blob: 9c89f16d05b05c56d8e3802eb180f5a82d327e98 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
---
- name: install
tags:
- install
block:
- name: create directories
ansible.builtin.file:
path: "{{ chroot }}/{{ item.path }}"
owner: "{{ item.owner | default('root') }}"
group: "{{ item.group | default('root') }}"
mode: "{{ item.mode | default('u=rwx,g=rx,o=rx') }}"
state: directory
recurse: true
loop:
- path: /etc/portage/package.keywords
- path: /etc/portage/package.mask
- path: /etc/portage/repos.conf
- path: /var/cache/portage/distfiles
mode: 'u=rwx,g=rwx,o=rx'
owner: 0
group: 250 # portage
- name: /etc/hostname
ansible.builtin.copy:
dest: "{{ chroot }}/etc/hostname"
content: "{{ hostname }}\n" # TODO: fqdn in the systemd world?
- name: resolv.conf
ansible.builtin.copy:
dest: "{{ chroot }}/etc/resolv.conf"
content: |
domain gentoo.org
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844
- name: /etc/portage/repos.conf/gentoo.conf
ansible.builtin.copy:
dest: "{{ chroot }}/etc/portage/repos.conf/gentoo.conf"
src: "{{ chroot }}/usr/share/portage/config/repos.conf"
remote_src: true
# TODO: change profile (stick to matching tarball for MVP)
# binhost: handled by catalyst
#- name: "{{ chroot }}"/etc/portage/binrepos.conf/gentoobinhost.conf
# ansible.builtin.copy:
# path: "{{ chroot }}"/etc/portage/binrepos.conf/gentoobinhost.conf
# content: |
# ...
- name: cmd nproc
ansible.builtin.command: nproc
register: cmd_nproc
- name: fact nproc
ansible.builtin.set_fact:
nproc: "{{ cmd_nproc.stdout }}"
# TODO: infra-overlay
- name: make-ansible.conf
ansible.builtin.copy:
dest: "{{ chroot }}/etc/portage/make-ansible.conf"
content: |
FEATURES="${FEATURES} getbinpkg binpkg-request-signature binpkg-multi-instance compress-index compressdebug -news split-elog split-log splitdebug unmerge-logs"
RUBY_TARGETS="ruby31"
DISTDIR=/var/cache/portage/distfiles
#PORTDIR_OVERLAY="\${PORTDIR_OVERLAY} /usr/local/infra-overlay"
MAKEOPTS="-j {{ nproc|int }}"
# complete math hack; there are no logarithms here
EMERGE_DEFAULT_OPTS="--jobs {{ (((nproc|int)/4 + 1)|int) }}"
# infra runs hardened everywhere
# shadow & augeas needed for puppet
# dracut for kernel
USE="${USE} hardened shadow augeas dracut modules-compress -fonts -themes -qt -qt4 -qt5 -X gtk -gtk2 -gtk3 -qt6 -kde -gnome"
- name: make.conf include ansible file for bootstrap
ansible.builtin.lineinfile:
path: "{{ chroot }}/etc/portage/make.conf"
state: present
line: 'source /etc/portage/make-ansible.conf'
- name: locale
ansible.builtin.lineinfile:
path: "{{ chroot }}/etc/locale.gen"
state: present
line: "{{ item }}"
loop:
- en_US ISO-8859-1
- en_US.UTF-8 UTF-8
register: locale
- name: locale-gen
when: locale.changed
ansible.builtin.command: "chroot {{ chroot }} locale-gen"
- name: env-update
ansible.builtin.command: >
chroot {{ chroot }} /usr/sbin/env-update
- name: check /var/db/repos/gentoo/metadata/timestamp.commit
ansible.builtin.stat:
path: "{{ chroot }}/var/db/repos/gentoo/metadata/timestamp.commit"
register: stat_timestamp_commit
- name: emerge-webrsync
ansible.builtin.command: >
chroot {{ chroot }} /usr/sbin/emerge-webrsync --verbose --keep
when: not stat_timestamp_commit.stat.exists
- name: emerge some base infra packages before puppet
ansible.builtin.command: >
chroot {{ chroot }} emerge -uq {{ base_packages|join(' ') }}
|
GitWeb