fix: stop modifying distribution package files

Avoids breaking package updates.
ben-grande · Nov 21, 2023 · 551eca2 · 551eca2
1 parent 5e53ed2
commit 551eca2
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 10 deletions.
diff --git a/salt/sys-cacher/README.md b/salt/sys-cacher/README.md
@@ -66,7 +66,7 @@ The report page is available from `sys-cacher` and `sys-cacher-browser` at
 security wise, every client has administrative access to the cacher qube.  You
 should add the following to the end of `sys-cacher` rc.local:
 ```sh
-echo "AdminAuth: username:password" | tee /etc/apt-cacher-ng/zzz_security.conf
+echo "AdminAuth: username:password" | tee /etc/qubes-apt-cacher-ng/zzz_security.conf
 ```
 Where username and password are HTTP Auth strings.
 

diff --git a/salt/sys-cacher/configure.sls b/salt/sys-cacher/configure.sls
@@ -15,8 +15,8 @@ include:
     - text: |
         chown -R apt-cacher-ng:apt-cacher-ng /var/log/apt-cacher-ng
         chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng
-        systemctl unmask apt-cacher-ng
-        systemctl --no-block restart apt-cacher-ng
+        systemctl unmask qubes-apt-cacher-ng
+        systemctl --no-block restart qubes-apt-cacher-ng
         nft 'insert rule ip filter INPUT tcp dport 8082 counter accept'
 
 "{{ slsdotpath }}-install-qubes-firewall-user-script":

diff --git a/salt/sys-cacher/files/server/systemd/qubes-apt-cacher-ng.service b/salt/sys-cacher/files/server/systemd/qubes-apt-cacher-ng.service
@@ -0,0 +1,24 @@
+# SPDX-FileCopyrightText: 2023 Benjamin Grande M. S. <[email protected]>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+[Unit]
+Description=Qubes Apt-Cacher NG software download proxy
+After=network.target
+# This can be used to ensure that the service starts only after delayed mount of
+# the storage location.
+# Note: when the CacheDir folder in configuration file(s) like in
+# /etc/apt-cacher-ng/acng.conf is changed, change the next line too!
+RequiresMountsFor=/var/cache/apt-cacher-ng
+
+[Service]
+# the SocketPath option can be removed if the inetd bridge functionality is not>
+ExecStart=/usr/sbin/apt-cacher-ng -c "/etc/qubes-apt-cacher-ng" ForeGround=1
+User=apt-cacher-ng
+Group=apt-cacher-ng
+# This can be changed to notify if the support was enabled at build time
+Type=notify
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/salt/sys-cacher/install.sls b/salt/sys-cacher/install.sls
@@ -28,35 +28,61 @@ SPDX-License-Identifier: AGPL-3.0-or-later
       - anacron
       - apt-cacher-ng
 
+"{{ slsdotpath }}-mask-apt-cacher-ng":
+  service.masked:
+    - name: apt-cacher-ng
+    - runtime: False
+
 "{{ slsdotpath }}-disable-apt-cacher-ng":
   cmd.run:
     - name: systemctl disable apt-cacher-ng
 
-"{{ slsdotpath }}-mask-apt-cacher-ng":
+"{{ slsdotpath }}-create-qubes-cacher-config-dir":
+  file.directory:
+    - name: /etc/qubes-apt-cacher-ng
+    - mode: '0755'
+
+"{{ slsdotpath }}-copy-package-config-to-qubes-cacher-config":
+  cmd.run:
+    - name: cp -rp /etc/apt-cacher-ng/* /etc/qubes-apt-cacher-ng
+
+"{{ slsdotpath }}-systemd-service":
+  file.managed:
+    - name: /usr/lib/systemd/system/qubes-apt-cacher-ng.service
+    - source: salt://{{ slsdotpath }}/files/server/systemd/qubes-apt-cacher-ng.service
+    - user: root
+    - group: root
+    - mode: '0644'
+
+"{{ slsdotpath }}-mask-qubes-apt-cacher-ng":
   service.masked:
-    - name: apt-cacher-ng
+    - name: qubes-apt-cacher-ng
     - runtime: False
 
+"{{ slsdotpath }}-disable-qubes-apt-cacher-ng":
+  cmd.run:
+    - name: systemctl disable qubes-apt-cacher-ng
+
 "{{ slsdotpath }}-install-backends_debian":
   file.prepend:
-    - name: /etc/apt-cacher-ng/backends_debian
+    - name: /etc/qubes-apt-cacher-ng/backends_debian
     - text: https://deb.debian.org/debian
 
 "{{ slsdotpath }}-update-debian-mirrors":
   cmd.run:
-    - name: cp /usr/lib/apt-cacher-ng/deb_mirrors.gz /etc/apt-cacher-ng/deb_mirrors.gz
+    - name: cp /usr/lib/apt-cacher-ng/deb_mirrors.gz /etc/qubes-apt-cacher-ng/deb_mirrors.gz
     - runas: root
 
 "{{ slsdotpath }}-update-fedora-mirrors":
   file.managed:
-    - name: /etc/apt-cacher-ng/fedora_mirrors
+    - name: /etc/qubes-apt-cacher-ng/fedora_mirrors
     - source: salt://{{ slsdotpath }}/files/server/mirrors/fedora_mirrors
     - user: root
     - group: root
 
 "{{ slsdotpath }}-update-arch-mirrors":
   file.managed:
-    - name: /etc/apt-cacher-ng/archlx_mirrors
+    - name: /etc/qubes-apt-cacher-ng/archlx_mirrors
     - source: salt://{{ slsdotpath }}/files/server/mirrors/archlx_mirrors
     - user: root
     - group: root
@@ -68,7 +94,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 "{{ slsdotpath }}-acng.conf":
   file.managed:
-    - name: /etc/apt-cacher-ng/acng.conf
+    - name: /etc/qubes-apt-cacher-ng/acng.conf
     - source: salt://{{ slsdotpath }}/files/server/conf/acng.conf
     - user: root
     - group: root