Mercurial > code > home > repos > infra

diff apt/apt.py @ 320:11d3bcedb9f0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updates for tofu rebuild; some dead code; start moving tasks into subdirs with their files and templates
author drewp@bigasterisk.com
date Fri, 08 Nov 2024 23:16:56 -0800
parents apt.py@f17d9925a2aa
children 5b88b38f2471
line wrap: on
line diff
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/apt/apt.py	Fri Nov 08 23:16:56 2024 -0800
@@ -0,0 +1,80 @@
+import shlex
+
+from pyinfra import host
+from pyinfra.facts.server import Arch
+from pyinfra.operations import apt, files, server
+
+TZ = 'America/Los_Angeles'
+
+
+def pkg_keys():
+    files.directory(path='/etc/apt/keyrings/')  # for raspi
+    for url, name in [
+        ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'),
+    ]:
+        files.download(src=url, dest=f'/usr/share/keyrings/{name}')
+
+    apt.packages(packages=['curl', 'gpg'])
+    server.shell(commands=[
+        f"curl -fsSL {shlex.quote(url)} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [
+            ('https://packages.microsoft.com/keys/microsoft.asc', 'ms.gpg'),
+            ('https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key', 'nodesource.gpg'),
+            ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'),
+            ('https://ftp-master.debian.org/keys/archive-key-11.asc', 'bullseye.gpg'),
+            ('https://ftp-master.debian.org/keys/archive-key-11-security.asc', 'bullseye-security.gpg'),
+            ('https://packages.cloud.google.com/apt/doc/apt-key.gpg', 'coral.gpg'),
+            ('https://hub.unity3d.com/linux/keys/public', 'unityhub.gpg'),
+            ('https://nvidia.github.io/libnvidia-container/gpgkey', 'nvidia.gpg'),
+        ]
+    ])
+
+    # also these
+    #-rw-r--r-- 1 root root 2794 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
+    #-rw-r--r-- 1 root root 1733 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg
+
+    # raspi needs wget http://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add -
+
+
+def arch386():
+    server.shell(commands=['dpkg --add-architecture i386'])
+
+
+def old_deleteme_apt_sources():
+    files.template(src='apt/templates/sources.list.j2', dest='/etc/apt/sources.list')
+    apt_update()
+
+
+def apt_update():
+    apt.packages(update=True,
+                 cache_time=86400,
+                 packages=['tzdata'],
+                 force=True,
+                 _env={
+                     'TZ': TZ,
+                     'LANG': 'en_US.UTF-8',
+                     'DEBIAN_FRONTEND': 'noninteractive'
+                 })
+
+    # squib 1st setup seemed to need more updates for node(nodesource)
+    # and steam-launcher
+
+
+def flatpak_sources():
+    apt.packages(update=True, cache_time=86400, packages=['flatpak'])
+    server.shell(commands='flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo')
+
+
+if host.get_fact(Arch) == 'x86_64':
+    arch386()
+
+pkg_keys()
+using_new_sources = ['tofu']
+if host.name in using_new_sources:
+    # todo: rm /etc/apt/sources.list.d/*.list
+    files.template(src='apt/templates/ubuntu.sources.j2', dest='/etc/apt/sources.list.d/ubuntu.sources')
+    files.template(src='apt/templates/more.sources.j2', dest='/etc/apt/sources.list.d/more.sources')
+    apt_update()
+else:
+    old_deleteme_apt_sources()
+
+flatpak_sources()