Jake Howard
998e2834b0
It doesn't quite work as expected. It seems to only detect DNS requests for apps, which is kinda useless
102 lines
2.5 KiB
YAML
102 lines
2.5 KiB
YAML
- set_fact:
|
|
keys:
|
|
- '1EDDE2CDFC025D17F6DA9EC0ADAE6AD28A8F901A' # Sublime Text
|
|
- 'EF6E286DDA85EA2A4BA7DE684E2C6E8793298290' # Tor Browser
|
|
- '9D5F1C051D146843CDA4858BDE64825E7CBC0D51' # ArchStrike
|
|
|
|
- name: Install pacman config
|
|
template:
|
|
src: ./files/pacman.conf
|
|
dest: /etc/pacman.conf
|
|
mode: 0644
|
|
|
|
- name: "Get installed pacman keys"
|
|
shell: "pacman-key --list-keys"
|
|
register: pacman_keys
|
|
|
|
- name: "Get known GPG keys"
|
|
shell: "gpg --list-keys"
|
|
become: true
|
|
become_user: "{{ user }}"
|
|
register: known_gpg_keys
|
|
|
|
- name: "Add keys to pacman"
|
|
shell: "pacman-key -r {{ item }}"
|
|
when: "item not in pacman_keys.stdout"
|
|
with_items: "{{ keys }}"
|
|
|
|
- name: "Sign keys in pacman"
|
|
shell: "pacman-key --lsign-key {{ item }}"
|
|
when: "item not in pacman_keys.stdout"
|
|
with_items: "{{ keys }}"
|
|
|
|
- name: "Add keys to local keyring"
|
|
shell: "gpg --recv-keys {{ item }}"
|
|
become: true
|
|
become_user: "{{ user }}"
|
|
when: "item not in known_gpg_keys.stdout"
|
|
with_items: "{{ keys }}"
|
|
|
|
- name: Create aur_builder user
|
|
user:
|
|
name: aur_builder
|
|
group: wheel
|
|
password_lock: true
|
|
shell: /bin/false
|
|
|
|
- name: Allow aur_builder user to run pacman as root
|
|
lineinfile:
|
|
path: /etc/sudoers.d/11-install-aur_builder
|
|
line: 'aur_builder ALL=(ALL) NOPASSWD: /usr/bin/pacman'
|
|
create: true
|
|
validate: 'visudo -cf %s'
|
|
|
|
- name: "Get installed packages"
|
|
shell: "pacman -Qq"
|
|
become: true
|
|
become_user: aur_builder
|
|
register: installed_packages
|
|
|
|
|
|
- name: "Install yay"
|
|
aur:
|
|
skip_installed: true
|
|
name: yay
|
|
become: true
|
|
become_user: aur_builder
|
|
|
|
- name: "Install additional repo keyrings"
|
|
aur:
|
|
skip_installed: true
|
|
name: "{{ item }}"
|
|
become: true
|
|
become_user: aur_builder
|
|
when: "item not in installed_packages.stdout_lines"
|
|
with_items:
|
|
- 'archstrike-keyring'
|
|
|
|
- name: "Install ccache"
|
|
aur:
|
|
skip_installed: true
|
|
name: ccache
|
|
become: true
|
|
become_user: aur_builder
|
|
|
|
- name: Use ccache in makepkg
|
|
lineinfile:
|
|
path: /etc/makepkg.conf
|
|
state: present
|
|
regexp: '^BUILDENV='
|
|
line: 'BUILDENV=(!distcc color ccache check !sign)'
|
|
|
|
- name: Download UK mirrorlist
|
|
get_url:
|
|
url: 'https://www.archlinux.org/mirrorlist/?country=GB&protocol=http&protocol=https&ip_version=4&ip_version=6&use_mirror_status=on'
|
|
dest: /etc/pacman.d/mirrorlist
|
|
force: true
|
|
|
|
- name: Un-comment mirrorlist servers
|
|
replace:
|
|
path: /etc/pacman.d/mirrorlist
|
|
regexp: '^#Server = (.+)$'
|
|
replace: 'Server = \1'
|