122 lines
2.6 KiB
YAML
122 lines
2.6 KiB
YAML
- name: Define keys for pacman
|
|
set_fact:
|
|
keys:
|
|
- 1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A # Sublime Text
|
|
- EF6E286DDA85EA2A4BA7DE684E2C6E8793298290 # Tor Browser
|
|
- 9D5F1C051D146843CDA4858BDE64825E7CBC0D51 # ArchStrike
|
|
|
|
- name: Install pacman config
|
|
template:
|
|
src: ./files/pacman.conf
|
|
dest: /etc/pacman.conf
|
|
mode: 0644
|
|
|
|
- name: Get installed pacman keys
|
|
shell: pacman-key --list-keys
|
|
register: pacman_keys
|
|
|
|
- name: Get known GPG keys
|
|
shell: gpg --list-keys
|
|
become: true
|
|
become_user: "{{ user }}"
|
|
register: known_gpg_keys
|
|
|
|
- name: Add keys to pacman
|
|
shell: pacman-key -r {{ item }}
|
|
when: item not in pacman_keys.stdout
|
|
loop: "{{ keys }}"
|
|
|
|
- name: Sign keys in pacman
|
|
shell: pacman-key --lsign-key {{ item }}
|
|
when: item not in pacman_keys.stdout
|
|
loop: "{{ keys }}"
|
|
|
|
- name: Add keys to local keyring
|
|
shell: gpg --recv-keys {{ item }}
|
|
become: true
|
|
become_user: "{{ user }}"
|
|
when: item not in known_gpg_keys.stdout
|
|
loop: "{{ keys }}"
|
|
|
|
- name: Create aur_builder user
|
|
user:
|
|
name: aur_builder
|
|
group: wheel
|
|
password_lock: true
|
|
shell: /usr/bin/nologin
|
|
|
|
- name: Allow aur_builder user to run pacman as root
|
|
lineinfile:
|
|
path: /etc/sudoers.d/11-install-aur_builder
|
|
line: "aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman"
|
|
create: true
|
|
validate: visudo -cf %s
|
|
|
|
- name: Get installed packages
|
|
shell: pacman -Qq
|
|
become: true
|
|
become_user: aur_builder
|
|
register: installed_packages
|
|
|
|
|
|
- name: Install yay
|
|
aur:
|
|
skip_installed: true
|
|
name: yay
|
|
become: true
|
|
become_user: aur_builder
|
|
|
|
- name: Install additional repo keyrings
|
|
aur:
|
|
skip_installed: true
|
|
name: "{{ item }}"
|
|
become: true
|
|
become_user: aur_builder
|
|
when: item not in installed_packages.stdout_lines
|
|
loop:
|
|
- archstrike-keyring
|
|
|
|
- name: Install ccache
|
|
aur:
|
|
skip_installed: true
|
|
name: ccache
|
|
become: true
|
|
become_user: aur_builder
|
|
|
|
- name: Install makepkg tools
|
|
aur:
|
|
skip_installed: true
|
|
name: "{{ items }}"
|
|
become: true
|
|
become_user: aur_builder
|
|
when: item not in installed_packages.stdout_lines
|
|
loop:
|
|
- pbzip2
|
|
- zstd
|
|
|
|
- name: Install makepkg config
|
|
template:
|
|
src: ./files/makepkg.conf
|
|
dest: /etc/makepkg.conf
|
|
mode: 0644
|
|
|
|
- name: Install Reflector
|
|
aur:
|
|
skip_installed: true
|
|
name: reflector
|
|
become: true
|
|
become_user: aur_builder
|
|
|
|
- name: Install Reflector service
|
|
template:
|
|
src: ./files/reflector.service
|
|
dest: /etc/systemd/system/reflector.service
|
|
mode: 0644
|
|
owner: root
|
|
group: root
|
|
|
|
- name: Enable Reflector services
|
|
systemd:
|
|
name: reflector
|
|
enabled: true
|