From 1bdadee9e8d56e3c37102d96cf585ca8958a454e Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 26 May 2024 21:44:21 +0200
Subject: apt-cacher-ng: initial working role

---
 chaos-at-home/host_vars/ch-apt.yml    |  9 ++++++
 inventory/host_vars/ch-apt.yml        | 27 ++++++++++++++++
 roles/apt-cacher-ng/defaults/main.yml | 18 +++++++++++
 roles/apt-cacher-ng/handlers/main.yml |  5 +++
 roles/apt-cacher-ng/tasks/main.yml    | 58 +++++++++++++++++++++++++++++++++++
 5 files changed, 117 insertions(+)
 create mode 100644 chaos-at-home/host_vars/ch-apt.yml
 create mode 100644 roles/apt-cacher-ng/handlers/main.yml

diff --git a/chaos-at-home/host_vars/ch-apt.yml b/chaos-at-home/host_vars/ch-apt.yml
new file mode 100644
index 00000000..8a46a632
--- /dev/null
+++ b/chaos-at-home/host_vars/ch-apt.yml
@@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.2;AES256;chaos-at-home
+63343434616336326566326464383931386565363433613635653836613166333461333633613239
+6261316164363531663932353564303764336536383239620a316130313064363863353138303763
+34666638616332396238303733396431326661663634313365383136393434383338336161653864
+6164363531313835380a656565353133666562633739363234336164326464323235343232656639
+30623532313433613266623864353436666362356239306339363139623766626265343933366261
+31326636393539326163313334323235313763643231363863303566376238383164316330663936
+62383062613039393733323532643437626232383963383035346264333665346538343130333733
+64306631343436323762
diff --git a/inventory/host_vars/ch-apt.yml b/inventory/host_vars/ch-apt.yml
index 2d4d5592..e23a6c20 100644
--- a/inventory/host_vars/ch-apt.yml
+++ b/inventory/host_vars/ch-apt.yml
@@ -44,9 +44,36 @@ lvm_groups:
     pvs:
     - /dev/sdb
 
+
 apt_cacher_ng_storage:
   type: lvm
   vg: storage
   lv: apt-cacher-ng
   size: 15G
   fs: ext4
+
+apt_cacher_ng_remaps:
+  debian:
+    path: /debian
+    backends:
+    - http://debian.anexia.at/debian
+  debian-security:
+    path: /debian-security
+    backends:
+    - http://debian.anexia.at/debian-security
+  ubuntu:
+    path: /ubuntu
+    backends:
+    - http://ubuntu.anexia.at/ubuntu
+  raspios:
+    path: /raspios
+    backends:
+    - http://archive.raspberrypi.com/debian
+  kalirep:
+    path: /kali
+    backends:
+    - http://http.kali.org/kali
+
+apt_cacher_ng_admin_auth:
+  username: admin
+  password: "{{ vault_apt_cacher_ng_admin_auth_password }}"
diff --git a/roles/apt-cacher-ng/defaults/main.yml b/roles/apt-cacher-ng/defaults/main.yml
index abdf06ee..eb50d456 100644
--- a/roles/apt-cacher-ng/defaults/main.yml
+++ b/roles/apt-cacher-ng/defaults/main.yml
@@ -1,3 +1,21 @@
 ---
 # apt_cacher_ng_storage:
 #   type: ...
+
+# apt_cacher_ng_remaps:
+#   debrep:
+#     path: /debian
+#     backends:
+#     - http://deb.debian.org/debian
+#   debsec:
+#     path: /debian-security
+#     backends:
+#     - http://security.debian.org
+#   uburep:
+#     path: /ubuntu
+#     backends:
+#     - http://archive.ubuntu.com/ubuntu
+
+# apt_cacher_ng_admin_auth:
+#   username: admin
+#   password: secret
diff --git a/roles/apt-cacher-ng/handlers/main.yml b/roles/apt-cacher-ng/handlers/main.yml
new file mode 100644
index 00000000..80718ec2
--- /dev/null
+++ b/roles/apt-cacher-ng/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: restart apt-cacher-ng
+  service:
+    name: apt-cacher-ng
+    state: restarted
diff --git a/roles/apt-cacher-ng/tasks/main.yml b/roles/apt-cacher-ng/tasks/main.yml
index bfe05383..eb1620cc 100644
--- a/roles/apt-cacher-ng/tasks/main.yml
+++ b/roles/apt-cacher-ng/tasks/main.yml
@@ -24,3 +24,61 @@
   apt:
     name: apt-cacher-ng
     state: present
+
+- name: fetch current remaps
+  slurp:
+    src: /etc/apt-cacher-ng/acng.conf
+  register: apt_cacher_ng_config_data
+
+- name: fetch current backend files
+  find:
+    paths: /etc/apt-cacher-ng
+    patterns: 'backends_*'
+    recurse: no
+    file_type: any
+  register: apt_cacher_ng_backends_files
+
+- name: remove superflous remaps
+  loop: "{{ (apt_cacher_ng_config_data.content | b64decode).splitlines() | select('match', '^Remap-') | map('regex_replace', '^Remap-([^:]*):.*$', '\\1') }}"
+  lineinfile:
+    path: /etc/apt-cacher-ng/acng.conf
+    regexp: '^Remap-{{ item }}:.*'
+    state: absent
+  notify: restart apt-cacher-ng
+
+- name: remove superflous backend files
+  loop: "{{ apt_cacher_ng_backends_files.files | map(attribute='path') | map('basename') | map('regex_replace', '^backends_(.*)$', '\\1') | difference(apt_cacher_ng_remaps | list) }}"
+  file:
+    path: "/etc/apt-cacher-ng/backends_{{ item }}"
+    state: absent
+
+- name: add ansible config
+  copy:
+    content: |
+      # ansible managed
+      ForceManaged: 1
+
+      {% for name, config in apt_cacher_ng_remaps.items() %}
+      Remap-{{ name }}: {{ config.path }} ; file:backends_{{ name }}
+      {% endfor %}
+    dest: /etc/apt-cacher-ng/zzz_ansible.conf
+  notify: restart apt-cacher-ng
+
+- name: create backend files
+  loop: "{{ apt_cacher_ng_remaps | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  copy:
+    content: |
+      {% for backend in item.value.backends %}
+      {{ backend }}
+      {% endfor %}
+    dest: "/etc/apt-cacher-ng/backends_{{ item.key }}"
+  notify: restart apt-cacher-ng
+
+- name: configure admin auth
+  lineinfile:
+    path: /etc/apt-cacher-ng/security.conf
+    regexp: '#\s*AdminAuth:'
+    line: "AdminAuth: {{ apt_cacher_ng_admin_auth.username }}:{{ apt_cacher_ng_admin_auth.password }}"
+  notify: restart apt-cacher-ng
-- 
cgit v1.2.3