Mercurial > code > home > repos > infra
view apt.py @ 288:3af02e24eaf9
minor
| author | drewp@bigasterisk.com |
|---|---|
| date | Sun, 21 Apr 2024 17:01:13 -0700 |
| parents | 73ec5064da44 |
| children | 65e28d2e0cd8 |
line wrap: on
line source
import io from pathlib import Path import shlex from typing import cast from pyinfra import host from pyinfra.facts.files import FindFiles from pyinfra.facts.server import Arch, LinuxDistribution from pyinfra.operations import apt, files, server TZ = 'America/Los_Angeles' is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux'] def pkg_keys(): files.directory(path='/etc/apt/keyrings/') # for raspi for url, name in [ ('https://repo.steampowered.com/steam/archive/stable/steam.gpg', 'steam.gpg'), ]: files.download(src=url, dest=f'/usr/share/keyrings/{name}') # vscode keeps making this, but I fetch my own files.file(path='/etc/apt/trusted.gpg.d/microsoft.gpg', present=False) # and it makes this, which is redundant with my sources.list template line files.file(path='/etc/apt/sources.list.d/vscode.list', present=False) apt.packages(packages=['curl']) server.shell(commands=[ f"curl -fsSL {shlex.quote(url)} | gpg --dearmor > /etc/apt/keyrings/{name}" for (url, name) in [ ('https://packages.microsoft.com/keys/microsoft.asc', 'ms.gpg'), ('https://deb.nodesource.com/gpgkey/nodesource.gpg.key', 'nodesource-older.gpg'), # rm after everything's on 23.10 ('https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key', 'nodesource.gpg'), ('https://dl.google.com/linux/linux_signing_key.pub', 'chrome.gpg'), ('https://ftp-master.debian.org/keys/archive-key-11.asc', 'bullseye.gpg'), ('https://ftp-master.debian.org/keys/archive-key-11-security.asc', 'bullseye-security.gpg'), ('https://packages.cloud.google.com/apt/doc/apt-key.gpg', 'coral.gpg'), ('https://hub.unity3d.com/linux/keys/public', 'unityhub.gpg'), ('https://nvidia.github.io/libnvidia-container/gpgkey', 'nvidia.gpg'), ] ]) if is_pi or host.name == 'bang': # this contaminates the apt-update files.file(path="/etc/apt/trusted.gpg.d/podman.asc", present=False) # also these #-rw-r--r-- 1 root root 2794 Mar 26 2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg #-rw-r--r-- 1 root root 1733 Mar 26 2021 /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg # raspi needs wget http://archive.raspbian.org/raspbian.public.key -O - | sudo apt-key add - dir = Path('/etc/apt/sources.list.d') def clear_known_sources_files(known=[ dir / 'vscode.list', dir / 'google-chrome.list', dir / 'steam-beta.list', dir / 'google-chrome-unstable.list', dir / 'steam-stable.list', dir / 'raspi.list', ]): found = map(Path, cast(str, host.get_fact(FindFiles, dir, quote_path=True))) if set(found) - set(known): raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove") for f in known: files.file(path=f, present=False) def apt_sources(): if host.get_fact(Arch) == 'x86_64': server.shell(commands=['dpkg --add-architecture i386']) files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list') clear_known_sources_files() apt.packages(update=True, cache_time=86400, packages=['tzdata'], force=True, _env={ 'TZ': TZ, 'LANG': 'en_US.UTF-8', 'DEBIAN_FRONTEND': 'noninteractive' }) # squib 1st setup seemed to need more updates for node(nodesource) # and steam-launcher def flatpak_sources(): apt.packages(update=True, cache_time=86400, packages=['flatpak']) server.shell(commands='flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo') def correct_dns(): files.put(src=io.StringIO("nameserver 10.2.0.3\n"), dest='/etc/resolv.conf') if is_pi: correct_dns() pkg_keys() apt_sources() flatpak_sources()