From 9f556117ddc4174388e2e712461cb1f55df7389d Mon Sep 17 00:00:00 2001
From: Philipp Rothmann <philipprothmann@posteo.de>
Date: Sat, 8 Jan 2022 21:44:43 +0100
Subject: [PATCH] add firmware-mirror

---
 host_vars/mirror01.yml                        |  1 +
 hosts.yml                                     |  8 +++
 playbook.yml                                  |  6 +++
 .../systemd/system/firmware-mirror.service    | 10 ++++
 .../etc/systemd/system/firmware-mirror.timer  |  8 +++
 .../files/root/firmware-mirror.sh             |  5 ++
 roles/firmware_mirror/tasks/main.yml          | 54 +++++++++++++++++++
 .../etc/nginx/sites-available/firmware        | 14 +++++
 8 files changed, 106 insertions(+)
 create mode 100644 host_vars/mirror01.yml
 create mode 100644 roles/firmware_mirror/files/etc/systemd/system/firmware-mirror.service
 create mode 100644 roles/firmware_mirror/files/etc/systemd/system/firmware-mirror.timer
 create mode 100644 roles/firmware_mirror/files/root/firmware-mirror.sh
 create mode 100644 roles/firmware_mirror/tasks/main.yml
 create mode 100644 roles/firmware_mirror/templates/etc/nginx/sites-available/firmware

diff --git a/host_vars/mirror01.yml b/host_vars/mirror01.yml
new file mode 100644
index 0000000..14d3d86
--- /dev/null
+++ b/host_vars/mirror01.yml
@@ -0,0 +1 @@
+mirror_url: mirror01.luebeck.freifunk.net
\ No newline at end of file
diff --git a/hosts.yml b/hosts.yml
index 5ce3e89..8bf75e5 100644
--- a/hosts.yml
+++ b/hosts.yml
@@ -20,3 +20,11 @@ service_hosts:
   hosts:
     srv02:
       ansible_ssh_host: srv02.luebeck.freifunk.net
+
+firmware_mirrors:
+  vars:
+    ansible_python_interpreter: /usr/bin/env python3
+    ansible_ssh_user: root
+  hosts:
+    mirror01:
+      ansible_ssh_host: mirror01.luebeck.freifunk.net
diff --git a/playbook.yml b/playbook.yml
index d4000f5..ad82ca7 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -20,3 +20,9 @@
     - services
     - role: ffhl_ns_auth
       tags: [nameserver, nsauth]
+
+- hosts: firmware_mirrors
+  become: yes
+  roles:
+    - role: firmware_mirror
+      tags: [firmware_mirror]
diff --git a/roles/firmware_mirror/files/etc/systemd/system/firmware-mirror.service b/roles/firmware_mirror/files/etc/systemd/system/firmware-mirror.service
new file mode 100644
index 0000000..e599773
--- /dev/null
+++ b/roles/firmware_mirror/files/etc/systemd/system/firmware-mirror.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Firmware Mirror
+
+[Service]
+Type=oneshot
+WorkingDirectory=/root/
+ExecStart=/root/firmware-mirror.sh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/firmware_mirror/files/etc/systemd/system/firmware-mirror.timer b/roles/firmware_mirror/files/etc/systemd/system/firmware-mirror.timer
new file mode 100644
index 0000000..07c924f
--- /dev/null
+++ b/roles/firmware_mirror/files/etc/systemd/system/firmware-mirror.timer
@@ -0,0 +1,8 @@
+[Unit]
+Description=Firmware Mirror Timer
+
+[Timer]
+OnCalendar= *-*-* 03:42:23
+
+[Install]
+WantedBy=timers.target
\ No newline at end of file
diff --git a/roles/firmware_mirror/files/root/firmware-mirror.sh b/roles/firmware_mirror/files/root/firmware-mirror.sh
new file mode 100644
index 0000000..5d7398a
--- /dev/null
+++ b/roles/firmware_mirror/files/root/firmware-mirror.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+wget --no-clobber --recursive  --reject-regex "/[debug|nightly]/*" firmware.ffhl.de
+cp -r firmware.ffhl.de /var/www/firmware
+chown -R www-data:www-data /var/www/firmware
\ No newline at end of file
diff --git a/roles/firmware_mirror/tasks/main.yml b/roles/firmware_mirror/tasks/main.yml
new file mode 100644
index 0000000..5b23926
--- /dev/null
+++ b/roles/firmware_mirror/tasks/main.yml
@@ -0,0 +1,54 @@
+
+- name: copy configs
+  copy:
+    src: etc/
+    dest: /etc
+
+
+- name: install nginx
+  apt:
+    state: present
+    install_recommends: no
+    update_cache: yes
+    name:
+      - nginx-full
+      - libnginx-mod-http-fancyindex
+      - libnginx-mod-http-headers-more-filter
+
+- name: copy nginx configs
+  template:
+    src: etc/nginx/sites-available/firmware
+    dest: /etc/nginx/sites-available/firmware
+
+- name: enable sites
+  block:
+    - name: remove all enabled sites
+      file: state=absent path="/etc/nginx/sites-enabled/"
+    - name: create enabled-sites directory
+      file: state=directory path="/etc/nginx/sites-enabled"
+    - name: enable selected sites
+      file:
+        state: link
+        src: "../sites-available/firmware"
+        dest: "/etc/nginx/sites-enabled/firmware"
+
+
+- name: enable nginx service
+  systemd:
+    name: nginx.service
+    state: restarted
+    enabled: yes
+
+
+
+- name: copy mirror script
+  copy:
+    src: root/
+    dest: /root
+    mode: a+xr
+
+- name: enable firmware-mirror timer
+  systemd:
+    name: firmware-mirror.timer
+    state: restarted
+    enabled: yes
\ No newline at end of file
diff --git a/roles/firmware_mirror/templates/etc/nginx/sites-available/firmware b/roles/firmware_mirror/templates/etc/nginx/sites-available/firmware
new file mode 100644
index 0000000..f9d1a4a
--- /dev/null
+++ b/roles/firmware_mirror/templates/etc/nginx/sites-available/firmware
@@ -0,0 +1,14 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name {{ mirror_url }};
+ 	client_max_body_size 5m;
+    	client_body_timeout 60;
+	
+	root /var/www/firmware;
+	
+	location / {
+		index on;
+	}
+}
+
-- 
GitLab