown"

roles/staging/fdroid/templates/fdroid.service.j2

@@ -0,0 +1,24 @@
+[Unit]
+Description=A simple apk downloader
+After=network.target
+Requires=network.target
+
+[Service]
+Type=oneshot
+ExecStart={{ fdroid_utils_dir }}/apk-dl {{ fdroid_base_dir }}/apklist {{ fdroid_repo_dir }}/repo
+WorkingDirectory={{ fdroid_repo_dir }}
+User={{ fdroid_user }}
+
+# Optional security settings
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+PrivateDevices=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+NoNewPrivileges=true
+ReadWritePaths={{ fdroid_repo_dir }}
+
+[Install]
+WantedBy=multi-user.target

roles/staging/fdroid/templates/fdroid.timer.j2

@@ -0,0 +1,9 @@
+[Unit]
+Description=Google Play store poller timer
+
+[Timer]
+OnCalendar=daily
+Unit=fdroid.service
+
+[Install]
+WantedBy=timers.target

vars/fdroid.yml

@@ -0,0 +1,5 @@
+---
+with_backup: true
+
+fdroid_repo_dir: "{{ fdroid_base_dir }}/cisti"
+fdroid_keystore_pass: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/fdroid/keystore/pass')}}"