diff --git a/ansible/environments/laptop/host_vars/odolinux b/ansible/environments/laptop/host_vars/odolinux index 43ec843..f3b011a 100644 --- a/ansible/environments/laptop/host_vars/odolinux +++ b/ansible/environments/laptop/host_vars/odolinux @@ -18,3 +18,6 @@ zfs_snapshot_datasets: - zroot/linux/archmain/home - zroot/linux/archmain/be graphics_driver: "intel" +build_user: + name: talexander + group: talexander diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index 8ed36af..172ed7e 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -4,6 +4,7 @@ roles: - sudo - users + - package_manager - zrepl - zsh - network @@ -14,3 +15,4 @@ - ntp - build - graphics + - gpg diff --git a/ansible/roles/build/files/aurutils-purge b/ansible/roles/build/files/aurutils-purge new file mode 100755 index 0000000..4622310 --- /dev/null +++ b/ansible/roles/build/files/aurutils-purge @@ -0,0 +1,5 @@ +#!/usr/bin/env bash +# +repo-remove --sign /var/cache/pacman/custom/custom.db.tar "$1" +sudo pacman -R "$1" +sudo paccache -r diff --git a/ansible/roles/build/files/aurutils-sync b/ansible/roles/build/files/aurutils-sync new file mode 100644 index 0000000..ba5fe44 --- /dev/null +++ b/ansible/roles/build/files/aurutils-sync @@ -0,0 +1,8 @@ +#!/usr/bin/env bash +# +# Wrapper script to `aur sync` +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +GPGKEY=27DE40D9B8455C1B exec aur sync --makepkg-conf /etc/aurutils/makepkg.conf -c --sign "$@" diff --git a/ansible/roles/build/files/aurutils.conf b/ansible/roles/build/files/aurutils.conf new file mode 100644 index 0000000..992ef60 --- /dev/null +++ b/ansible/roles/build/files/aurutils.conf @@ -0,0 +1,8 @@ +[options] +CacheDir = /var/cache/pacman/pkg +CacheDir = /var/cache/pacman/custom +CleanMethod = KeepCurrent + +[custom] +SigLevel = Required +Server = file:///var/cache/pacman/custom diff --git a/ansible/roles/build/files/gpg.asc b/ansible/roles/build/files/gpg.asc new file mode 100644 index 0000000..c6de310 --- /dev/null +++ b/ansible/roles/build/files/gpg.asc @@ -0,0 +1,34 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0 +0H+RsWG0HVRvbSBBbGV4YW5kZXIgPHRvbUBmaXp6LmJ1eno+iJAEExYIADgWIQS4 +SBWTY8KHeReVS+En3kDZuEVcGwUCXZwWGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe +AQIXgAAKCRAn3kDZuEVcG9glAQDX3Bzaz9sQpycc40LeLxSKQsWplfJigfr8wWOg +C15TywEAqkTtCrTNsltdZERLMre7qnv/6RSo54OW0C4pdN7UUAa0HlRvbSBBbGV4 +YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A +2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhF +XBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0CuU4m1/MA+gPDKME7syEt +JsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB9Ub20gQWxleGFuZGVyIDx0b21AaGFy +bW9uaWMuYWk+iJAEExYIADgWIQS4SBWTY8KHeReVS+En3kDZuEVcGwUCX7D5RAIb +AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAn3kDZuEVcGzjDAP9pM1ScstOk +ti+oRAsNSk8qsjIsCT9O5voDS0Q7plWlcwD/btKVFO9tPLsXhyvdB+NSwueVs7TA +kRVjlW3hktpefg24OARdnBYaEgorBgEEAZdVAQUBAQdArbTYQgDBMG7EBFTKA6+f +4CWgwl26Lf2b6cyCGfUw2j4DAQgHiHgEGBYIACAWIQS4SBWTY8KHeReVS+En3kDZ +uEVcGwUCXZwWGgIbDAAKCRAn3kDZuEVcG03MAQCrkjrE+MhtvbfGaHGHlwz9QnF0 +Z519YzK8Xr8m0O+09QEA9BFCfkAzBM4D4JKeWJh/tmN9U6UexzLrRdY+W9cugAm4 +MwRdnBbKFgkrBgEEAdpHDwEBB0A/IgvgQaDhPkk72raSlUPLZaMyJfPedlfBhbgY +uhNiSIj1BBgWCAAmAhsCFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+hYFCQe4 +fcwAgXYgBBkWCAAdFiEEgeZEOZZ1UC6xJRa606F5yaU8Dt4FAl2cFsoACgkQ06F5 +yaU8Dt6MngD+Krs3aYyHH6i85ebVESgBI8XeXhgACM4exepw+0UcoYkBAKK4DvV3 +oJD6o1ku6Rr8pUH962SQm8PO9pO2JBBAb6ADCRAn3kDZuEVcG9uAAP43vUsbe24/ +6tjEezAW0a4L2E1u4HNU8t53lolngs1kswEAy1HBdYEMR9TovX/kMeBHLcz1J2pM +VRSV0JnJhj5eZwa4MwRdnBcBFgkrBgEEAdpHDwEBB0BrvpOZa4q6JHVuc1XUVQTq +hDgLwD5SJBvzHSTXPYOZMoh+BBgWCAAmAhsgFiEEuEgVk2PCh3kXlUvhJ95A2bhF +XBsFAl+w+hYFCQe4fZUACgkQJ95A2bhFXBs3NgEA3SFYTgRVstidfoEpEZV4DdSL +kXaOwN3Eyba4UniClyMA/2CCxQt24vu19TyvUtOXWCp9Zi8SyIqoeiXQ4ZmhhnQO +uDgEXZwXKBIKKwYBBAGXVQEFAQEHQA7S3cFTEu6iROopVyF4UBl3hQrEAbOc9CW+ +xXKFZYgSAwEIB4h+BBgWCAAmAhsMFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w ++hcFCQe4fW4ACgkQJ95A2bhFXBtUXAEAyEJCUNVSJ7qvQv5IXuwbYTX2Mh7JU3+F +GJHO7AWBXCQA/2aLAi9kYmz9ba770XYwTeBZIv9Y6UIwIwVmFdYHC/EM +=a/z4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/ansible/roles/build/files/makepkg.conf b/ansible/roles/build/files/makepkg.conf new file mode 100644 index 0000000..f49f92d --- /dev/null +++ b/ansible/roles/build/files/makepkg.conf @@ -0,0 +1,158 @@ +#!/hint/bash +# +# /etc/makepkg.conf +# + +######################################################################### +# SOURCE ACQUISITION +######################################################################### +# +#-- The download utilities that makepkg should use to acquire sources +# Format: 'protocol::agent' +DLAGENTS=('file::/usr/bin/curl -gqC - -o %o %u' + 'ftp::/usr/bin/curl -gqfC - --ftp-pasv --retry 3 --retry-delay 3 -o %o %u' + 'http::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u' + 'https::/usr/bin/curl -gqb "" -fLC - --retry 3 --retry-delay 3 -o %o %u' + 'rsync::/usr/bin/rsync --no-motd -z %u %o' + 'scp::/usr/bin/scp -C %u %o') + +# Other common tools: +# /usr/bin/snarf +# /usr/bin/lftpget -c +# /usr/bin/wget + +#-- The package required by makepkg to download VCS sources +# Format: 'protocol::package' +VCSCLIENTS=('bzr::bzr' + 'fossil::fossil' + 'git::git' + 'hg::mercurial' + 'svn::subversion') + +######################################################################### +# ARCHITECTURE, COMPILE FLAGS +######################################################################### +# +CARCH="x86_64" +CHOST="x86_64-pc-linux-gnu" + +#-- Compiler and Linker Flags +#CPPFLAGS="" +CFLAGS="-march=native -mtune=native -O2 -pipe -fno-plt -fexceptions \ + -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security \ + -fstack-clash-protection -fcf-protection" +CXXFLAGS="$CFLAGS -Wp,-D_GLIBCXX_ASSERTIONS" +LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now" +RUSTFLAGS="-C opt-level=2 -C target-cpu=native" +#-- Make Flags: change this for DistCC/SMP systems +MAKEFLAGS="-j$(nproc)" +#-- Debugging flags +DEBUG_CFLAGS="-g -fvar-tracking-assignments" +DEBUG_CXXFLAGS="-g -fvar-tracking-assignments" +#DEBUG_RUSTFLAGS="-C debuginfo=2" + +######################################################################### +# BUILD ENVIRONMENT +######################################################################### +# +# Makepkg defaults: BUILDENV=(!distcc !color !ccache check !sign) +# A negated environment option will do the opposite of the comments below. +# +#-- distcc: Use the Distributed C/C++/ObjC compiler +#-- color: Colorize output messages +#-- ccache: Use ccache to cache compilation +#-- check: Run the check() function if present in the PKGBUILD +#-- sign: Generate PGP signature file +# +BUILDENV=(!distcc color !ccache check !sign) +# +#-- If using DistCC, your MAKEFLAGS will also need modification. In addition, +#-- specify a space-delimited list of hosts running in the DistCC cluster. +#DISTCC_HOSTS="" +# +#-- Specify a directory for package building. +#BUILDDIR=/tmp/makepkg + +######################################################################### +# GLOBAL PACKAGE OPTIONS +# These are default values for the options=() settings +######################################################################### +# +# Makepkg defaults: OPTIONS=(!strip docs libtool staticlibs emptydirs !zipman !purge !debug !lto) +# A negated option will do the opposite of the comments below. +# +#-- strip: Strip symbols from binaries/libraries +#-- docs: Save doc directories specified by DOC_DIRS +#-- libtool: Leave libtool (.la) files in packages +#-- staticlibs: Leave static library (.a) files in packages +#-- emptydirs: Leave empty directories in packages +#-- zipman: Compress manual (man and info) pages in MAN_DIRS with gzip +#-- purge: Remove files specified by PURGE_TARGETS +#-- debug: Add debugging flags as specified in DEBUG_* variables +#-- lto: Add compile flags for building with link time optimization +# +OPTIONS=(strip docs !libtool !staticlibs emptydirs zipman purge !debug !lto) + +#-- File integrity checks to use. Valid: md5, sha1, sha224, sha256, sha384, sha512, b2 +INTEGRITY_CHECK=(sha256) +#-- Options to be used when stripping binaries. See `man strip' for details. +STRIP_BINARIES="--strip-all" +#-- Options to be used when stripping shared libraries. See `man strip' for details. +STRIP_SHARED="--strip-unneeded" +#-- Options to be used when stripping static libraries. See `man strip' for details. +STRIP_STATIC="--strip-debug" +#-- Manual (man and info) directories to compress (if zipman is specified) +MAN_DIRS=({usr{,/local}{,/share},opt/*}/{man,info}) +#-- Doc directories to remove (if !docs is specified) +DOC_DIRS=(usr/{,local/}{,share/}{doc,gtk-doc} opt/*/{doc,gtk-doc}) +#-- Files to be removed from all packages (if purge is specified) +PURGE_TARGETS=(usr/{,share}/info/dir .packlist *.pod) +#-- Directory to store source code in for debug packages +DBGSRCDIR="/usr/src/debug" + +######################################################################### +# PACKAGE OUTPUT +######################################################################### +# +# Default: put built package and cached source in build directory +# +#-- Destination: specify a fixed directory where all packages will be placed +#PKGDEST=/home/packages +#-- Source cache: specify a fixed directory where source files will be cached +#SRCDEST=/home/sources +#-- Source packages: specify a fixed directory where all src packages will be placed +#SRCPKGDEST=/home/srcpackages +#-- Log files: specify a fixed directory where all log files will be placed +#LOGDEST=/home/makepkglogs +#-- Packager: name/email of the person or organization building packages +#PACKAGER="John Doe " +#-- Specify a key to use for package signing +#GPGKEY="" + +######################################################################### +# COMPRESSION DEFAULTS +######################################################################### +# +COMPRESSGZ=(gzip -c -f -n) +COMPRESSBZ2=(bzip2 -c -f) +COMPRESSXZ=(xz -c -z -) +COMPRESSZST=(zstd -c -z -q --threads=0 -) +COMPRESSLRZ=(lrzip -q) +COMPRESSLZO=(lzop -q) +COMPRESSZ=(compress -c -f) +COMPRESSLZ4=(lz4 -q) +COMPRESSLZ=(lzip -c -f) + +######################################################################### +# EXTENSION DEFAULTS +######################################################################### +# +PKGEXT='.pkg.tar.zst' +SRCEXT='.src.tar.gz' + +######################################################################### +# OTHER +######################################################################### +# +#-- Command used to run pacman as root, instead of trying sudo and su +#PACMAN_AUTH=() diff --git a/ansible/roles/build/files/pacman-custom.conf b/ansible/roles/build/files/pacman-custom.conf new file mode 100644 index 0000000..55b5cf4 --- /dev/null +++ b/ansible/roles/build/files/pacman-custom.conf @@ -0,0 +1,100 @@ +# +# /etc/pacman.conf +# +# See the pacman.conf(5) manpage for option and repository directives + +# +# GENERAL OPTIONS +# +[options] +# The following paths are commented out with their default values listed. +# If you wish to use different paths, uncomment and update the paths. +#RootDir = / +#DBPath = /var/lib/pacman/ +#CacheDir = /var/cache/pacman/pkg/ +#LogFile = /var/log/pacman.log +#GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ +HoldPkg = pacman glibc +#XferCommand = /usr/bin/curl -L -C - -f -o %o %u +#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u +#CleanMethod = KeepInstalled +Architecture = auto + +# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup +#IgnorePkg = +#IgnoreGroup = + +#NoUpgrade = +#NoExtract = + +# Misc options +#UseSyslog +#Color +#TotalDownload +# We cannot check disk space from within a chroot environment +#CheckSpace +#VerbosePkgLists + +# By default, pacman accepts packages signed by keys that its local keyring +# trusts (see pacman-key and its man page), as well as unsigned packages. +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required + +# NOTE: You must run `pacman-key --init` before first using pacman; the local +# keyring can then be populated with the keys of all official Arch Linux +# packagers with `pacman-key --populate archlinux`. + +# +# REPOSITORIES +# - can be defined here or included from another file +# - pacman will search repositories in the order defined here +# - local/custom mirrors can be added here or in separate files +# - repositories listed first will take precedence when packages +# have identical names, regardless of version number +# - URLs will have $repo replaced by the name of the current repo +# - URLs will have $arch replaced by the name of the architecture +# +# Repository entries are of the format: +# [repo-name] +# Server = ServerName +# Include = IncludePath +# +# The header [repo-name] is crucial - it must be present and +# uncommented to enable the repo. +# + +# The testing repositories are disabled by default. To enable, uncomment the +# repo name header and Include lines. You can add preferred servers immediately +# after the header, and they will be used before the default mirrors. + +#[testing] +#Include = /etc/pacman.d/mirrorlist + +[core] +Include = /etc/pacman.d/mirrorlist + +[extra] +Include = /etc/pacman.d/mirrorlist + +#[community-testing] +#Include = /etc/pacman.d/mirrorlist + +[community] +Include = /etc/pacman.d/mirrorlist + +# If you want to run 32 bit applications on your x86_64 system, +# enable the multilib repositories as required here. + +#[multilib-testing] +#Include = /etc/pacman.d/mirrorlist + +[multilib] +Include = /etc/pacman.d/mirrorlist + +# An example of a custom package repository. See the pacman manpage for +# tips on creating your own repositories. +#[custom] +#SigLevel = Optional TrustAll +#Server = file:///home/custompkgs diff --git a/ansible/roles/build/tasks/freebsd.yaml b/ansible/roles/build/tasks/freebsd.yaml index cd662eb..31765b4 100644 --- a/ansible/roles/build/tasks/freebsd.yaml +++ b/ansible/roles/build/tasks/freebsd.yaml @@ -51,8 +51,8 @@ src: "files/{{ item.src }}" dest: "{{ item.dest }}" mode: 0644 - owner: root - group: wheel + owner: "{{ build_user.name }}" + group: "{{ build_user.group }}" loop: - src: CUSTOM dest: /usr/src/sys/amd64/conf/CUSTOM @@ -62,8 +62,8 @@ src: "templates/{{ item.src }}.j2" dest: "{{ item.dest }}" mode: 0644 - owner: "{{ build_user.name }}" - group: "{{ build_user.group }}" + owner: root + group: wheel loop: - src: src.conf dest: /etc/src.conf diff --git a/ansible/roles/build/tasks/linux.yaml b/ansible/roles/build/tasks/linux.yaml index e1835f0..5e7a341 100644 --- a/ansible/roles/build/tasks/linux.yaml +++ b/ansible/roles/build/tasks/linux.yaml @@ -1,6 +1,132 @@ -# - name: Install packages -# pacman: -# name: -# - foo -# state: present -# update_cache: true +- include_role: + name: per_user + apply: + become: yes + become_user: "{{ build_user.name }}" + +- name: Install packages + pacman: + name: + - gnupg + - devtools + - base-devel + - vifm + - vim + state: present + update_cache: true + +- name: Extract aurutils aur entry + become_user: "{{ build_user.name }}" + unarchive: + src: https://aur.archlinux.org/cgit/aur.git/snapshot/aurutils.tar.gz + dest: "/home/{{ build_user.name }}/.config/ansible_deploy/" + remote_src: yes + creates: "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils" + +- name: Check trusted gpg keys + command: pacman-key -l + register: pacmankeys + changed_when: false + check_mode: no + no_log: true + +- name: Trust the signing key for the aurutils package + command: pacman-key --recv-keys DBE7D3DD8C81D58D0A13D0E76BC26A17B9B7018A + when: '"DBE7D3DD8C81D58D0A13D0E76BC26A17B9B7018A" not in pacmankeys.stdout' + +- name: Trust my signing key + command: pacman-key -a - + args: + stdin: "{{ lookup('file', 'gpg.asc') }}" + when: '"B848159363C2877917954BE127DE40D9B8455C1B" not in pacmankeys.stdout' + register: my_key_imported + +- name: Sign my signing key + command: pacman-key --lsign-key "B848159363C2877917954BE127DE40D9B8455C1B" + when: my_key_imported.changed + +- name: Build the aurutils package + become_user: "{{ build_user.name }}" + command: makepkg -s --noconfirm + args: + chdir: "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils" + creates: "/home/{{ build_user.name }}/.config/ansible_deploy/aurutils/aurutils-*-any.pkg.tar.*" + +- name: Install aurutils + shell: "pacman --noconfirm -U /home/{{ build_user.name }}/.config/ansible_deploy/aurutils/aurutils-*-any.pkg.tar.*" + args: + creates: /usr/bin/aur + +- name: Create owned directories + file: + name: "{{ item }}" + state: directory + owner: "{{ build_user.name }}" + group: "{{ build_user.group }}" + mode: 0755 + loop: + - /var/cache/pacman/custom + +- name: Create directories + file: + name: "{{ item }}" + state: directory + owner: root + group: root + mode: 0755 + loop: + - /etc/aurutils + +- name: Install configs + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: root + loop: + - src: aurutils.conf + dest: /etc/pacman.d/conf.d/ + - src: pacman-custom.conf + dest: /etc/aurutils/ + - src: makepkg.conf + dest: /etc/aurutils/ + +- name: Create custom repo db + command: repo-add --sign /var/cache/pacman/custom/custom.db.tar + become: true + become_user: "{{ build_user.name }}" + args: + creates: /var/cache/pacman/custom/custom.db.tar + +- name: Install scripts + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + owner: root + group: root + loop: + - src: aurutils-purge + dest: /usr/local/bin/aurutils-purge + - src: aurutils-sync + dest: /usr/local/bin/aurutils-sync + +- name: build aurutils inside aurutils + become_user: "{{ build_user.name }}" + command: aurutils-sync --no-view aurutils + args: + creates: "/var/cache/pacman/custom/aurutils-*-any.pkg.tar.*" + register: buildaurutils + +- name: Install aurutils + command: pacman -Syy aurutils + when: buildaurutils.changed + +- name: chown the custom package db + file: + path: "{{ item }}" + owner: "{{ build_user.name }}" + state: file + loop: + - /var/cache/pacman/custom/custom.db diff --git a/ansible/roles/gpg/files/gpg-agent.conf b/ansible/roles/gpg/files/gpg-agent.conf new file mode 100644 index 0000000..1679e6d --- /dev/null +++ b/ansible/roles/gpg/files/gpg-agent.conf @@ -0,0 +1,6 @@ +enable-ssh-support +write-env-file +use-standard-socket +default-cache-ttl 600 +max-cache-ttl 7200 +display :0 diff --git a/ansible/roles/gpg/files/gpg.asc b/ansible/roles/gpg/files/gpg.asc new file mode 100644 index 0000000..c6de310 --- /dev/null +++ b/ansible/roles/gpg/files/gpg.asc @@ -0,0 +1,34 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0 +0H+RsWG0HVRvbSBBbGV4YW5kZXIgPHRvbUBmaXp6LmJ1eno+iJAEExYIADgWIQS4 +SBWTY8KHeReVS+En3kDZuEVcGwUCXZwWGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe +AQIXgAAKCRAn3kDZuEVcG9glAQDX3Bzaz9sQpycc40LeLxSKQsWplfJigfr8wWOg +C15TywEAqkTtCrTNsltdZERLMre7qnv/6RSo54OW0C4pdN7UUAa0HlRvbSBBbGV4 +YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A +2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhF +XBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0CuU4m1/MA+gPDKME7syEt +JsTpELEMrxWWpDW0tD/W1iJE7roGYPQPtB9Ub20gQWxleGFuZGVyIDx0b21AaGFy +bW9uaWMuYWk+iJAEExYIADgWIQS4SBWTY8KHeReVS+En3kDZuEVcGwUCX7D5RAIb +AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRAn3kDZuEVcGzjDAP9pM1ScstOk +ti+oRAsNSk8qsjIsCT9O5voDS0Q7plWlcwD/btKVFO9tPLsXhyvdB+NSwueVs7TA +kRVjlW3hktpefg24OARdnBYaEgorBgEEAZdVAQUBAQdArbTYQgDBMG7EBFTKA6+f +4CWgwl26Lf2b6cyCGfUw2j4DAQgHiHgEGBYIACAWIQS4SBWTY8KHeReVS+En3kDZ +uEVcGwUCXZwWGgIbDAAKCRAn3kDZuEVcG03MAQCrkjrE+MhtvbfGaHGHlwz9QnF0 +Z519YzK8Xr8m0O+09QEA9BFCfkAzBM4D4JKeWJh/tmN9U6UexzLrRdY+W9cugAm4 +MwRdnBbKFgkrBgEEAdpHDwEBB0A/IgvgQaDhPkk72raSlUPLZaMyJfPedlfBhbgY +uhNiSIj1BBgWCAAmAhsCFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w+hYFCQe4 +fcwAgXYgBBkWCAAdFiEEgeZEOZZ1UC6xJRa606F5yaU8Dt4FAl2cFsoACgkQ06F5 +yaU8Dt6MngD+Krs3aYyHH6i85ebVESgBI8XeXhgACM4exepw+0UcoYkBAKK4DvV3 +oJD6o1ku6Rr8pUH962SQm8PO9pO2JBBAb6ADCRAn3kDZuEVcG9uAAP43vUsbe24/ +6tjEezAW0a4L2E1u4HNU8t53lolngs1kswEAy1HBdYEMR9TovX/kMeBHLcz1J2pM +VRSV0JnJhj5eZwa4MwRdnBcBFgkrBgEEAdpHDwEBB0BrvpOZa4q6JHVuc1XUVQTq +hDgLwD5SJBvzHSTXPYOZMoh+BBgWCAAmAhsgFiEEuEgVk2PCh3kXlUvhJ95A2bhF +XBsFAl+w+hYFCQe4fZUACgkQJ95A2bhFXBs3NgEA3SFYTgRVstidfoEpEZV4DdSL +kXaOwN3Eyba4UniClyMA/2CCxQt24vu19TyvUtOXWCp9Zi8SyIqoeiXQ4ZmhhnQO +uDgEXZwXKBIKKwYBBAGXVQEFAQEHQA7S3cFTEu6iROopVyF4UBl3hQrEAbOc9CW+ +xXKFZYgSAwEIB4h+BBgWCAAmAhsMFiEEuEgVk2PCh3kXlUvhJ95A2bhFXBsFAl+w ++hcFCQe4fW4ACgkQJ95A2bhFXBtUXAEAyEJCUNVSJ7qvQv5IXuwbYTX2Mh7JU3+F +GJHO7AWBXCQA/2aLAi9kYmz9ba770XYwTeBZIv9Y6UIwIwVmFdYHC/EM +=a/z4 +-----END PGP PUBLIC KEY BLOCK----- diff --git a/ansible/roles/gpg/files/gpg.conf b/ansible/roles/gpg/files/gpg.conf new file mode 100644 index 0000000..8788234 --- /dev/null +++ b/ansible/roles/gpg/files/gpg.conf @@ -0,0 +1,90 @@ +# +# This is an implementation of the Riseup OpenPGP Best Practices +# https://help.riseup.net/en/security/message-security/openpgp/best-practices +# + + +#----------------------------- +# default key +#----------------------------- + +# The default key to sign with. If this option is not used, the default key is +# the first key found in the secret keyring + +#default-key 0xD8692123C4065DEA5E0F3AB5249B39D24F25E3B6 + + +#----------------------------- +# behavior +#----------------------------- + +# Disable inclusion of the version string in ASCII armored output +no-emit-version + +# Disable comment string in clear text signatures and ASCII armored messages +no-comments + +# Display long key IDs +keyid-format 0xlong + +# List all keys (or the specified ones) along with their fingerprints +with-fingerprint + +# Display the calculated validity of user IDs during key listings +list-options show-uid-validity +verify-options show-uid-validity + +# Try to use the GnuPG-Agent. With this option, GnuPG first tries to connect to +# the agent before it asks for a passphrase. +use-agent + + +#----------------------------- +# keyserver +#----------------------------- + +# This is the server that --recv-keys, --send-keys, and --search-keys will +# communicate with to receive keys from, send keys to, and search for keys on +#keyserver hkps://hkps.pool.sks-keyservers.net + +# Provide a certificate store to override the system default +# Get this from https://sks-keyservers.net/sks-keyservers.netCA.pem +#keyserver-options ca-cert-file=/usr/local/etc/ssl/certs/hkps.pool.sks-keyservers.net.pem + +# Set the proxy to use for HTTP and HKP keyservers - default to the standard +# local Tor socks proxy +# It is encouraged to use Tor for improved anonymity. Preferrably use either a +# dedicated SOCKSPort for GnuPG and/or enable IsolateDestPort and +# IsolateDestAddr +#keyserver-options http-proxy=socks5-hostname://127.0.0.1:9050 + +# Don't leak DNS, see https://trac.torproject.org/projects/tor/ticket/2846 +# keyserver-options no-try-dns-srv + +# When using --refresh-keys, if the key in question has a preferred keyserver +# URL, then disable use of that preferred keyserver to refresh the key from +# keyserver-options no-honor-keyserver-url + +# When searching for a key with --search-keys, include keys that are marked on +# the keyserver as revoked +# keyserver-options include-revoked + + +#----------------------------- +# algorithm and ciphers +#----------------------------- + +# list of personal digest preferences. When multiple digests are supported by +# all recipients, choose the strongest one +personal-cipher-preferences AES256 AES192 AES CAST5 + +# list of personal digest preferences. When multiple ciphers are supported by +# all recipients, choose the strongest one +personal-digest-preferences SHA512 SHA384 SHA256 SHA224 + +# message digest algorithm used when signing a key +cert-digest-algo SHA512 + +# This preference list is used for new keys and becomes the default for +# "setpref" in the edit menu +default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed diff --git a/ansible/roles/gpg/files/pcscd.conf b/ansible/roles/gpg/files/pcscd.conf new file mode 100644 index 0000000..78755be --- /dev/null +++ b/ansible/roles/gpg/files/pcscd.conf @@ -0,0 +1,8 @@ +attach 100 { + device-name "ugen[0-9]+"; + action "/usr/local/sbin/pcscd -H"; +}; +detach 100 { + device-name "ugen[0-9]+"; + action "/usr/local/sbin/pcscd -H"; +}; \ No newline at end of file diff --git a/ansible/roles/gpg/files/pcscd_rc.conf b/ansible/roles/gpg/files/pcscd_rc.conf new file mode 100644 index 0000000..729f279 --- /dev/null +++ b/ansible/roles/gpg/files/pcscd_rc.conf @@ -0,0 +1 @@ +pcscd_enable="YES" diff --git a/ansible/roles/gpg/files/scdaemon.conf b/ansible/roles/gpg/files/scdaemon.conf new file mode 100644 index 0000000..eb818dd --- /dev/null +++ b/ansible/roles/gpg/files/scdaemon.conf @@ -0,0 +1 @@ +disable-ccid diff --git a/ansible/roles/gpg/files/yubikey_relearn_keys b/ansible/roles/gpg/files/yubikey_relearn_keys new file mode 100644 index 0000000..730560e --- /dev/null +++ b/ansible/roles/gpg/files/yubikey_relearn_keys @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# +# GPG associates token serial numbers with keys. When switching to +# another hardware token, run this script to associate the new token +# with the keys. +set -euo pipefail +IFS=$'\n\t' +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" + +gpg-connect-agent "scd serialno" "learn --force" /bye diff --git a/ansible/roles/gpg/meta/main.yaml b/ansible/roles/gpg/meta/main.yaml new file mode 100644 index 0000000..655446a --- /dev/null +++ b/ansible/roles/gpg/meta/main.yaml @@ -0,0 +1,2 @@ +dependencies: + - users diff --git a/ansible/roles/gpg/tasks/common.yaml b/ansible/roles/gpg/tasks/common.yaml new file mode 100644 index 0000000..d7c1735 --- /dev/null +++ b/ansible/roles/gpg/tasks/common.yaml @@ -0,0 +1,14 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/gpg/tasks/freebsd.yaml b/ansible/roles/gpg/tasks/freebsd.yaml new file mode 100644 index 0000000..ef1c0ea --- /dev/null +++ b/ansible/roles/gpg/tasks/freebsd.yaml @@ -0,0 +1,52 @@ +- name: Install packages + package: + name: + - gnupg + - pcsc-tools + - ccid + # - linux_libusb + - pinentry + - pinentry-qt5 + state: present + +- name: Create directories + file: + name: "{{ item }}" + state: directory + mode: 0755 + owner: root + group: wheel + loop: + - /usr/local/etc/devd + +- name: Install service configuration + copy: + src: "files/{{ item }}_rc.conf" + dest: "/etc/rc.conf.d/{{ item }}" + mode: 0644 + owner: root + group: wheel + loop: + - pcscd + +- name: Install devd Configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: wheel + loop: + - src: pcscd.conf + dest: /usr/local/etc/devd/pcscd.conf + +- name: Install devd Configuration + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0644 + owner: root + group: wheel + loop: + - src: pcscd.conf + dest: /usr/local/etc/devd/pcscd.conf diff --git a/ansible/roles/gpg/tasks/linux.yaml b/ansible/roles/gpg/tasks/linux.yaml new file mode 100644 index 0000000..80ed12d --- /dev/null +++ b/ansible/roles/gpg/tasks/linux.yaml @@ -0,0 +1,29 @@ +- name: Install packages + package: + name: + - gnupg + - pcsc-tools + - ccid + - libusb-compat + - pinentry + state: present + +- name: Enable pcscd + systemd: + name: "{{ item }}" + state: started + enabled: yes + daemon_reload: yes + loop: + - pcscd.socket + +- name: Install scripts + copy: + src: "files/{{ item.src }}" + dest: "{{ item.dest }}" + mode: 0755 + owner: "{{ build_user.name }}" + group: "{{ build_user.group }}" + loop: + - src: yubikey_relearn_keys + dest: /usr/local/bin/yubikey_relearn_keys diff --git a/ansible/roles/gpg/tasks/main.yaml b/ansible/roles/gpg/tasks/main.yaml new file mode 100644 index 0000000..5c1df6c --- /dev/null +++ b/ansible/roles/gpg/tasks/main.yaml @@ -0,0 +1 @@ +- import_tasks: tasks/common.yaml diff --git a/ansible/roles/gpg/tasks/peruser.yaml b/ansible/roles/gpg/tasks/peruser.yaml new file mode 100644 index 0000000..3855611 --- /dev/null +++ b/ansible/roles/gpg/tasks/peruser.yaml @@ -0,0 +1,43 @@ +- include_role: + name: per_user + +- name: Create gpg config directory + file: + name: "{{ account_homedir.stdout }}/.gnupg" + state: directory + mode: 0700 + owner: "{{ account_name.stdout }}" + group: "{{ group_name.stdout }}" + +- name: Copy files + copy: + src: "files/{{ item.src }}" + dest: "{{ account_homedir.stdout }}/{{ item.dest }}" + mode: 0600 + owner: "{{ account_name.stdout }}" + group: "{{ group_name.stdout }}" + loop: + - src: gpg.conf + dest: .gnupg/gpg.conf + - src: gpg-agent.conf + dest: .gnupg/gpg-agent.conf + - src: scdaemon.conf + dest: .gnupg/scdaemon.conf + +- name: Check trusted gpg keys + command: gpg --list-public-keys --keyid-format LONG + register: gpgkeys + changed_when: false + check_mode: no + +- name: Import public key for yubikey + command: gpg --import + when: '"cv25519/B0B50C7FDDE009E5" not in gpgkeys.stdout' + args: + stdin: "{{ lookup('file', 'gpg.asc') }}" + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/gpg/tasks/peruser_freebsd.yaml b/ansible/roles/gpg/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/gpg/tasks/peruser_linux.yaml b/ansible/roles/gpg/tasks/peruser_linux.yaml new file mode 100644 index 0000000..f38d273 --- /dev/null +++ b/ansible/roles/gpg/tasks/peruser_linux.yaml @@ -0,0 +1,10 @@ +- name: Enable the gpg user agent + systemd: + name: "{{ item }}" + state: started + enabled: yes + daemon_reload: yes + scope: user + loop: + - gpg-agent.socket + - gpg-agent-ssh.socket diff --git a/ansible/roles/package_manager/files/freeze_firefox.conf b/ansible/roles/package_manager/files/freeze_firefox.conf new file mode 100644 index 0000000..b82f82a --- /dev/null +++ b/ansible/roles/package_manager/files/freeze_firefox.conf @@ -0,0 +1,2 @@ +[options] +IgnorePkg = firefox-developer-edition diff --git a/ansible/roles/package_manager/files/mirrorlist b/ansible/roles/package_manager/files/mirrorlist new file mode 100644 index 0000000..49407bb --- /dev/null +++ b/ansible/roles/package_manager/files/mirrorlist @@ -0,0 +1,602 @@ +# Server list generated by rankmirrors on 2021-11-11 +## +## Arch Linux repository mirrorlist +## Generated on 2021-08-22 +## +## Worldwide +#Server = http://mirror.rackspace.com/archlinux/$repo/os/$arch +#Server = https://mirror.rackspace.com/archlinux/$repo/os/$arch +## Australia +#Server = https://mirror.aarnet.edu.au/pub/archlinux/$repo/os/$arch +#Server = http://archlinux.mirror.digitalpacific.com.au/$repo/os/$arch +#Server = https://archlinux.mirror.digitalpacific.com.au/$repo/os/$arch +#Server = http://ftp.iinet.net.au/pub/archlinux/$repo/os/$arch +#Server = http://mirror.internode.on.net/pub/archlinux/$repo/os/$arch +#Server = http://mirror.launtel.net.au/repo/arch/$repo/os/$arch +#Server = https://mirror.launtel.net.au/repo/arch/$repo/os/$arch +#Server = http://arch.lucassymons.net/$repo/os/$arch +#Server = https://arch.lucassymons.net/$repo/os/$arch +#Server = http://syd.mirror.rackspace.com/archlinux/$repo/os/$arch +#Server = https://syd.mirror.rackspace.com/archlinux/$repo/os/$arch +#Server = http://ftp.swin.edu.au/archlinux/$repo/os/$arch +## Austria +#Server = http://mirror.digitalnova.at/archlinux/$repo/os/$arch +#Server = http://mirror.easyname.at/archlinux/$repo/os/$arch +#Server = http://mirror.reisenbauer.ee/archlinux/$repo/os/$arch +#Server = https://mirror.reisenbauer.ee/archlinux/$repo/os/$arch +## Bangladesh +#Server = http://mirror.xeonbd.com/archlinux/$repo/os/$arch +## Belarus +#Server = http://ftp.byfly.by/pub/archlinux/$repo/os/$arch +#Server = http://mirror.datacenter.by/pub/archlinux/$repo/os/$arch +## Belgium +#Server = http://archlinux.cu.be/$repo/os/$arch +#Server = http://archlinux.mirror.kangaroot.net/$repo/os/$arch +#Server = http://mirror.tiguinet.net/arch/$repo/os/$arch +## Bosnia and Herzegovina +#Server = http://archlinux.mirror.ba/$repo/os/$arch +## Brazil +#Server = http://br.mirror.archlinux-br.org/$repo/os/$arch +#Server = http://archlinux.c3sl.ufpr.br/$repo/os/$arch +#Server = http://www.caco.ic.unicamp.br/archlinux/$repo/os/$arch +#Server = https://www.caco.ic.unicamp.br/archlinux/$repo/os/$arch +#Server = http://linorg.usp.br/archlinux/$repo/os/$arch +#Server = http://archlinux.pop-es.rnp.br/$repo/os/$arch +#Server = http://mirror.ufam.edu.br/archlinux/$repo/os/$arch +#Server = http://mirror.ufscar.br/archlinux/$repo/os/$arch +## Bulgaria +#Server = https://mirror.darklinux.uk/archlinux/$repo/os/$arch +#Server = http://mirror.host.ag/archlinux/$repo/os/$arch +#Server = http://mirrors.netix.net/archlinux/$repo/os/$arch +#Server = http://mirror.telepoint.bg/archlinux/$repo/os/$arch +#Server = https://mirror.telepoint.bg/archlinux/$repo/os/$arch +#Server = http://mirrors.uni-plovdiv.net/archlinux/$repo/os/$arch +#Server = https://mirrors.uni-plovdiv.net/archlinux/$repo/os/$arch +## Canada +#Server = https://mirror.0xem.ma/arch/$repo/os/$arch +#Server = http://mirror.cedille.club/archlinux/$repo/os/$arch +#Server = http://archlinux.mirror.colo-serv.net/$repo/os/$arch +#Server = http://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch +#Server = https://mirror.csclub.uwaterloo.ca/archlinux/$repo/os/$arch +#Server = http://mirror2.evolution-host.com/archlinux/$repo/os/$arch +#Server = https://mirror2.evolution-host.com/archlinux/$repo/os/$arch +#Server = http://mirror.its.dal.ca/archlinux/$repo/os/$arch +#Server = http://muug.ca/mirror/archlinux/$repo/os/$arch +#Server = https://muug.ca/mirror/archlinux/$repo/os/$arch +#Server = http://arch.powerfly.ca/$repo/os/$arch +#Server = https://arch.powerfly.ca/$repo/os/$arch +#Server = http://archlinux.mirror.rafal.ca/$repo/os/$arch +#Server = http://mirror.scd31.com/arch/$repo/os/$arch +#Server = https://mirror.scd31.com/arch/$repo/os/$arch +#Server = http://mirror.sergal.org/archlinux/$repo/os/$arch +#Server = https://mirror.sergal.org/archlinux/$repo/os/$arch +## Chile +#Server = http://mirror.anquan.cl/archlinux/$repo/os/$arch +#Server = http://mirror.archlinux.cl/$repo/os/$arch +#Server = http://mirror1.cl.netactuate.com/archlinux/$repo/os/$arch +#Server = https://mirror1.cl.netactuate.com/archlinux/$repo/os/$arch +#Server = http://mirror.ufro.cl/archlinux/$repo/os/$arch +#Server = https://mirror.ufro.cl/archlinux/$repo/os/$arch +## China +#Server = http://mirrors.163.com/archlinux/$repo/os/$arch +#Server = http://mirrors.bfsu.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.bfsu.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.cqu.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.cqu.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.dgut.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.dgut.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.hit.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.hit.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirror.lzu.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.neusoft.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.neusoft.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.nju.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.nju.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirror.redrock.team/archlinux/$repo/os/$arch +#Server = https://mirror.redrock.team/archlinux/$repo/os/$arch +#Server = https://mirrors.sjtug.sjtu.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.tuna.tsinghua.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.tuna.tsinghua.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.ustc.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.wsyu.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.wsyu.edu.cn/archlinux/$repo/os/$arch +#Server = https://mirrors.xjtu.edu.cn/archlinux/$repo/os/$arch +#Server = http://mirrors.zju.edu.cn/archlinux/$repo/os/$arch +## Colombia +#Server = http://mirrors.udenar.edu.co/archlinux/$repo/os/$arch +## Croatia +#Server = http://archlinux.iskon.hr/$repo/os/$arch +## Czechia +#Server = http://mirror.dkm.cz/archlinux/$repo/os/$arch +#Server = https://mirror.dkm.cz/archlinux/$repo/os/$arch +#Server = https://europe.mirror.pkgbuild.com/$repo/os/$arch +#Server = http://ftp.fi.muni.cz/pub/linux/arch/$repo/os/$arch +#Server = http://ftp.linux.cz/pub/linux/arch/$repo/os/$arch +#Server = http://gluttony.sin.cvut.cz/arch/$repo/os/$arch +#Server = https://gluttony.sin.cvut.cz/arch/$repo/os/$arch +#Server = http://mirrors.nic.cz/archlinux/$repo/os/$arch +#Server = http://ftp.sh.cvut.cz/arch/$repo/os/$arch +#Server = https://ftp.sh.cvut.cz/arch/$repo/os/$arch +#Server = http://mirror.vpsfree.cz/archlinux/$repo/os/$arch +## Denmark +#Server = http://mirrors.dotsrc.org/archlinux/$repo/os/$arch +#Server = https://mirrors.dotsrc.org/archlinux/$repo/os/$arch +#Server = http://mirror.one.com/archlinux/$repo/os/$arch +#Server = https://mirror.one.com/archlinux/$repo/os/$arch +## Ecuador +#Server = http://mirror.cedia.org.ec/archlinux/$repo/os/$arch +#Server = http://mirror.espoch.edu.ec/archlinux/$repo/os/$arch +#Server = http://mirror.uta.edu.ec/archlinux/$repo/os/$arch +## Estonia +#Server = http://mirror.cspacehostings.com/archlinux/$repo/os/$arch +#Server = https://mirror.cspacehostings.com/archlinux/$repo/os/$arch +#Server = http://mirrors.xtom.ee/archlinux/$repo/os/$arch +#Server = https://mirrors.xtom.ee/archlinux/$repo/os/$arch +## Finland +#Server = https://arch.mcstrugs.org/$repo/os/$arch +#Server = http://mirror.arctic.lol/ArchMirror/$repo/os/$arch +#Server = http://arch.mirror.far.fi/$repo/os/$arch +#Server = http://mirror.hosthink.net/archlinux/$repo/os/$arch +#Server = https://mirror.srv.fail/archlinux/$repo/os/$arch +#Server = http://mirror.wuki.li/archlinux/$repo/os/$arch +#Server = https://mirror.wuki.li/archlinux/$repo/os/$arch +#Server = http://arch.yhtez.xyz/$repo/os/$arch +#Server = https://arch.yhtez.xyz/$repo/os/$arch +## France +#Server = http://archlinux.de-labrusse.fr/$repo/os/$arch +#Server = http://mirror.archlinux.ikoula.com/archlinux/$repo/os/$arch +#Server = https://archlinux.vi-di.fr/$repo/os/$arch +#Server = http://archlinux.mirrors.benatherton.com/$repo/os/$arch +#Server = http://mirror.cyberbits.eu/archlinux/$repo/os/$arch +#Server = https://mirror.cyberbits.eu/archlinux/$repo/os/$arch +#Server = http://archlinux.datagr.am/$repo/os/$arch +#Server = https://mirrors.eric.ovh/arch/$repo/os/$arch +#Server = http://mirror.ibcp.fr/pub/archlinux/$repo/os/$arch +#Server = http://mirror.lastmikoi.net/archlinux/$repo/os/$arch +#Server = https://arch-mirror.cloud.louifox.house/$repo/os/$arch +#Server = http://archlinux.mailtunnel.eu/$repo/os/$arch +#Server = https://archlinux.mailtunnel.eu/$repo/os/$arch +#Server = http://mir.archlinux.fr/$repo/os/$arch +#Server = http://mirrors.celianvdb.fr/archlinux/$repo/os/$arch +#Server = https://mirrors.celianvdb.fr/archlinux/$repo/os/$arch +#Server = http://arch.nimukaito.net/$repo/os/$arch +#Server = https://arch.nimukaito.net/$repo/os/$arch +#Server = http://mirror.oldsql.cc/archlinux/$repo/os/$arch +#Server = https://mirror.oldsql.cc/archlinux/$repo/os/$arch +#Server = http://archlinux.mirrors.ovh.net/archlinux/$repo/os/$arch +#Server = http://archlinux.polymorf.fr/$repo/os/$arch +#Server = http://archlinux.rezopole.net/$repo/os/$arch +#Server = https://mirrors.slaanesh.org/archlinux/$repo/os/$arch +#Server = http://mirrors.standaloneinstaller.com/archlinux/$repo/os/$arch +#Server = https://mirror.sysa.tech/archlinux/$repo/os/$arch +#Server = https://mirror.thekinrar.fr/archlinux/$repo/os/$arch +#Server = http://ftp.u-strasbg.fr/linux/distributions/archlinux/$repo/os/$arch +#Server = https://mirror.wormhole.eu/archlinux/$repo/os/$arch +#Server = http://mirroir.wptheme.fr/archlinux/$repo/os/$arch +#Server = https://mirroir.wptheme.fr/archlinux/$repo/os/$arch +#Server = http://arch.yourlabs.org/$repo/os/$arch +#Server = https://arch.yourlabs.org/$repo/os/$arch +## Georgia +#Server = http://archlinux.grena.ge/$repo/os/$arch +#Server = https://archlinux.grena.ge/$repo/os/$arch +## Germany +#Server = http://mirror.23m.com/archlinux/$repo/os/$arch +#Server = https://mirror.23m.com/archlinux/$repo/os/$arch +#Server = http://ftp.agdsn.de/pub/mirrors/archlinux/$repo/os/$arch +#Server = https://ftp.agdsn.de/pub/mirrors/archlinux/$repo/os/$arch +#Server = https://appuals.com/archlinux/$repo/os/$arch +#Server = http://artfiles.org/archlinux.org/$repo/os/$arch +#Server = https://mirror.bethselamin.de/$repo/os/$arch +#Server = http://mirror.chaoticum.net/arch/$repo/os/$arch +#Server = https://mirror.chaoticum.net/arch/$repo/os/$arch +#Server = http://mirror.checkdomain.de/archlinux/$repo/os/$arch +#Server = https://mirror.checkdomain.de/archlinux/$repo/os/$arch +#Server = http://mirror.clientvps.com/archlinux/$repo/os/$arch +#Server = https://mirror.clientvps.com/archlinux/$repo/os/$arch +#Server = https://mirror.dogado.de/archlinux/$repo/os/$arch +#Server = http://mirror.f4st.host/archlinux/$repo/os/$arch +#Server = https://mirror.f4st.host/archlinux/$repo/os/$arch +#Server = http://ftp.fau.de/archlinux/$repo/os/$arch +#Server = https://ftp.fau.de/archlinux/$repo/os/$arch +#Server = https://pkg.fef.moe/archlinux/$repo/os/$arch +#Server = https://dist-mirror.fem.tu-ilmenau.de/archlinux/$repo/os/$arch +#Server = http://mirror.fsrv.services/archlinux/$repo/os/$arch +#Server = https://mirror.fsrv.services/archlinux/$repo/os/$arch +#Server = https://mirror.gnomus.de/$repo/os/$arch +#Server = http://www.gutscheindrache.com/mirror/archlinux/$repo/os/$arch +#Server = http://ftp.gwdg.de/pub/linux/archlinux/$repo/os/$arch +#Server = http://archlinux.honkgong.info/$repo/os/$arch +#Server = http://ftp.hosteurope.de/mirror/ftp.archlinux.org/$repo/os/$arch +#Server = http://ftp-stud.hs-esslingen.de/pub/Mirrors/archlinux/$repo/os/$arch +#Server = http://archlinux.mirror.iphh.net/$repo/os/$arch +#Server = http://arch.jensgutermuth.de/$repo/os/$arch +#Server = https://arch.jensgutermuth.de/$repo/os/$arch +#Server = http://mirror.kumi.systems/archlinux/$repo/os/$arch +#Server = https://mirror.kumi.systems/archlinux/$repo/os/$arch +#Server = http://mirror.fra10.de.leaseweb.net/archlinux/$repo/os/$arch +#Server = https://mirror.fra10.de.leaseweb.net/archlinux/$repo/os/$arch +#Server = http://mirror.metalgamer.eu/archlinux/$repo/os/$arch +#Server = https://mirror.metalgamer.eu/archlinux/$repo/os/$arch +#Server = http://mirror.mikrogravitation.org/archlinux/$repo/os/$arch +#Server = https://mirror.mikrogravitation.org/archlinux/$repo/os/$arch +#Server = https://mirror.pkgbuild.com/$repo/os/$arch +#Server = http://mirror.moson.org/arch/$repo/os/$arch +#Server = https://mirror.moson.org/arch/$repo/os/$arch +#Server = http://mirrors.n-ix.net/archlinux/$repo/os/$arch +#Server = https://mirrors.n-ix.net/archlinux/$repo/os/$arch +#Server = http://mirror.netcologne.de/archlinux/$repo/os/$arch +#Server = https://mirror.netcologne.de/archlinux/$repo/os/$arch +#Server = http://mirrors.niyawe.de/archlinux/$repo/os/$arch +#Server = https://mirrors.niyawe.de/archlinux/$repo/os/$arch +#Server = http://mirror.orbit-os.com/archlinux/$repo/os/$arch +#Server = https://mirror.orbit-os.com/archlinux/$repo/os/$arch +#Server = http://packages.oth-regensburg.de/archlinux/$repo/os/$arch +#Server = https://packages.oth-regensburg.de/archlinux/$repo/os/$arch +#Server = http://phinau.de/arch/$repo/os/$arch +#Server = https://phinau.de/arch/$repo/os/$arch +#Server = https://mirror.pseudoform.org/$repo/os/$arch +#Server = https://www.ratenzahlung.de/mirror/archlinux/$repo/os/$arch +#Server = http://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch +#Server = https://ftp.halifax.rwth-aachen.de/archlinux/$repo/os/$arch +#Server = http://linux.rz.rub.de/archlinux/$repo/os/$arch +#Server = http://mirror.satis-faction.de/archlinux/$repo/os/$arch +#Server = https://mirror.satis-faction.de/archlinux/$repo/os/$arch +#Server = http://mirror.selfnet.de/archlinux/$repo/os/$arch +#Server = https://mirror.selfnet.de/archlinux/$repo/os/$arch +#Server = http://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch +#Server = https://ftp.spline.inf.fu-berlin.de/mirrors/archlinux/$repo/os/$arch +#Server = http://archlinux.thaller.ws/$repo/os/$arch +#Server = https://archlinux.thaller.ws/$repo/os/$arch +#Server = http://ftp.tu-chemnitz.de/pub/linux/archlinux/$repo/os/$arch +#Server = http://mirror.ubrco.de/archlinux/$repo/os/$arch +#Server = https://mirror.ubrco.de/archlinux/$repo/os/$arch +#Server = http://mirror.undisclose.de/archlinux/$repo/os/$arch +#Server = https://mirror.undisclose.de/archlinux/$repo/os/$arch +#Server = http://ftp.uni-bayreuth.de/linux/archlinux/$repo/os/$arch +#Server = http://ftp.uni-hannover.de/archlinux/$repo/os/$arch +#Server = http://ftp.uni-kl.de/pub/linux/archlinux/$repo/os/$arch +#Server = http://mirror.united-gameserver.de/archlinux/$repo/os/$arch +#Server = https://arch.unixpeople.org/$repo/os/$arch +#Server = http://ftp.wrz.de/pub/archlinux/$repo/os/$arch +#Server = https://ftp.wrz.de/pub/archlinux/$repo/os/$arch +#Server = http://mirror.wtnet.de/arch/$repo/os/$arch +#Server = https://mirror.wtnet.de/arch/$repo/os/$arch +#Server = http://mirrors.xtom.de/archlinux/$repo/os/$arch +#Server = https://mirrors.xtom.de/archlinux/$repo/os/$arch +#Server = http://arch.mirror.zachlge.org/$repo/os/$arch +#Server = https://arch.mirror.zachlge.org/$repo/os/$arch +## Greece +#Server = http://ftp.cc.uoc.gr/mirrors/linux/archlinux/$repo/os/$arch +#Server = https://repo.greeklug.gr/data/pub/linux/archlinux/$repo/os/$arch +#Server = http://mirrors.myaegean.gr/linux/archlinux/$repo/os/$arch +#Server = http://ftp.ntua.gr/pub/linux/archlinux/$repo/os/$arch +#Server = http://ftp.otenet.gr/linux/archlinux/$repo/os/$arch +## Hong Kong +#Server = https://asia.mirror.pkgbuild.com/$repo/os/$arch +#Server = http://mirror-hk.koddos.net/archlinux/$repo/os/$arch +#Server = https://mirror-hk.koddos.net/archlinux/$repo/os/$arch +#Server = http://hkg.mirror.rackspace.com/archlinux/$repo/os/$arch +#Server = https://hkg.mirror.rackspace.com/archlinux/$repo/os/$arch +#Server = https://arch-mirror.wtako.net/$repo/os/$arch +#Server = http://mirror.xtom.com.hk/archlinux/$repo/os/$arch +#Server = https://mirror.xtom.com.hk/archlinux/$repo/os/$arch +## Hungary +#Server = http://ftp.ek-cer.hu/pub/mirrors/ftp.archlinux.org/$repo/os/$arch +#Server = http://archmirror.hbit.sztaki.hu/archlinux/$repo/os/$arch +#Server = http://nova.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch +#Server = http://quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch +#Server = http://super.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch +#Server = https://nova.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch +#Server = https://quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch +#Server = https://super.quantum-mirror.hu/mirrors/pub/archlinux/$repo/os/$arch +## Iceland +#Server = http://mirror.system.is/arch/$repo/os/$arch +#Server = https://mirror.system.is/arch/$repo/os/$arch +## India +#Server = http://mirror.cse.iitk.ac.in/archlinux/$repo/os/$arch +#Server = http://mirrors.piconets.webwerks.in/archlinux-mirror/$repo/os/$arch +#Server = https://mirrors.piconets.webwerks.in/archlinux-mirror/$repo/os/$arch +## Indonesia +#Server = http://mirror.cloudweeb.com/archlinux/$repo/os/$arch +#Server = http://mirror.faizuladib.com/archlinux/$repo/os/$arch +#Server = http://mirror.gi.co.id/archlinux/$repo/os/$arch +#Server = https://mirror.gi.co.id/archlinux/$repo/os/$arch +#Server = http://vpsmurah.jagoanhosting.com/archlinux/$repo/os/$arch +#Server = https://vpsmurah.jagoanhosting.com/archlinux/$repo/os/$arch +#Server = http://mirror.labkom.id/archlinux/$repo/os/$arch +#Server = http://mirror.papua.go.id/archlinux/$repo/os/$arch +#Server = https://mirror.papua.go.id/archlinux/$repo/os/$arch +#Server = http://mirror.poliwangi.ac.id/archlinux/$repo/os/$arch +#Server = http://suro.ubaya.ac.id/archlinux/$repo/os/$arch +#Server = http://mirror.telkomuniversity.ac.id/archlinux/$repo/os/$arch +#Server = https://mirror.telkomuniversity.ac.id/archlinux/$repo/os/$arch +## Iran +#Server = http://mirror.hostiran.ir/archlinux/$repo/os/$arch +#Server = https://mirror.hostiran.ir/archlinux/$repo/os/$arch +#Server = http://repo.iut.ac.ir/repo/archlinux/$repo/os/$arch +#Server = http://mirror.nak-mci.ir/arch/$repo/os/$arch +#Server = http://mirror.rasanegar.com/archlinux/$repo/os/$arch +#Server = https://mirror.rasanegar.com/archlinux/$repo/os/$arch +## Ireland +#Server = http://ftp.heanet.ie/mirrors/ftp.archlinux.org/$repo/os/$arch +#Server = https://ftp.heanet.ie/mirrors/ftp.archlinux.org/$repo/os/$arch +## Israel +#Server = http://mirror.isoc.org.il/pub/archlinux/$repo/os/$arch +#Server = https://mirror.isoc.org.il/pub/archlinux/$repo/os/$arch +#Server = https://archlinux.mivzakim.net/$repo/os/$arch +## Italy +#Server = https://archmirror.it/repos/$repo/os/$arch +#Server = http://archlinux.mirror.garr.it/archlinux/$repo/os/$arch +#Server = http://mirrors.prometeus.net/archlinux/$repo/os/$arch +#Server = http://archlinux.mirror.server24.net/$repo/os/$arch +#Server = https://archlinux.mirror.server24.net/$repo/os/$arch +## Japan +#Server = http://mirrors.cat.net/archlinux/$repo/os/$arch +#Server = https://mirrors.cat.net/archlinux/$repo/os/$arch +#Server = http://ftp.tsukuba.wide.ad.jp/Linux/archlinux/$repo/os/$arch +#Server = http://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch +#Server = https://ftp.jaist.ac.jp/pub/Linux/ArchLinux/$repo/os/$arch +## Kazakhstan +#Server = http://mirror.hoster.kz/archlinux/$repo/os/$arch +#Server = https://mirror.hoster.kz/archlinux/$repo/os/$arch +#Server = http://mirror.ps.kz/archlinux/$repo/os/$arch +#Server = https://mirror.ps.kz/archlinux/$repo/os/$arch +## Kenya +#Server = http://archlinux.mirror.liquidtelecom.com/$repo/os/$arch +#Server = https://archlinux.mirror.liquidtelecom.com/$repo/os/$arch +## Latvia +#Server = http://archlinux.koyanet.lv/archlinux/$repo/os/$arch +#Server = https://archlinux.koyanet.lv/archlinux/$repo/os/$arch +## Lithuania +#Server = http://mirrors.atviras.lt/archlinux/$repo/os/$arch +#Server = https://mirrors.atviras.lt/archlinux/$repo/os/$arch +#Server = http://mirrors.ims.nksc.lt/archlinux/$repo/os/$arch +#Server = https://mirrors.ims.nksc.lt/archlinux/$repo/os/$arch +## Luxembourg +#Server = http://archlinux.mirror.root.lu/$repo/os/$arch +## Mexico +#Server = https://arch.mirror.jsc.mx/$repo/os/$arch +## Moldova +#Server = http://mirror.ihost.md/archlinux/$repo/os/$arch +#Server = https://mirror.ihost.md/archlinux/$repo/os/$arch +## Monaco +#Server = http://archlinux.qontinuum.space/$repo/os/$arch +#Server = https://archlinux.qontinuum.space:4443/$repo/os/$arch +## Netherlands +#Server = https://archlinux.beccacervello.it/archlinux/$repo/os/$arch +#Server = http://mirror.cj2.nl/archlinux/$repo/os/$arch +#Server = https://mirror.cj2.nl/archlinux/$repo/os/$arch +#Server = https://mirrors.daan.vodka/archlinux/$repo/os/$arch +#Server = http://mirror.erickochen.nl/archlinux/$repo/os/$arch +#Server = https://mirror.erickochen.nl/archlinux/$repo/os/$arch +#Server = http://mirror.i3d.net/pub/archlinux/$repo/os/$arch +#Server = https://mirror.i3d.net/pub/archlinux/$repo/os/$arch +#Server = https://arch.jeweet.net/$repo/os/$arch +#Server = http://mirror.koddos.net/archlinux/$repo/os/$arch +#Server = https://mirror.koddos.net/archlinux/$repo/os/$arch +#Server = http://arch.mirrors.lavatech.top/$repo/os/$arch +#Server = https://arch.mirrors.lavatech.top/$repo/os/$arch +#Server = http://mirror.ams1.nl.leaseweb.net/archlinux/$repo/os/$arch +#Server = https://mirror.ams1.nl.leaseweb.net/archlinux/$repo/os/$arch +#Server = http://archlinux.mirror.liteserver.nl/$repo/os/$arch +#Server = https://archlinux.mirror.liteserver.nl/$repo/os/$arch +#Server = http://mirror.lyrahosting.com/archlinux/$repo/os/$arch +#Server = https://mirror.lyrahosting.com/archlinux/$repo/os/$arch +#Server = http://mirror.mijn.host/archlinux/$repo/os/$arch +#Server = https://mirror.mijn.host/archlinux/$repo/os/$arch +#Server = http://mirror.neostrada.nl/archlinux/$repo/os/$arch +#Server = https://mirror.neostrada.nl/archlinux/$repo/os/$arch +#Server = http://ftp.nluug.nl/os/Linux/distr/archlinux/$repo/os/$arch +#Server = http://archlinux.mirror.pcextreme.nl/$repo/os/$arch +#Server = https://archlinux.mirror.pcextreme.nl/$repo/os/$arch +#Server = http://mirror.serverion.com/archlinux/$repo/os/$arch +#Server = https://mirror.serverion.com/archlinux/$repo/os/$arch +#Server = http://ftp.snt.utwente.nl/pub/os/linux/archlinux/$repo/os/$arch +#Server = http://mirror.tarellia.net/distr/archlinux/$repo/os/$arch +#Server = https://mirror.tarellia.net/distr/archlinux/$repo/os/$arch +#Server = http://archlinux.mirror.wearetriple.com/$repo/os/$arch +#Server = https://archlinux.mirror.wearetriple.com/$repo/os/$arch +#Server = http://mirror-archlinux.webruimtehosting.nl/$repo/os/$arch +#Server = https://mirror-archlinux.webruimtehosting.nl/$repo/os/$arch +#Server = http://mirrors.xtom.nl/archlinux/$repo/os/$arch +#Server = https://mirrors.xtom.nl/archlinux/$repo/os/$arch +## New Caledonia +#Server = http://mirror.lagoon.nc/pub/archlinux/$repo/os/$arch +#Server = http://archlinux.nautile.nc/archlinux/$repo/os/$arch +#Server = https://archlinux.nautile.nc/archlinux/$repo/os/$arch +## New Zealand +#Server = http://mirror.2degrees.nz/archlinux/$repo/os/$arch +#Server = https://mirror.2degrees.nz/archlinux/$repo/os/$arch +#Server = http://mirror.fsmg.org.nz/archlinux/$repo/os/$arch +#Server = https://mirror.fsmg.org.nz/archlinux/$repo/os/$arch +#Server = http://mirror.smith.geek.nz/archlinux/$repo/os/$arch +#Server = https://mirror.smith.geek.nz/archlinux/$repo/os/$arch +## North Macedonia +#Server = http://arch.softver.org.mk/archlinux/$repo/os/$arch +#Server = http://mirror.onevip.mk/archlinux/$repo/os/$arch +#Server = http://mirror.t-home.mk/archlinux/$repo/os/$arch +#Server = https://mirror.t-home.mk/archlinux/$repo/os/$arch +## Norway +#Server = http://mirror.archlinux.no/$repo/os/$arch +#Server = https://mirror.archlinux.no/$repo/os/$arch +#Server = http://archlinux.uib.no/$repo/os/$arch +#Server = http://mirror.neuf.no/archlinux/$repo/os/$arch +#Server = https://mirror.neuf.no/archlinux/$repo/os/$arch +#Server = http://mirror.terrahost.no/linux/archlinux/$repo/os/$arch +## Pakistan +#Server = http://repo.inara.pk/archlinux/$repo/os/$arch +#Server = https://repo.inara.pk/archlinux/$repo/os/$arch +## Paraguay +#Server = http://archlinux.mirror.py/archlinux/$repo/os/$arch +## Poland +#Server = http://ftp.icm.edu.pl/pub/Linux/dist/archlinux/$repo/os/$arch +#Server = https://ftp.icm.edu.pl/pub/Linux/dist/archlinux/$repo/os/$arch +#Server = http://mirror.juniorjpdj.pl/archlinux/$repo/os/$arch +#Server = https://mirror.juniorjpdj.pl/archlinux/$repo/os/$arch +#Server = http://arch.midov.pl/arch/$repo/os/$arch +#Server = https://arch.midov.pl/arch/$repo/os/$arch +#Server = http://arch.nixlab.pl/$repo/os/$arch +#Server = https://arch.nixlab.pl/$repo/os/$arch +#Server = http://mirror.onet.pl/pub/mirrors/archlinux/$repo/os/$arch +#Server = http://piotrkosoft.net/pub/mirrors/ftp.archlinux.org/$repo/os/$arch +#Server = http://mirror.sfinae.tech/pub/mirrors/archlinux/$repo/os/$arch +#Server = https://mirror.sfinae.tech/pub/mirrors/archlinux/$repo/os/$arch +#Server = http://repo.skni.umcs.pl/archlinux/$repo/os/$arch +#Server = https://repo.skni.umcs.pl/archlinux/$repo/os/$arch +#Server = http://ftp.vectranet.pl/archlinux/$repo/os/$arch +## Portugal +#Server = http://glua.ua.pt/pub/archlinux/$repo/os/$arch +#Server = https://glua.ua.pt/pub/archlinux/$repo/os/$arch +#Server = http://ftp.rnl.tecnico.ulisboa.pt/pub/archlinux/$repo/os/$arch +#Server = https://ftp.rnl.tecnico.ulisboa.pt/pub/archlinux/$repo/os/$arch +## Romania +#Server = http://mirrors.chroot.ro/archlinux/$repo/os/$arch +#Server = https://mirrors.chroot.ro/archlinux/$repo/os/$arch +#Server = http://mirror.efect.ro/archlinux/$repo/os/$arch +#Server = https://mirror.efect.ro/archlinux/$repo/os/$arch +#Server = http://mirrors.go.ro/archlinux/$repo/os/$arch +#Server = https://mirrors.go.ro/archlinux/$repo/os/$arch +#Server = http://mirrors.hostico.ro/archlinux/$repo/os/$arch +#Server = https://mirrors.hostico.ro/archlinux/$repo/os/$arch +#Server = http://archlinux.mirrors.linux.ro/$repo/os/$arch +#Server = http://mirrors.m247.ro/archlinux/$repo/os/$arch +#Server = http://mirrors.nav.ro/archlinux/$repo/os/$arch +#Server = http://mirrors.nxthost.com/archlinux/$repo/os/$arch +#Server = https://mirrors.nxthost.com/archlinux/$repo/os/$arch +#Server = http://mirrors.pidginhost.com/arch/$repo/os/$arch +#Server = https://mirrors.pidginhost.com/arch/$repo/os/$arch +## Russia +#Server = http://mirror.surf/archlinux/$repo/os/$arch +#Server = https://mirror.surf/archlinux/$repo/os/$arch +#Server = http://mirror.nw-sys.ru/archlinux/$repo/os/$arch +#Server = https://mirror.nw-sys.ru/archlinux/$repo/os/$arch +#Server = http://mirrors.powernet.com.ru/archlinux/$repo/os/$arch +#Server = http://mirror.rol.ru/archlinux/$repo/os/$arch +#Server = https://mirror.rol.ru/archlinux/$repo/os/$arch +#Server = http://mirror.truenetwork.ru/archlinux/$repo/os/$arch +#Server = https://mirror.truenetwork.ru/archlinux/$repo/os/$arch +#Server = http://mirror.yandex.ru/archlinux/$repo/os/$arch +#Server = https://mirror.yandex.ru/archlinux/$repo/os/$arch +#Server = http://archlinux.zepto.cloud/$repo/os/$arch +## RĂ©union +#Server = http://arch.mithril.re/$repo/os/$arch +## Serbia +#Server = http://arch.petarmaric.com/$repo/os/$arch +#Server = http://mirror.pmf.kg.ac.rs/archlinux/$repo/os/$arch +## Singapore +#Server = http://mirror.0x.sg/archlinux/$repo/os/$arch +#Server = https://mirror.0x.sg/archlinux/$repo/os/$arch +#Server = http://mirror.aktkn.sg/archlinux/$repo/os/$arch +#Server = https://mirror.aktkn.sg/archlinux/$repo/os/$arch +#Server = https://download.nus.edu.sg/mirror/archlinux/$repo/os/$arch +#Server = http://mirror.guillaumea.fr/archlinux/$repo/os/$arch +#Server = https://mirror.guillaumea.fr/archlinux/$repo/os/$arch +#Server = http://mirror.jingk.ai/archlinux/$repo/os/$arch +#Server = https://mirror.jingk.ai/archlinux/$repo/os/$arch +#Server = http://mirror.nus.edu.sg/archlinux/$repo/os/$arch +## Slovakia +#Server = http://mirror.lnx.sk/pub/linux/archlinux/$repo/os/$arch +#Server = https://mirror.lnx.sk/pub/linux/archlinux/$repo/os/$arch +#Server = http://tux.rainside.sk/archlinux/$repo/os/$arch +## Slovenia +#Server = http://archimonde.ts.si/archlinux/$repo/os/$arch +#Server = https://archimonde.ts.si/archlinux/$repo/os/$arch +## South Africa +#Server = http://archlinux.za.mirror.allworldit.com/archlinux/$repo/os/$arch +#Server = https://archlinux.za.mirror.allworldit.com/archlinux/$repo/os/$arch +#Server = http://za.mirror.archlinux-br.org/$repo/os/$arch +#Server = http://mirror.is.co.za/mirror/archlinux.org/$repo/os/$arch +#Server = http://arch.opnmirror.co.za/$repo/os/$arch +#Server = https://arch.opnmirror.co.za/$repo/os/$arch +#Server = http://mirrors.urbanwave.co.za/archlinux/$repo/os/$arch +#Server = https://mirrors.urbanwave.co.za/archlinux/$repo/os/$arch +## South Korea +#Server = http://mirror.anigil.com/archlinux/$repo/os/$arch +#Server = https://mirror.anigil.com/archlinux/$repo/os/$arch +#Server = http://ftp.harukasan.org/archlinux/$repo/os/$arch +#Server = https://ftp.harukasan.org/archlinux/$repo/os/$arch +#Server = http://ftp.lanet.kr/pub/archlinux/$repo/os/$arch +#Server = https://ftp.lanet.kr/pub/archlinux/$repo/os/$arch +#Server = http://mirror.premi.st/archlinux/$repo/os/$arch +#Server = https://mirror.premi.st/archlinux/$repo/os/$arch +## Spain +#Server = https://mirror.cloroformo.org/archlinux/$repo/os/$arch +#Server = http://mirror.librelabucm.org/archlinux/$repo/os/$arch +#Server = https://mirror.librelabucm.org/archlinux/$repo/os/$arch +#Server = http://ftp.rediris.es/mirror/archlinux/$repo/os/$arch +#Server = http://sharing.thelinuxsect.com/archlinux/$repo/os/$arch +## Sweden +#Server = http://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch +#Server = https://ftp.acc.umu.se/mirror/archlinux/$repo/os/$arch +#Server = http://ftpmirror.infania.net/mirror/archlinux/$repo/os/$arch +#Server = https://ftp.ludd.ltu.se/mirrors/archlinux/$repo/os/$arch +#Server = http://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch +#Server = https://ftp.lysator.liu.se/pub/archlinux/$repo/os/$arch +#Server = http://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch +#Server = https://ftp.myrveln.se/pub/linux/archlinux/$repo/os/$arch +#Server = https://mirror.osbeck.com/archlinux/$repo/os/$arch +#Server = http://tedwall.se/archlinux/$repo/os/$arch +#Server = https://tedwall.se/archlinux/$repo/os/$arch +## Switzerland +#Server = http://pkg.adfinis.com/archlinux/$repo/os/$arch +#Server = https://pkg.adfinis.com/archlinux/$repo/os/$arch +#Server = http://mirror.init7.net/archlinux/$repo/os/$arch +#Server = https://mirror.init7.net/archlinux/$repo/os/$arch +#Server = http://mirror.puzzle.ch/archlinux/$repo/os/$arch +#Server = https://mirror.puzzle.ch/archlinux/$repo/os/$arch +#Server = https://theswissbay.ch/archlinux/$repo/os/$arch +#Server = https://mirror.ungleich.ch/mirror/packages/archlinux/$repo/os/$arch +## Taiwan +#Server = http://archlinux.ccns.ncku.edu.tw/archlinux/$repo/os/$arch +#Server = http://free.nchc.org.tw/arch/$repo/os/$arch +#Server = https://free.nchc.org.tw/arch/$repo/os/$arch +#Server = http://archlinux.cs.nctu.edu.tw/$repo/os/$arch +#Server = http://shadow.ind.ntou.edu.tw/archlinux/$repo/os/$arch +#Server = https://shadow.ind.ntou.edu.tw/archlinux/$repo/os/$arch +#Server = http://ftp.tku.edu.tw/Linux/ArchLinux/$repo/os/$arch +#Server = http://ftp.yzu.edu.tw/Linux/archlinux/$repo/os/$arch +#Server = https://ftp.yzu.edu.tw/Linux/archlinux/$repo/os/$arch +## Thailand +#Server = https://mirror.cyberbits.asia/archlinux/$repo/os/$arch +#Server = http://mirror.kku.ac.th/archlinux/$repo/os/$arch +#Server = https://mirror.kku.ac.th/archlinux/$repo/os/$arch +#Server = http://mirror2.totbb.net/archlinux/$repo/os/$arch +## Turkey +#Server = http://ftp.linux.org.tr/archlinux/$repo/os/$arch +#Server = http://mirror.veriteknik.net.tr/archlinux/$repo/os/$arch +## Ukraine +#Server = http://archlinux.ip-connect.vn.ua/$repo/os/$arch +#Server = https://archlinux.ip-connect.vn.ua/$repo/os/$arch +#Server = http://mirror.mirohost.net/archlinux/$repo/os/$arch +#Server = https://mirror.mirohost.net/archlinux/$repo/os/$arch +#Server = http://mirrors.nix.org.ua/linux/archlinux/$repo/os/$arch +#Server = https://mirrors.nix.org.ua/linux/archlinux/$repo/os/$arch +## United Kingdom +#Server = http://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch +#Server = https://archlinux.uk.mirror.allworldit.com/archlinux/$repo/os/$arch +#Server = http://mirror.bytemark.co.uk/archlinux/$repo/os/$arch +#Server = https://mirror.bytemark.co.uk/archlinux/$repo/os/$arch +#Server = http://mirrors.gethosted.online/archlinux/$repo/os/$arch +#Server = https://mirrors.gethosted.online/archlinux/$repo/os/$arch +#Server = http://mirrors.manchester.m247.com/arch-linux/$repo/os/$arch +#Server = http://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch +#Server = https://mirrors.melbourne.co.uk/archlinux/$repo/os/$arch +#Server = http://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch +#Server = https://www.mirrorservice.org/sites/ftp.archlinux.org/$repo/os/$arch +#Server = http://mirror.netweaver.uk/archlinux/$repo/os/$arch +#Server = https://mirror.netweaver.uk/archlinux/$repo/os/$arch +#Server = http://lon.mirror.rackspace.com/archlinux/$repo/os/$arch +#Server = https://lon.mirror.rackspace.com/archlinux/$repo/os/$arch +#Server = http://arch.serverspace.co.uk/arch/$repo/os/$arch +#Server = http://mirrors.ukfast.co.uk/sites/archlinux.org/$repo/os/$arch +#Server = https://mirrors.ukfast.co.uk/sites/archlinux.org/$repo/os/$arch +## United States +## Vietnam +#Server = http://f.archlinuxvn.org/archlinux/$repo/os/$arch +#Server = http://mirror.bizflycloud.vn/archlinux/$repo/os/$arch +Server = http://mirror.siena.edu/archlinux/$repo/os/$arch +Server = http://mirror.wdc1.us.leaseweb.net/archlinux/$repo/os/$arch +Server = http://il.us.mirror.archlinux-br.org/$repo/os/$arch +Server = http://arch.mirror.constant.com/$repo/os/$arch +Server = http://mirrors.mit.edu/archlinux/$repo/os/$arch diff --git a/ansible/roles/package_manager/files/pacman.conf b/ansible/roles/package_manager/files/pacman.conf new file mode 100644 index 0000000..6cf3153 --- /dev/null +++ b/ansible/roles/package_manager/files/pacman.conf @@ -0,0 +1,103 @@ +# +# /etc/pacman.conf +# +# See the pacman.conf(5) manpage for option and repository directives + +# +# GENERAL OPTIONS +# +[options] +# The following paths are commented out with their default values listed. +# If you wish to use different paths, uncomment and update the paths. +#RootDir = / +#DBPath = /var/lib/pacman/ +#CacheDir = /var/cache/pacman/pkg/ +#LogFile = /var/log/pacman.log +#GPGDir = /etc/pacman.d/gnupg/ +#HookDir = /etc/pacman.d/hooks/ +HoldPkg = pacman glibc +#XferCommand = /usr/bin/curl -L -C - -f -o %o %u +#XferCommand = /usr/bin/wget --passive-ftp -c -O %o %u +#CleanMethod = KeepInstalled +Architecture = auto + +# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup +#IgnorePkg = +#IgnoreGroup = + +#NoUpgrade = +#NoExtract = + +# Misc options +#UseSyslog +Color +#NoProgressBar +CheckSpace +ILoveCandy +#VerbosePkgLists +#ParallelDownloads = 5 + +# By default, pacman accepts packages signed by keys that its local keyring +# trusts (see pacman-key and its man page), as well as unsigned packages. +SigLevel = Required DatabaseOptional +LocalFileSigLevel = Optional +#RemoteFileSigLevel = Required + +# NOTE: You must run `pacman-key --init` before first using pacman; the local +# keyring can then be populated with the keys of all official Arch Linux +# packagers with `pacman-key --populate archlinux`. + +# +# REPOSITORIES +# - can be defined here or included from another file +# - pacman will search repositories in the order defined here +# - local/custom mirrors can be added here or in separate files +# - repositories listed first will take precedence when packages +# have identical names, regardless of version number +# - URLs will have $repo replaced by the name of the current repo +# - URLs will have $arch replaced by the name of the architecture +# +# Repository entries are of the format: +# [repo-name] +# Server = ServerName +# Include = IncludePath +# +# The header [repo-name] is crucial - it must be present and +# uncommented to enable the repo. +# + +# The testing repositories are disabled by default. To enable, uncomment the +# repo name header and Include lines. You can add preferred servers immediately +# after the header, and they will be used before the default mirrors. + +#[testing] +#Include = /etc/pacman.d/mirrorlist + +Include = /etc/pacman.d/conf.d/*.conf + +[core] +Include = /etc/pacman.d/mirrorlist + +[extra] +Include = /etc/pacman.d/mirrorlist + +#[community-testing] +#Include = /etc/pacman.d/mirrorlist + +[community] +Include = /etc/pacman.d/mirrorlist + +# If you want to run 32 bit applications on your x86_64 system, +# enable the multilib repositories as required here. + +#[multilib-testing] +#Include = /etc/pacman.d/mirrorlist + +[multilib] +Include = /etc/pacman.d/mirrorlist + +# An example of a custom package repository. See the pacman manpage for +# tips on creating your own repositories. +#[custom] +#SigLevel = Optional TrustAll +#Server = file:///home/custompkgs diff --git a/ansible/roles/package_manager/tasks/common.yaml b/ansible/roles/package_manager/tasks/common.yaml new file mode 100644 index 0000000..d7c1735 --- /dev/null +++ b/ansible/roles/package_manager/tasks/common.yaml @@ -0,0 +1,14 @@ +- import_tasks: tasks/freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/linux.yaml + when: 'os_flavor == "linux"' + +- include_tasks: + file: tasks/peruser.yaml + apply: + become: yes + become_user: "{{ initialize_user }}" + loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}" + loop_control: + loop_var: initialize_user diff --git a/ansible/roles/package_manager/tasks/freebsd.yaml b/ansible/roles/package_manager/tasks/freebsd.yaml new file mode 100644 index 0000000..b417174 --- /dev/null +++ b/ansible/roles/package_manager/tasks/freebsd.yaml @@ -0,0 +1,5 @@ +# - name: Install packages +# package: +# name: +# - foo +# state: present diff --git a/ansible/roles/package_manager/tasks/linux.yaml b/ansible/roles/package_manager/tasks/linux.yaml new file mode 100644 index 0000000..3997a97 --- /dev/null +++ b/ansible/roles/package_manager/tasks/linux.yaml @@ -0,0 +1,54 @@ +- name: Put in custom config directory + copy: + src: "files/pacman.conf" + dest: /etc/pacman.conf + mode: 0644 + owner: root + group: root + +- name: Put in mirrolist + copy: + src: "files/mirrorlist" + dest: /etc/pacman.d/mirrorlist + mode: 0644 + owner: root + group: root + +- name: Create pacman conf directory + file: + name: /etc/pacman.d/conf.d + state: directory + owner: root + group: root + mode: 0755 + +- name: Check that paths exist + stat: + path: "{{ item }}" + register: file_exists + no_log: True + loop: + - /etc/pacman.d/conf.d/blank.conf + +- name: Create blank file to match glob + file: + name: "{{ item }}" + state: touch + owner: root + group: root + mode: 0644 + loop: + - /etc/pacman.d/conf.d/blank.conf + when: "{{ file_exists | community.general.json_query(sub_query) | first | default(False) }} == False" + vars: + sub_query: "results[?stat.path=='{{ item }}'].stat.exists" + +- name: Additional pacman configs + copy: + src: "files/{{ item }}" + dest: /etc/pacman.d/conf.d/ + mode: 0644 + owner: root + group: root + loop: + - freeze_firefox.conf diff --git a/ansible/roles/package_manager/tasks/main.yaml b/ansible/roles/package_manager/tasks/main.yaml new file mode 100644 index 0000000..5c1df6c --- /dev/null +++ b/ansible/roles/package_manager/tasks/main.yaml @@ -0,0 +1 @@ +- import_tasks: tasks/common.yaml diff --git a/ansible/roles/package_manager/tasks/peruser.yaml b/ansible/roles/package_manager/tasks/peruser.yaml new file mode 100644 index 0000000..111e886 --- /dev/null +++ b/ansible/roles/package_manager/tasks/peruser.yaml @@ -0,0 +1,29 @@ +- include_role: + name: per_user + +# - name: Create directories +# file: +# name: "{{ account_homedir.stdout }}/{{ item }}" +# state: directory +# mode: 0700 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - ".config/foo" + +# - name: Copy files +# copy: +# src: "files/{{ item.src }}" +# dest: "{{ account_homedir.stdout }}/{{ item.dest }}" +# mode: 0600 +# owner: "{{ account_name.stdout }}" +# group: "{{ group_name.stdout }}" +# loop: +# - src: foo.conf +# dest: .config/foo/foo.conf + +- import_tasks: tasks/peruser_freebsd.yaml + when: 'os_flavor == "freebsd"' + +- import_tasks: tasks/peruser_linux.yaml + when: 'os_flavor == "linux"' diff --git a/ansible/roles/package_manager/tasks/peruser_freebsd.yaml b/ansible/roles/package_manager/tasks/peruser_freebsd.yaml new file mode 100644 index 0000000..e69de29 diff --git a/ansible/roles/package_manager/tasks/peruser_linux.yaml b/ansible/roles/package_manager/tasks/peruser_linux.yaml new file mode 100644 index 0000000..e69de29