Mercurial > code > home > repos > infra

view apt/apt.py @ 320:11d3bcedb9f0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updates for tofu rebuild; some dead code; start moving tasks into subdirs with their files and templates
author drewp@bigasterisk.com
date Fri, 08 Nov 2024 23:16:56 -0800
parents apt.py@f17d9925a2aa
children 5b88b38f2471
line wrap: on
line source

import shlex

from pyinfra import host
from pyinfra.facts.server import Arch
from pyinfra.operations import apt, files, server

TZ = 'America/Los_Angeles'


def pkg_keys():
    files.directory(path='/etc/apt/keyrings/')  # for raspi
    for url, name in [
        ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'),
    ]:
        files.download(src=url, dest=f'/usr/share/keyrings/{name}')

    apt.packages(packages=['curl', 'gpg'])
    server.shell(commands=[
        f"curl -fsSL {shlex.quote(url)} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [
            ('https://packages.microsoft.com/keys/microsoft.asc', 'ms.gpg'),
            ('https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key', 'nodesource.gpg'),
            ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'),
            ('https://ftp-master.debian.org/keys/archive-key-11.asc', 'bullseye.gpg'),
            ('https://ftp-master.debian.org/keys/archive-key-11-security.asc', 'bullseye-security.gpg'),
            ('https://packages.cloud.google.com/apt/doc/apt-key.gpg', 'coral.gpg'),
            ('https://hub.unity3d.com/linux/keys/public', 'unityhub.gpg'),
            ('https://nvidia.github.io/libnvidia-container/gpgkey', 'nvidia.gpg'),
        ]
    ])

    # also these
    #-rw-r--r-- 1 root root 2794 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg
    #-rw-r--r-- 1 root root 1733 Mar 26  2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg

    # raspi needs wget http://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add -


def arch386():
    server.shell(commands=['dpkg --add-architecture i386'])


def old_deleteme_apt_sources():
    files.template(src='apt/templates/sources.list.j2', dest='/etc/apt/sources.list')
    apt_update()


def apt_update():
    apt.packages(update=True,
                 cache_time=86400,
                 packages=['tzdata'],
                 force=True,
                 _env={
                     'TZ': TZ,
                     'LANG': 'en_US.UTF-8',
                     'DEBIAN_FRONTEND': 'noninteractive'
                 })

    # squib 1st setup seemed to need more updates for node(nodesource)
    # and steam-launcher


def flatpak_sources():
    apt.packages(update=True, cache_time=86400, packages=['flatpak'])
    server.shell(commands='flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo')


if host.get_fact(Arch) == 'x86_64':
    arch386()

pkg_keys()
using_new_sources = ['tofu']
if host.name in using_new_sources:
    # todo: rm /etc/apt/sources.list.d/*.list
    files.template(src='apt/templates/ubuntu.sources.j2', dest='/etc/apt/sources.list.d/ubuntu.sources')
    files.template(src='apt/templates/more.sources.j2', dest='/etc/apt/sources.list.d/more.sources')
    apt_update()
else:
    old_deleteme_apt_sources()

flatpak_sources()