forked from cisti/infra
add fdroid role
Signed-off-by: bic <bicno@autistici.org>
This commit is contained in:
parent
2bd2e6c70c
commit
a823468870
14 changed files with 309 additions and 0 deletions
|
@ -6,6 +6,8 @@ Un angolo ragionato per facilitare la messa in opera di servizi autogestiti di p
|
|||
```bash
|
||||
ansible-galaxy collection install community.general
|
||||
ansible-galaxy collection install community.postgresql
|
||||
ansible-galaxy install nginxinc.nginx
|
||||
ansible-galaxy install nginxinc.nginx_config
|
||||
```
|
||||
|
||||
Silicone è una raccolta di ruoli
|
||||
|
|
|
@ -33,6 +33,12 @@
|
|||
tags: radicale
|
||||
roles: ['stable/common', 'staging/radicale']
|
||||
|
||||
- name: Fdroid
|
||||
hosts: fdroid
|
||||
tags: fdroid
|
||||
roles: [ 'stable/common', 'staging/fdroid' ]
|
||||
vars_files: vars/fdroid.yml
|
||||
|
||||
# TEST
|
||||
- name: Test
|
||||
hosts: test
|
||||
|
|
|
@ -22,6 +22,9 @@ frontend:
|
|||
radicale:
|
||||
hosts: cisti.cal
|
||||
|
||||
fdroid:
|
||||
hosts: cisti.fdroid
|
||||
|
||||
test:
|
||||
hosts: cisti.jolly
|
||||
vars:
|
||||
|
|
11
roles/staging/fdroid/defaults/main.yml
Normal file
11
roles/staging/fdroid/defaults/main.yml
Normal file
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
|
||||
fdroid_user: "fdroid"
|
||||
|
||||
fdroid_base_dir: "/srv/fdroid"
|
||||
fdroid_android_dir: "{{ fdroid_base_dir }}/androidtools"
|
||||
fdroid_repo_dir: "{{ fdroid_base_dir }}/repository"
|
||||
fdroid_utils_dir: "{{ fdroid_base_dir }}/utils"
|
||||
fdroid_html_dir: "{{ fdroid_base_dir }}/html"
|
||||
|
||||
fdroid_keystore_pass: ""
|
8
roles/staging/fdroid/files/apk-dl
Normal file
8
roles/staging/fdroid/files/apk-dl
Normal file
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
|
||||
while IFS= read -r line
|
||||
do
|
||||
gplaycli -d "$line" -f "$2"
|
||||
done < "$1"
|
||||
|
||||
fdroid update --create-metadata --pretty --clean
|
16
roles/staging/fdroid/files/applist
Normal file
16
roles/staging/fdroid/files/applist
Normal file
|
@ -0,0 +1,16 @@
|
|||
|
||||
org.mozilla.firefox
|
||||
org.thoughtcrime.securesms
|
||||
com.whatsapp
|
||||
com.lynxspa.prontotreno
|
||||
com.shazam.android
|
||||
me.bgregos.brighttask
|
||||
com.spotify.music
|
||||
com.generalmagic.magicearth
|
||||
org.dslul.openboard.inputmethod.latin
|
||||
com.chimbori.hermitcrab
|
||||
com.fineco.it
|
||||
ch.protonmail.android
|
||||
com.skype.m2
|
||||
posteitaliane.posteapp.appposteid
|
||||
com.smartlifedigital.autodialer
|
BIN
roles/staging/fdroid/files/cisti.png
Normal file
BIN
roles/staging/fdroid/files/cisti.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 1,020 KiB |
16
roles/staging/fdroid/files/gplaylist
Executable file
16
roles/staging/fdroid/files/gplaylist
Executable file
|
@ -0,0 +1,16 @@
|
|||
#!/bin/sh
|
||||
|
||||
export ANDROID_HOME=/home/bic/workspace/android/Sdk
|
||||
|
||||
if [ "$1" = "-d" ]; then
|
||||
while IFS= read -r line
|
||||
do
|
||||
echo "$line"
|
||||
gplaycli -d "$line" -f repo
|
||||
done < applist
|
||||
fi
|
||||
|
||||
fdroid update --create-metadata --use-date-from-apk --pretty --clean --verbose
|
||||
fdroid deploy
|
||||
|
||||
|
43
roles/staging/fdroid/meta/main.yml
Normal file
43
roles/staging/fdroid/meta/main.yml
Normal file
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
galaxy_info:
|
||||
role_name: fdroid
|
||||
author: hacklab underscore
|
||||
description: install an fdroid server and gplaycli tool
|
||||
company: cisti.org
|
||||
|
||||
min_ansible_version: 1.2
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- buster
|
||||
|
||||
dependencies:
|
||||
|
||||
- role: nginxinc.nginx
|
||||
- role: nginxinc.nginx_config
|
||||
vars:
|
||||
nginx_config_http_template_enable: true
|
||||
nginx_config_http_template:
|
||||
app:
|
||||
template_file: http/default.conf.j2
|
||||
conf_file_name: default.conf
|
||||
conf_file_location: /etc/nginx/conf.d/
|
||||
servers:
|
||||
server1:
|
||||
listen:
|
||||
listen_localhost:
|
||||
port: 80
|
||||
server_name: localhost
|
||||
web_server:
|
||||
locations:
|
||||
main_site:
|
||||
location: /
|
||||
html_file_location: "{{ fdroid_html_dir }}"
|
||||
autoindex: true
|
||||
|
||||
- role: stable/restic
|
||||
when: with_backup | bool
|
||||
vars:
|
||||
restic_folders: ['{{ fdroid_repo_dir }}']
|
||||
|
127
roles/staging/fdroid/tasks/main.yml
Normal file
127
roles/staging/fdroid/tasks/main.yml
Normal file
|
@ -0,0 +1,127 @@
|
|||
---
|
||||
|
||||
- name: Install fdroid server
|
||||
become: yes
|
||||
register: install_fdroid
|
||||
apt:
|
||||
pkg:
|
||||
- python3-pip
|
||||
- fdroidserver
|
||||
|
||||
- name: Install gplaycli
|
||||
become: yes
|
||||
register: install_gplaycli
|
||||
pip:
|
||||
name: gplaycli
|
||||
|
||||
|
||||
- name: check for fdroid user
|
||||
user:
|
||||
name: "{{ fdroid_user }}"
|
||||
home: "{{ fdroid_base_dir }}"
|
||||
state: present
|
||||
|
||||
- name: Create directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
owner: "{{ fdroid_user }}"
|
||||
mode: 0775
|
||||
with_items:
|
||||
- "{{ fdroid_base_dir }}"
|
||||
- "{{ fdroid_android_dir }}"
|
||||
- "{{ fdroid_repo_dir }}"
|
||||
- "{{ fdroid_utils_dir }}"
|
||||
- "{{ fdroid_repo_dir }}/repo"
|
||||
- "{{ fdroid_html_dir }}"
|
||||
|
||||
- name: Unarchive android sdk
|
||||
become: yes
|
||||
become_user: "{{ fdroid_user }}"
|
||||
register: download_sdk
|
||||
ansible.builtin.unarchive:
|
||||
src: https://dl.google.com/android/repository/commandlinetools-linux-6858069_latest.zip
|
||||
dest: "{{ fdroid_android_dir }}"
|
||||
remote_src: yes
|
||||
|
||||
- name: Initialize android sdk
|
||||
become: yes
|
||||
become_user: "{{ fdroid_user }}"
|
||||
register: download_build_tools
|
||||
shell: 'yes | {{ fdroid_android_dir }}/cmdline-tools/bin/sdkmanager --sdk_root="$ANDROID_HOME" platform-tools "build-tools;30.0.3"'
|
||||
environment:
|
||||
ANDROID_HOME: "{{ fdroid_android_dir }}/android-sdk-linux"
|
||||
tags: ['skip_ansible_lint']
|
||||
|
||||
- name: Upload settings
|
||||
template:
|
||||
src: config.py.j2
|
||||
dest: "{{ fdroid_repo_dir }}/config.py"
|
||||
owner: "{{ fdroid_user }}"
|
||||
mode: 0600
|
||||
|
||||
- name: Upload cisti img
|
||||
copy:
|
||||
src: files/cisti.png
|
||||
dest: "{{ fdroid_repo_dir }}/cisti.png"
|
||||
owner: "{{ fdroid_user }}"
|
||||
mode: 0660
|
||||
|
||||
- name: Local decrypt keystore
|
||||
delegate_to: localhost
|
||||
shell: "pass show cisti.org/ansible/fdroid/keystore > /tmp/cisti.keystore"
|
||||
tags: ['skip_ansible_lint']
|
||||
|
||||
- name: Upload keystore
|
||||
copy:
|
||||
src: /tmp/cisti.keystore
|
||||
dest: "{{ fdroid_repo_dir }}/cisti.keystore"
|
||||
owner: "{{ fdroid_user }}"
|
||||
mode: 0600
|
||||
|
||||
- name: Remove file (delete file)
|
||||
delegate_to: localhost
|
||||
file:
|
||||
path: /tmp/cisti.keystore
|
||||
state: absent
|
||||
|
||||
- name: Upload apk list
|
||||
copy:
|
||||
src: files/applist
|
||||
dest: "{{ fdroid_base_dir }}/apklist"
|
||||
owner: "{{ fdroid_user }}"
|
||||
mode: 0660
|
||||
|
||||
- name: Upload apk-dl
|
||||
copy:
|
||||
src: files/apk-dl
|
||||
dest: "{{ fdroid_utils_dir }}/apk-dl"
|
||||
owner: "{{ fdroid_user }}"
|
||||
mode: 0700
|
||||
|
||||
- name: Upload service for apk poller
|
||||
template:
|
||||
src: fdroid.service.j2
|
||||
dest: /etc/systemd/system/fdroid.service
|
||||
owner: "{{ fdroid_user }}"
|
||||
mode: 0660
|
||||
|
||||
- name: Upload timer for apk poller
|
||||
template:
|
||||
src: fdroid.timer.j2
|
||||
dest: /etc/systemd/system/fdroid.timer
|
||||
owner: "{{ fdroid_user }}"
|
||||
mode: 0660
|
||||
|
||||
- name: Make sure apk poller is running
|
||||
systemd:
|
||||
state: restarted
|
||||
daemon_reload: yes
|
||||
name: fdroid
|
||||
|
||||
- name: Link repo into public dir
|
||||
file:
|
||||
src: "{{ fdroid_repo_dir }}/repo"
|
||||
path: "{{ fdroid_html_dir }}/repo"
|
||||
state: link
|
||||
owner: "{{ fdroid_user }}"
|
39
roles/staging/fdroid/templates/config.py.j2
Normal file
39
roles/staging/fdroid/templates/config.py.j2
Normal file
|
@ -0,0 +1,39 @@
|
|||
#!/usr/bin/env python3
|
||||
|
||||
sdk_path = "{{ fdroid_android_dir }}/android-sdk-linux"
|
||||
|
||||
build_tools = "30.0.3"
|
||||
|
||||
repo_url = "https://fdroid.cisti.org/repo"
|
||||
repo_name = "Cisti.org"
|
||||
repo_icon = "cisti.png"
|
||||
repo_description = """
|
||||
Questo archivio contiene applicazioni scaricate dal play store di google su
|
||||
richiesta degli utenti di cisti.org
|
||||
"""
|
||||
|
||||
# `fdroid update` will create a link to the current version of a given app.
|
||||
# This provides a static path to the current APK. To disable the creation of
|
||||
# this link, uncomment this:
|
||||
make_current_version_link = False
|
||||
|
||||
# The key (from the keystore defined below) to be used for signing the
|
||||
# repository itself. This is the same name you would give to keytool or
|
||||
# jarsigner using -alias. (Not needed in an unsigned repository).
|
||||
repo_keyalias = "cisti"
|
||||
|
||||
keystore = "cisti.keystore"
|
||||
|
||||
# The password for the keystore (at least 6 characters). If this password is
|
||||
# different than the keypass below, it can be OK to store the password in this
|
||||
# file for real use. But in general, sensitive passwords should not be stored
|
||||
# in text files!
|
||||
keystorepass = "{{ fdroid_keystore_pass }}"
|
||||
|
||||
# The password for keys - the same is used for each auto-generated key as well
|
||||
# as for the repository key. You should not normally store this password in a
|
||||
# file since it is a sensitive password.
|
||||
keypass = "{{ fdroid_keystore_pass }}"
|
||||
|
||||
# The distinguished name used for all keys.
|
||||
keydname = "CN=cisti, OU=Unknown, O=cisti.org, L=Unknown, ST=Unknown, C=Unknown"
|
24
roles/staging/fdroid/templates/fdroid.service.j2
Normal file
24
roles/staging/fdroid/templates/fdroid.service.j2
Normal file
|
@ -0,0 +1,24 @@
|
|||
[Unit]
|
||||
Description=A simple apk downloader
|
||||
After=network.target
|
||||
Requires=network.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ fdroid_utils_dir }}/apk-dl {{ fdroid_base_dir }}/apklist {{ fdroid_repo_dir }}/repo
|
||||
WorkingDirectory={{ fdroid_repo_dir }}
|
||||
User={{ fdroid_user }}
|
||||
|
||||
# Optional security settings
|
||||
PrivateTmp=true
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
PrivateDevices=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelModules=true
|
||||
ProtectControlGroups=true
|
||||
NoNewPrivileges=true
|
||||
ReadWritePaths={{ fdroid_repo_dir }}
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
9
roles/staging/fdroid/templates/fdroid.timer.j2
Normal file
9
roles/staging/fdroid/templates/fdroid.timer.j2
Normal file
|
@ -0,0 +1,9 @@
|
|||
[Unit]
|
||||
Description=Google Play store poller timer
|
||||
|
||||
[Timer]
|
||||
OnCalendar=daily
|
||||
Unit=fdroid.service
|
||||
|
||||
[Install]
|
||||
WantedBy=timers.target
|
5
vars/fdroid.yml
Normal file
5
vars/fdroid.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
with_backup: true
|
||||
|
||||
fdroid_repo_dir: "{{ fdroid_base_dir }}/cisti"
|
||||
fdroid_keystore_pass: "{{lookup('community.general.passwordstore', '{{passwordstore_path}}/fdroid/keystore/pass')}}"
|
Loading…
Reference in a new issue