Mercurial > code > home > repos > infra
annotate apt.py @ 309:f17d9925a2aa
ubuntu update changed sources a bit
| author | drewp@bigasterisk.com |
|---|---|
| date | Mon, 16 Sep 2024 20:10:00 -0700 |
| parents | d000aead76d4 |
| children |
| rev | line source |
|---|---|
| 282 | 1 import io |
| 195 | 2 from pathlib import Path |
| 280 | 3 import shlex |
| 288 | 4 from typing import cast |
| 155 | 5 from pyinfra import host |
| 6 from pyinfra.facts.files import FindFiles | |
| 7 from pyinfra.facts.server import Arch, LinuxDistribution | |
| 8 from pyinfra.operations import apt, files, server | |
| 9 | |
| 10 TZ = 'America/Los_Angeles' | |
| 11 | |
| 282 | 12 |
| 155 | 13 def pkg_keys(): |
|
178
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
14 files.directory(path='/etc/apt/keyrings/') # for raspi |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
15 for url, name in [ |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
16 ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'), |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
17 ]: |
| 247 | 18 files.download(src=url, dest=f'/usr/share/keyrings/{name}') |
| 203 | 19 |
| 20 # vscode keeps making this, but I fetch my own | |
|
235
19a7f714273c
pkg updates, take out nvidia drv for now
drewp@bigasterisk.com
parents:
230
diff
changeset
|
21 files.file(path='/etc/apt/trusted.gpg.d/microsoft.gpg', present=False) |
| 203 | 22 |
| 230 | 23 # and it makes this, which is redundant with my sources.list template line |
| 24 files.file(path='/etc/apt/sources.list.d/vscode.list', present=False) | |
| 25 | |
| 297 | 26 apt.packages(packages=['curl', 'gpg']) |
|
187
466108f0a509
redo pkg keys and future podman 4.3.1 version
drewp@bigasterisk.com
parents:
178
diff
changeset
|
27 server.shell(commands=[ |
| 280 | 28 f"curl -fsSL {shlex.quote(url)} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [ |
|
187
466108f0a509
redo pkg keys and future podman 4.3.1 version
drewp@bigasterisk.com
parents:
178
diff
changeset
|
29 ('https://packages.microsoft.com/keys/microsoft.asc', 'ms.gpg'), |
| 249 | 30 ('https://deb.nodesource.com/gpgkey/nodesource.gpg.key', 'nodesource-older.gpg'), # rm after everything's on 23.10 |
| 240 | 31 ('https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key', 'nodesource.gpg'), |
|
187
466108f0a509
redo pkg keys and future podman 4.3.1 version
drewp@bigasterisk.com
parents:
178
diff
changeset
|
32 ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'), |
| 195 | 33 ('https://ftp-master.debian.org/keys/archive-key-11.asc', 'bullseye.gpg'), |
| 34 ('https://ftp-master.debian.org/keys/archive-key-11-security.asc', 'bullseye-security.gpg'), | |
| 209 | 35 ('https://packages.cloud.google.com/apt/doc/apt-key.gpg', 'coral.gpg'), |
| 249 | 36 ('https://hub.unity3d.com/linux/keys/public', 'unityhub.gpg'), |
| 254 | 37 ('https://nvidia.github.io/libnvidia-container/gpgkey', 'nvidia.gpg'), |
|
187
466108f0a509
redo pkg keys and future podman 4.3.1 version
drewp@bigasterisk.com
parents:
178
diff
changeset
|
38 ] |
|
466108f0a509
redo pkg keys and future podman 4.3.1 version
drewp@bigasterisk.com
parents:
178
diff
changeset
|
39 ]) |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
40 if 'pi' in host.groups or host.name == 'bang': |
| 195 | 41 # this contaminates the apt-update |
| 42 files.file(path="/etc/apt/trusted.gpg.d/podman.asc", present=False) | |
| 43 | |
| 211 | 44 # also these |
| 45 #-rw-r--r-- 1 root root 2794 Mar 26 2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg | |
| 46 #-rw-r--r-- 1 root root 1733 Mar 26 2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg | |
| 282 | 47 |
| 280 | 48 # raspi needs wget http://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add - |
| 195 | 49 |
| 249 | 50 |
| 195 | 51 dir = Path('/etc/apt/sources.list.d') |
| 52 | |
| 53 | |
| 240 | 54 def clear_known_sources_files(known=[ |
| 249 | 55 dir / 'vscode.list', |
| 56 dir / 'google-chrome.list', | |
| 57 dir / 'steam-beta.list', | |
| 58 dir / 'google-chrome-unstable.list', | |
| 59 dir / 'steam-stable.list', | |
| 280 | 60 dir / 'raspi.list', |
| 240 | 61 ]): |
| 288 | 62 found = map(Path, cast(str, host.get_fact(FindFiles, dir, quote_path=True))) |
| 309 | 63 if set(found) - set(known) - {dir / 'ubuntu.sources'}: |
| 195 | 64 raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove") |
| 65 for f in known: | |
| 66 files.file(path=f, present=False) | |
| 155 | 67 |
| 68 | |
| 69 def apt_sources(): | |
| 70 if host.get_fact(Arch) == 'x86_64': | |
| 71 server.shell(commands=['dpkg --add-architecture i386']) | |
| 72 | |
| 73 files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list') | |
| 195 | 74 |
| 309 | 75 if 'big' in host.groups or 'laptop' in host.groups or 'hosted' in host.groups: |
| 76 files.template(src='templates/ubuntu.sources.j2', dest='/etc/apt/sources.list.d/ubuntu.sources') | |
| 77 | |
| 195 | 78 clear_known_sources_files() |
| 155 | 79 apt.packages(update=True, |
|
187
466108f0a509
redo pkg keys and future podman 4.3.1 version
drewp@bigasterisk.com
parents:
178
diff
changeset
|
80 cache_time=86400, |
|
178
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
81 packages=['tzdata'], |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
82 force=True, |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
83 _env={ |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
84 'TZ': TZ, |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
85 'LANG': 'en_US.UTF-8', |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
86 'DEBIAN_FRONTEND': 'noninteractive' |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
87 }) |
|
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
88 |
| 188 | 89 # squib 1st setup seemed to need more updates for node(nodesource) |
| 90 # and steam-launcher | |
|
178
6ec7cd3615f0
another try at apt.key, but it doesn't completely work because prime
drewp@bigasterisk.com
parents:
155
diff
changeset
|
91 |
| 283 | 92 |
| 271 | 93 def flatpak_sources(): |
| 286 | 94 apt.packages(update=True, cache_time=86400, packages=['flatpak']) |
| 288 | 95 server.shell(commands='flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo') |
| 195 | 96 |
| 282 | 97 |
| 98 def correct_dns(): | |
| 99 files.put(src=io.StringIO("nameserver 10.2.0.3\n"), dest='/etc/resolv.conf') | |
| 100 | |
| 101 | |
|
289
65e28d2e0cd8
move static templates to files/ ; use inventory tags for selecting hosts+features ; other refactors
drewp@bigasterisk.com
parents:
288
diff
changeset
|
102 if 'pi' in host.groups: |
| 282 | 103 correct_dns() |
| 155 | 104 pkg_keys() |
|
187
466108f0a509
redo pkg keys and future podman 4.3.1 version
drewp@bigasterisk.com
parents:
178
diff
changeset
|
105 apt_sources() |
| 282 | 106 flatpak_sources() |