Mercurial > code > home > repos > infra

import io
from pathlib import Path
import shlex
from pyinfra import host
from pyinfra.facts.files import FindFiles
from pyinfra.facts.server import Arch, LinuxDistribution
from pyinfra.operations import apt, files, server

TZ = 'America/Los_Angeles'

is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']


def pkg_keys():
    files.directory(path='/etc/apt/keyrings/')  # for raspi
    for url, name in [
        ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'),
    ]:
        files.download(src=url, dest=f'/usr/share/keyrings/{name}')

    # vscode keeps making this, but I fetch my own
    files.file(path='/etc/apt/trusted.gpg.d/microsoft.gpg', present=False)

    # and it makes this, which is redundant with my sources.list template line
    files.file(path='/etc/apt/sources.list.d/vscode.list', present=False)

    apt.packages(packages=['curl'])
    server.shell(commands=[
        f"curl -fsSL {shlex.quote(url)} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [
            ('https://packages.microsoft.com/keys/microsoft.asc', 'ms.gpg'),
            ('https://deb.nodesource.com/gpgkey/nodesource.gpg.key', 'nodesource-older.gpg'),  # rm after everything's on 23.10
            ('https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key', 'nodesource.gpg'),
            ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'),
            ('https://ftp-master.debian.org/keys/archive-key-11.asc', 'bullseye.gpg'),
            ('https://ftp-master.debian.org/keys/archive-key-11-security.asc', 'bullseye-security.gpg'),
            ('https://packages.cloud.google.com/apt/doc/apt-key.gpg', 'coral.gpg'),
            ('https://hub.unity3d.com/linux/keys/public', 'unityhub.gpg'),
            ('https://nvidia.github.io/libnvidia-container/gpgkey', 'nvidia.gpg'),
        ]
    ])
    if is_pi or host.name == 'bang':
        # this contaminates the apt-update
        files.file(path="/etc/apt/trusted.gpg.d/podman.asc", present=False)

    # also these
    #-rw-r--r-- 1 root root 2794 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
    #-rw-r--r-- 1 root root 1733 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg

    # raspi needs wget http://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add -


dir = Path('/etc/apt/sources.list.d')


def clear_known_sources_files(known=[
    dir / 'vscode.list',
    dir / 'google-chrome.list',
    dir / 'steam-beta.list',
    dir / 'google-chrome-unstable.list',
    dir / 'steam-stable.list',
    dir / 'raspi.list',
]):
    found = map(Path, host.get_fact(FindFiles, dir, quote_path=True))
    if set(found) - set(known):
        raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove")
    for f in known:
        files.file(path=f, present=False)


def apt_sources():
    if host.get_fact(Arch) == 'x86_64':
        server.shell(commands=['dpkg --add-architecture i386'])

    files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list')

    clear_known_sources_files()
    apt.packages(update=True,
                 cache_time=86400,
                 packages=['tzdata'],
                 force=True,
                 _env={
                     'TZ': TZ,
                     'LANG': 'en_US.UTF-8',
                     'DEBIAN_FRONTEND': 'noninteractive'
                 })

    # squib 1st setup seemed to need more updates for node(nodesource)
    # and steam-launcher


def flatpak_sources():
    server.shell('flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo')


def correct_dns():
    files.put(src=io.StringIO("nameserver 10.2.0.3\n"), dest='/etc/resolv.conf')


if is_pi:
    correct_dns()
pkg_keys()
apt_sources()
flatpak_sources()
author	drewp@bigasterisk.com
date	Mon, 15 Apr 2024 02:28:05 -0700
parents	e10ee3ddadcf
children	73ec5064da44