Git-Mirrors/qusal
1
0
Fork 0
mirror of https://github.com/ben-grande/qusal.git synced 2025-05-31 20:14:43 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix: stop modifying distribution package files

Browse source 
Avoids breaking package updates.
This commit is contained in:
Ben Grande 2023-11-21 23:55:16 +00:00
parent 10b3bcdf41
commit ec2dab3bf5
4 changed files with 62 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
salt/sys-cacher/README.md
View file

@ -66,7 +66,7 @@ The report page is available from `sys-cacher` and `sys-cacher-browser` at
security wise, every client has administrative access to the cacher qube. You security wise, every client has administrative access to the cacher qube. You
should add the following to the end of `sys-cacher` rc.local: should add the following to the end of `sys-cacher` rc.local:
```sh ```sh
echo "AdminAuth: username:password" | tee /etc/apt-cacher-ng/zzz_security.conf echo "AdminAuth: username:password" | tee /etc/qubes-apt-cacher-ng/zzz_security.conf
``` ```
Where username and password are HTTP Auth strings. Where username and password are HTTP Auth strings.

4
salt/sys-cacher/configure.sls
View file

@ -15,8 +15,8 @@ include:
- text: | - text: |
chown -R apt-cacher-ng:apt-cacher-ng /var/log/apt-cacher-ng chown -R apt-cacher-ng:apt-cacher-ng /var/log/apt-cacher-ng
chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng
systemctl unmask apt-cacher-ng systemctl unmask qubes-apt-cacher-ng
systemctl --no-block restart apt-cacher-ng systemctl --no-block restart qubes-apt-cacher-ng
nft 'insert rule ip filter INPUT tcp dport 8082 counter accept' nft 'insert rule ip filter INPUT tcp dport 8082 counter accept'
"{{ slsdotpath }}-install-qubes-firewall-user-script": "{{ slsdotpath }}-install-qubes-firewall-user-script":

24
salt/sys-cacher/files/server/systemd/qubes-apt-cacher-ng.service Normal file
View file

@ -0,0 +1,24 @@
# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <ben.grande.b@gmail.com>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
[Unit]
Description=Qubes Apt-Cacher NG software download proxy
After=network.target
# This can be used to ensure that the service starts only after delayed mount of
# the storage location.
# Note: when the CacheDir folder in configuration file(s) like in
# /etc/apt-cacher-ng/acng.conf is changed, change the next line too!
RequiresMountsFor=/var/cache/apt-cacher-ng
[Service]
# the SocketPath option can be removed if the inetd bridge functionality is not>
ExecStart=/usr/sbin/apt-cacher-ng -c "/etc/qubes-apt-cacher-ng" ForeGround=1
User=apt-cacher-ng
Group=apt-cacher-ng
# This can be changed to notify if the support was enabled at build time
Type=notify
Restart=on-failure
[Install]
WantedBy=multi-user.target

44
salt/sys-cacher/install.sls
View file

@ -28,35 +28,61 @@ SPDX-License-Identifier: AGPL-3.0-or-later
- anacron - anacron
- apt-cacher-ng - apt-cacher-ng
"{{ slsdotpath }}-disable-apt-cacher-ng":
cmd.run:
- name: systemctl disable apt-cacher-ng
"{{ slsdotpath }}-mask-apt-cacher-ng": "{{ slsdotpath }}-mask-apt-cacher-ng":
service.masked: service.masked:
- name: apt-cacher-ng - name: apt-cacher-ng
- runtime: False - runtime: False
"{{ slsdotpath }}-disable-apt-cacher-ng":
cmd.run:
- name: systemctl disable apt-cacher-ng
"{{ slsdotpath }}-create-qubes-cacher-config-dir":
file.directory:
- name: /etc/qubes-apt-cacher-ng
- mode: '0755'
"{{ slsdotpath }}-copy-package-config-to-qubes-cacher-config":
cmd.run:
- name: cp -rp /etc/apt-cacher-ng/* /etc/qubes-apt-cacher-ng
"{{ slsdotpath }}-systemd-service":
file.managed:
- name: /usr/lib/systemd/system/qubes-apt-cacher-ng.service
- source: salt://{{ slsdotpath }}/files/server/systemd/qubes-apt-cacher-ng.service
- user: root
- group: root
- mode: '0644'
"{{ slsdotpath }}-mask-qubes-apt-cacher-ng":
service.masked:
- name: qubes-apt-cacher-ng
- runtime: False
"{{ slsdotpath }}-disable-qubes-apt-cacher-ng":
cmd.run:
- name: systemctl disable qubes-apt-cacher-ng
"{{ slsdotpath }}-install-backends_debian": "{{ slsdotpath }}-install-backends_debian":
file.prepend: file.prepend:
- name: /etc/apt-cacher-ng/backends_debian - name: /etc/qubes-apt-cacher-ng/backends_debian
- text: https://deb.debian.org/debian - text: https://deb.debian.org/debian
"{{ slsdotpath }}-update-debian-mirrors": "{{ slsdotpath }}-update-debian-mirrors":
cmd.run: cmd.run:
- name: cp /usr/lib/apt-cacher-ng/deb_mirrors.gz /etc/apt-cacher-ng/deb_mirrors.gz - name: cp /usr/lib/apt-cacher-ng/deb_mirrors.gz /etc/qubes-apt-cacher-ng/deb_mirrors.gz
- runas: root - runas: root
"{{ slsdotpath }}-update-fedora-mirrors": "{{ slsdotpath }}-update-fedora-mirrors":
file.managed: file.managed:
- name: /etc/apt-cacher-ng/fedora_mirrors - name: /etc/qubes-apt-cacher-ng/fedora_mirrors
- source: salt://{{ slsdotpath }}/files/server/mirrors/fedora_mirrors - source: salt://{{ slsdotpath }}/files/server/mirrors/fedora_mirrors
- user: root - user: root
- group: root - group: root
"{{ slsdotpath }}-update-arch-mirrors": "{{ slsdotpath }}-update-arch-mirrors":
file.managed: file.managed:
- name: /etc/apt-cacher-ng/archlx_mirrors - name: /etc/qubes-apt-cacher-ng/archlx_mirrors
- source: salt://{{ slsdotpath }}/files/server/mirrors/archlx_mirrors - source: salt://{{ slsdotpath }}/files/server/mirrors/archlx_mirrors
- user: root - user: root
- group: root - group: root
@ -68,7 +94,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
"{{ slsdotpath }}-acng.conf": "{{ slsdotpath }}-acng.conf":
file.managed: file.managed:
- name: /etc/apt-cacher-ng/acng.conf - name: /etc/qubes-apt-cacher-ng/acng.conf
- source: salt://{{ slsdotpath }}/files/server/conf/acng.conf - source: salt://{{ slsdotpath }}/files/server/conf/acng.conf
- user: root - user: root
- group: root - group: root