Wakoma · katomaso · Nov 29, 2022
diff --git a/roles/fdroid/README.md b/roles/fdroid/README.md
@@ -0,0 +1,28 @@
+# Fdroid repository
+
+**THIS ROLE IS WORK IN PROGRESS**
+
+Fdroid repository is s statically generated content served by an ordinary HTTP server.
+
+Wakoma provides a few options of applications that can initialize your repository. We
+tryid to create curated repositories of necessary, usefull and broad applications.
+
+You can select one of those repositories for you/your client by using host variable `packages_fdroid`
+with possible values
+- base
+- extended
+- all
+
+The infrastructure consist of the generator (docker-executable-fdroidserver) and from a 
+metadata managment django app called repomaker. The repomaker image is able to handle
+keys and sign APKs or repository because it contains fdroid binary (making docker-executable-fdroidserver)
+useless.
+
+Fdroid binary has an ability to synchronize with an existing fdroid repo via command `fdroid mirror <url>`
+that will download the static content and serve it as its own. This can be done with the official repository
+at `https://fdroid.org`. All fdroid repository expect to have the repo accessible at `/fdroid/repo` path.
+Therefor you can have only one repo per domain.
+
+Only two envvars are necessary (because they are pulled from the env by the app)
+- REPOMAKER_HOSTNAME
+- REPOMAKER_SECRET_KEY
diff --git a/roles/fdroid/defaults/main.yml b/roles/fdroid/defaults/main.yml
@@ -0,0 +1,10 @@
+subdomain_fdroid: droid
+
+repo_name_fdroid: Lokal Fdroid
+
+password_fdroid: fdroid73810
+
+packages: base
+sync_repo_fdroid: true
+
+secret_fdroid: "913d6#u8@-*#_w=21spwzurd#fd77bey-6mfs5fc$a=yhnh!n4p9"
diff --git a/roles/fdroid/tasks/main.yml b/roles/fdroid/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+- name: Install fdroid
+  include_role:
+    name: common
+    tasks_from: install
+  vars:
+    app: fdroid
+    mysql_db: mysql_db_repomaker
+    mysql_user: mysql_user_repomaker
+    mysql_password: mysql_password_repomaker
+    data_dirs:
+    - repo
+    - maker
+    - conf
+    start: false
+
+# - name: "Initialize with public f-droid repository"
+#   ansible.builtin.shell:
+#     cmd: rsync --remove-after fdroid@wakoma.co:{packages} .
+#     chdir: "{{app_root}}/repo"
+#   when: sync_repo_fdroid
+
+- name: Render config.yml
+  ansible.builtin.template:
+    src: "config.yml.j2"
+    dest: "{{app_root}}/conf/config.yml"
+    force: true
+
+# - name: Render repomaker_conf
+#   ansible.builtin.template:
+#     src: "repomaker_conf.py.j2"
+#     dest: "{{app_root}}/repomaker_conf.py"
+
+- name: "Create repo signing key if it doesn't exist"
+  ansible.builtin.shell:
+    cmd: >
+      docker-compose run --entrypoint keytool fdroid -genkey -v
+      -keystore /conf/signing_key.keystore -alias fdroid -keyalg RSA -keysize 2048 -validity 10000 
+      -storepass {{password_fdroid}} -keypass {{password_fdroid}} -storetype PKCS12
+      -dname "CN={{domain}}, OU={{project_name}}"
+    creates: "{{app_root}}/conf/signing_key.keystore"
+    chdir: "{{app_root}}"
+
+# - name: "Initialize with public f-droid repository"
+#   ansible.builtin.shell:
+#     cmd: git clone --depth 1 https://gitlab.com/fdroid/fdroiddata.git/ repo
+#     creates: "{{app_root}}/data/repo"
+#     chdir: "{{app_root}}"
+#   when: sync_repo_fdroid
+
+- name: Docker-compose up
+  ansible.builtin.shell: 
+    cmd: "docker-compose up -d"
+    chdir: "{{app_root}}"
diff --git a/roles/fdroid/templates/compose.yml.j2 b/roles/fdroid/templates/compose.yml.j2
@@ -0,0 +1,76 @@
+version: "3.8"
+
+services:
+  # fdroid:
+  #   image: registry.gitlab.com/fdroid/docker-executable-fdroidserver:master
+  #   user: "{{uid}}:{{gid}}"
+  #   restart: "no"
+  #   volumes:
+  #   - "{{app_root}}/conf:/conf"
+  #   - "{{app_root}}/repo:/repo"
+
+  fdroid_repo:
+    image: halverneus/static-file-server
+    user: "{{uid}}:{{gid}}"  # run the container service as app user (not root)
+    volumes:
+    - "{{app_root}}/repo:/web"
+    restart: unless-stopped
+    networks:
+    - traefik
+    labels:
+      traefik.enable: "true"
+      traefik.http.routers.fdroid.entrypoints: websecure
+      traefik.http.routers.fdroid.rule: Host(`{{subdomain_fdroid}}.{{domain}}`)
+      traefik.http.routers.fdroid.tls: "true"
+      traefik.http.services.fdroid.loadbalancer.server.port: 8080
+{% if server_is_live %}
+      traefik.http.routers.fdroid.tls.certresolver: {{cert_resolver}}
+{% endif %}
+
+#   fdroid_repomaker:
+#     image: registry.gitlab.com/katomaso1/repomaker:latest
+#     hostname: "{{subdomain_fdroid}}.{{domain}}"
+#     domainname: "{{subdomain_fdroid}}.{{domain}}"
+#     command: bash -c 'python3 manage.py migrate && ./httpd-foreground'
+#     environment:
+#       REPOMAKER_HOSTNAME: "{{subdomain_fdroid}}.{{domain}}"
+#       REPOMAKER_SECRET_KEY: "{{secret_fdroid}}"
+#       REPOMAKER_MYSQL_HOST: "{{mysql_host}}"
+#       REPOMAKER_MYSQL_DB: "{{mysql_db_repomaker}}"
+#       REPOMAKER_MYSQL_USER: "{{mysql_user_repomaker}}"
+#       REPOMAKER_MYSQL_PASSWORD: "{{mysql_password_repomaker}}"
+#     volumes:
+#       - {{app_root}}/maker:/repomaker/data
+#     networks:
+#       - traefik
+#     restart: unless-stopped
+#     labels:
+#       traefik.enable: "true"
+#       traefik.http.routers.fdroidmaker.entrypoints: websecure
+#       traefik.http.routers.fdroidmaker.rule: Host(`{{subdomain_fdroid}}.{{domain}}`)
+#       traefik.http.routers.fdroidmaker.tls: "true"
+#       traefik.http.services.fdroidmaker.loadbalancer.server.port: 80
+# {% if server_is_live %}
+#       traefik.http.routers.fdroidmaker.tls.certresolver: {{cert_resolver}}
+# {% endif %}
+
+#   fdroid_repomaker_tasks:
+#     image: registry.gitlab.com/katomaso1/repomaker:latest
+#     command: python3 manage.py process_tasks
+#     environment:
+#       REPOMAKER_HOSTNAME: "{{subdomain_fdroid}}.{{domain}}"
+#       REPOMAKER_SECRET_KEY: "{{secret_fdroid}}"
+#       REPOMAKER_MYSQL_HOST: "{{mysql_host}}"
+#       REPOMAKER_MYSQL_DB: "{{mysql_db_repomaker}}"
+#       REPOMAKER_MYSQL_USER: "{{mysql_user_repomaker}}"
+#       REPOMAKER_MYSQL_PASSWORD: "{{mysql_password_repomaker}}"
+#     volumes:
+#       - {{app_root}}/maker:/repomaker/data
+#     networks:
+#       - traefik
+#     depends_on:
+#       - fdroid_repomaker
+
+networks:
+  traefik:
+    external: true
diff --git a/roles/fdroid/templates/config.yml.j2 b/roles/fdroid/templates/config.yml.j2
@@ -0,0 +1,11 @@
+# fdroid config auto-generated by the Lokal installer
+repo_url: "https://{{subdomain_fdroid}}.{{domain}}/fdroid/repo"
+repo_name: {{repo_name_fdroid}}
+repo_description: Android packages repository provided by Lokal
+keystore: /conf/signing_key.keystore
+keystorepass: {{password_fdroid}}
+keypass: {{password_fdroid}}
+keydname: CN={{domain}}, OU={{project_name}}
+serverwebroot: /repo/fdroid
+repo_keyalias: fdroid
+sdk_path: $ANDROID_HOME