Mercurial > code > home > repos > infra

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/apt.py	Thu Mar 16 17:42:17 2023 -0700
@@ -0,0 +1,72 @@
+from pyinfra import host
+from pyinfra.facts.files import FindFiles
+from pyinfra.facts.server import Arch, LinuxDistribution
+from pyinfra.operations import apt, files, server
+
+TZ = 'America/Los_Angeles'
+
+def pkg_keys():
+    # apt.key(keyserver='keyserver.ubuntu.com', keyid='04EE7237B7D453EC')
+    # apt.key(keyserver='keyserver.ubuntu.com', keyid='648ACFD622F3D138')
+    # apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
+    # apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7')
+    if host.name != 'prime':
+        apt.key(keyserver='keyserver.ubuntu.com', keyid='D0392EC59F9583BA')
+    apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
+    apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
+    apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
+    apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
+    apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
+    apt.key(src='https://deb.nodesource.com/gpgkey/nodesource.gpg.key')
+    apt.key(src='https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/Release.key')
+    # Failed to fetch https://repo.steampowered.com/steam/dists/stable/InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
+'''
+
+
+🚢 ditto(pts/1):/opt# apt update
+Hit:1 http://packages.microsoft.com/repos/code stable InRelease
+Hit:2 http://dl.google.com/linux/chrome/deb stable InRelease
+Get:3 https://repo.steampowered.com/steam stable InRelease [2861 B]
+Hit:4 http://us.archive.ubuntu.com/ubuntu kinetic InRelease
+Get:5 http://us.archive.ubuntu.com/ubuntu kinetic-backports InRelease [99.9 kB]
+Err:3 https://repo.steampowered.com/steam stable InRelease
+  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
+Get:6 http://us.archive.ubuntu.com/ubuntu kinetic-security InRelease [109 kB]
+Get:8 http://us.archive.ubuntu.com/ubuntu kinetic-updates InRelease [118 kB]
+Get:9 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe amd64 Packages [205 kB]
+Get:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease [1262 B]
+Get:10 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe i386 Packages [119 kB]
+Get:11 http://us.archive.ubuntu.com/ubuntu kinetic-updates/universe Translation-en [83.1 kB]
+Err:7 https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease
+  The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4D64390375060AA4
+Reading package lists... Done
+W: http://packages.microsoft.com/repos/code/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
+W: http://dl.google.com/linux/chrome/deb/dists/stable/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.
+W: GPG error: https://repo.steampowered.com/steam stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
+E: The repository 'https://repo.steampowered.com/steam stable InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details.
+W: GPG error: https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 4D64390375060AA4
+E: The repository 'https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_22.04  InRelease' is not signed.
+N: Updating from such a repository can't be done securely, and is therefore disabled by default.
+N: See apt-secure(8) manpage for repository creation and user configuration details.
+
+'''
+def apt_sources():
+    if host.get_fact(Arch) == 'x86_64':
+        server.shell(commands=['dpkg --add-architecture i386'])
+
+    files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list')
+    if host.get_fact(FindFiles, '/etc/apt/sources.list.d/', quote_path=True):
+        raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove")
+    apt.packages(update=True,
+                cache_time=86400,
+                packages=['tzdata'],
+                force=True,
+                _env={
+                    'TZ': TZ,
+                    'LANG': 'en_US.UTF-8',
+                    'DEBIAN_FRONTEND': 'noninteractive'
+                })
+pkg_keys()
+apt_sources()
\ No newline at end of file
--- a/system.py	Sat Mar 11 12:34:04 2023 -0800
+++ b/system.py	Thu Mar 16 17:42:17 2023 -0700
@@ -2,8 +2,6 @@

 from pyinfra import host
 from pyinfra.facts.server import LinuxDistribution
-from pyinfra.facts.files import FindFiles
-from pyinfra.facts.server import Arch
 from pyinfra.operations import apt, files, server, systemd

 is_pi = host.get_fact(LinuxDistribution)['name'] in ['Debian', 'Raspbian GNU/Linux']
@@ -15,38 +13,6 @@
     files.link(path='/etc/localtime', target=f'/usr/share/zoneinfo/{TZ}')
     files.replace(path='/etc/timezone', text='.*', replace=TZ)

-def pkg_keys():
-    # apt.key(keyserver='keyserver.ubuntu.com', keyid='04EE7237B7D453EC')
-    # apt.key(keyserver='keyserver.ubuntu.com', keyid='648ACFD622F3D138')
-    # apt.key(keyserver='keyserver.ubuntu.com', keyid='8B48AD6246925553')
-    # apt.key(keyserver='keyserver.ubuntu.com', keyid='F24AEA9FB05498B7')
-    if host.name != 'prime':
-        apt.key(keyserver='keyserver.ubuntu.com', keyid='D0392EC59F9583BA')
-    apt.key(src='https://dl.google.com/linux/linux_signing_key.pub')
-    apt.key(src='https://ftp-master.debian.org/keys/archive-key-8-security.asc')
-    apt.key(src='https://ftp-master.debian.org/keys/archive-key-8.asc')
-    apt.key(src='https://ftp-master.debian.org/keys/archive-key-9-security.asc')
-    apt.key(src='https://packages.microsoft.com/keys/microsoft.asc')
-    apt.key(src='https://deb.nodesource.com/gpgkey/nodesource.gpg.key')
-
-    # Failed to fetch https://repo.steampowered.com/steam/dists/stable/InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F24AEA9FB05498B7
-
-def apt_sources():
-    if host.get_fact(Arch) == 'x86_64':
-        server.shell(commands=['dpkg --add-architecture i386'])
-
-    files.template(src='templates/sources.list.j2', dest='/etc/apt/sources.list')
-    if host.get_fact(FindFiles, '/etc/apt/sources.list.d/', quote_path=True):
-        raise SystemExit(f"new files in {host.name} /etc/apt/sources.list.d/ - please remove")
-    apt.packages(update=True,
-                cache_time=86400,
-                packages=['tzdata'],
-                force=True,
-                _env={
-                    'TZ': TZ,
-                    'LANG': 'en_US.UTF-8',
-                    'DEBIAN_FRONTEND': 'noninteractive'
-                })

 def fstab():
     fstab_file = f'files/fstab/{host.name}'
@@ -97,8 +63,6 @@

 server.hostname(hostname=host.name)
 timezone()
-pkg_keys()
-apt_sources()
 fstab()

 if not is_pi:
--- a/tasks.py	Sat Mar 11 12:34:04 2023 -0800
+++ b/tasks.py	Thu Mar 16 17:42:17 2023 -0700
@@ -21,6 +21,9 @@
 def system(ctx): _run(ctx, 'system.py')

 @task
+def apt(ctx): _run(ctx, 'apt.py')
+
+@task
 def packages(ctx): _run(ctx, 'packages.py')

 @task
@@ -76,6 +79,7 @@
         'users.py',
         'ssh.py',
         'system.py',
+        'apt.py',
         'packages.py',
         'net.py',
         'dns.py',