files/add_latest_thinlinc_client_to_repos

+#!/bin/bash
+
+WORKDIR="$(mktemp -d)"
+cleanup() {
+    rm -rf "$WORKDIR"
+}
+trap cleanup 0
+
+ensure_client_downloaded() {
+    local url="$1" filename="$2"
+    [ -f "$filename" ] && return
+    curl --silent --show-error -o "${WORKDIR}/${filename}" "$url"
+}
+
+if ! latest_client_url="https://www.cendio.com$(curl --silent --show-error https://www.cendio.com/thinlinc/download | grep -Eo '/downloads/clients/thinlinc-client-[^"]+.x86_64.rpm')"; then
+    exit 1
+fi
+
+filename="${latest_client_url##*/}"
+
+for d in /srv/repos/fedora/*; do
+    repo_package_path="${d}/x86_64/${filename}" 
+    if ! [ -f "$repo_package_path" ]; then
+        ensure_client_downloaded "$latest_client_url" "$filename"
+        cp "${WORKDIR}/${filename}" "$repo_package_path"
+    fi
+done
+
+/usr/local/bin/lysator_update_yum_repos_cron

files/lysator_update_yum_repos_cron

+#!/bin/bash
+
+# Updates repo metadata for yum repositories if required
+
+CREATEREPO="createrepo"
+if ! type -p "$CREATEREPO" > /dev/null 2>&1; then
+    CREATEREPO="createrepo_c"
+fi
+
+STATE_DIR=/var/lib/lysator_update_yum_repos_cron/
+mkdir -p "$STATE_DIR"
+
+calculate_checksums() {
+    local d="$1"
+
+    find "$d" \( -name repodata -prune \) -o -type f -exec sha256sum {} \; | sort
+}
+
+for d in /srv/repos/el/*/* /srv/repos/fedora/*/*; do
+    state_file="${STATE_DIR}/${d//\//_}"
+    if ! [ -f "$state_file" ]; then
+        chronic "$CREATEREPO" "$d"
+        calculate_checksums "$d" > "$state_file"
+        continue
+    fi
+    prev_checksums=$(< "$state_file")
+    cur_checksums=$(calculate_checksums "$d")
+    if [ "$prev_checksums" != "$cur_checksums" ]; then
+        chronic "$CREATEREPO" "$d"
+        calculate_checksums "$d" > "$state_file"
+    fi
+done

files/reprepro/debian-distributions

+Origin: Lysator
+Label: Lysator
+Codename: wheezy
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.wheezy
+DscOverride: override.wheezy
+SignWith: 1C6B7120
+Log: wheezy-changes.log
+ notify-changes.sh
+
+
+Origin: Lysator
+Label: Lysator
+Codename: jessie
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.jessie
+DscOverride: override.jessie
+SignWith: 1C6B7120
+Log: jessie-changes.log
+ notify-changes.sh
+
+
+Origin: Lysator
+Label: Lysator
+Codename: stretch
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.stretch
+DscOverride: override.stretch
+SignWith: 1C6B7120
+Log: stretch-changes.log
+ notify-changes.sh
+
+
+Origin: Lysator
+Label: Lysator
+Codename: buster
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.buster
+DscOverride: override.buster
+SignWith: 1C6B7120
+Log: buster-changes.log
+ notify-changes.sh
+
+
+Origin: Lysator
+Label: Lysator
+Codename: bullseye
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.bullseye
+DscOverride: override.bullseye
+SignWith: 1C6B7120
+Log: bullseye-changes.log
+ notify-changes.sh

files/reprepro/debian-options

+verbose
+basedir /srv/repos/debian
+ask-passphrase
+

files/reprepro/notify-changes.sh

+#!/bin/sh
+
+ACTION="$1"
+DISTRIBUTION="$2"
+PKGTYPE="$3"
+COMPONENT="$4"
+ARCH="$5"
+PKGNAME="$6"
+
+if [ "$ACTION" = "add" ]
+then
+	ACTION_PAST="added"
+	NEWVERSION="$7"
+	VERSIONDESC="${NEWVERSION}"
+	shift 8
+elif [ "$ACTION" = "remove" ]
+then
+	ACTION_PAST="removed"
+	OLDVERSION="$7"
+	VERSIONDESC="${OLDVERSION}"
+	shift 8
+elif [ "$ACTION" = "replace" ]
+then
+	ACTION_PAST="replaced"
+	NEWVERSION="$7"
+	OLDVERSION="$8"
+	VERSIONDESC="${OLDVERSION} -> ${NEWVERSION}"
+	shift 9
+fi
+
+
+sendmail -t >> /tmp/notify-changes-test.log <<EOF
+From: <root@repomaster.lysator.liu.se>
+To: <14606@kom.lysator.liu.se>
+Subject: Repository updated: ${PKGNAME} ${ACTION_PAST}
+
+Repository:      ${REPREPRO_BASE_DIR}
+
+Action:          ${ACTION}
+Distribution:    ${DISTRIBUTION}
+Component:       ${COMPONENT}
+Architechture:   ${ARCH}
+Package:         ${PKGNAME}
+Version:         ${VERSIONDESC}
+
+Affected files:
+$(printf "%s\n" ${@})
+
+EOF

files/reprepro/ubuntu-distributions

+Origin: Lysator
+Label: Lysator
+Codename: precise
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.precise
+DscOverride: override.precise
+SignWith: 1C6B7120
+Log: precise-changes.log
+ notify-changes.sh
+
+Origin: Lysator
+Label: Lysator
+Codename: trusty
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.trusty
+DscOverride: override.trusty
+SignWith: 1C6B7120
+Log: trusty-changes.log
+ notify-changes.sh
+
+Origin: Lysator
+Label: Lysator
+Codename: xenial
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.trusty
+DscOverride: override.trusty
+SignWith: 1C6B7120
+Log: trusty-changes.log
+ notify-changes.sh
+
+Origin: Lysator
+Label: Lysator
+Codename: bionic
+Architectures: amd64 i386
+Components: main
+Description: Apt repository for Lysator
+DebOverride: override.bionic
+DscOverride: override.bionic
+SignWith: 1C6B7120
+Log: bionic-changes.log
+ notify-changes.sh

files/reprepro/ubuntu-options

+verbose
+basedir /srv/repos/ubuntu
+ask-passphrase

manifests/deb_repository.pp

+class repomaster::deb_repository
+{
+  ensure_packages(['reprepro', 'nginx', 'gnupg'])
+
+  file { '/etc/motd':
+    ensure  => file,
+    content => @(EOF)
+    Repositories in /srv/repos
+    Mer information https://datorhandbok.lysator.liu.se/index.php/Rootmanual:Repository
+    | EOF
+  }
+
+  file {
+    [ '/srv/repos/ubuntu/conf/notify-changes.sh', '/srv/repos/debian/conf/notify-changes.sh' ]:
+      ensure => present,
+      source => "puppet:///modules/repomaster/reprepro/notify-changes.sh",
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0755',
+  }
+
+  ### Ubuntu
+  file {
+    [
+      '/srv/repos', '/srv/repos/ubuntu', '/srv/repos/ubuntu/conf',
+      '/srv/repos/ubuntu/db', '/srv/repos/ubuntu/incoming',
+    ]:
+      ensure => 'directory',
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+      before => [ File['ubuntu-options-repo'], File['ubuntu-distributions-repo']],
+  }
+
+  file {
+    'ubuntu-distributions-repo':
+      ensure => 'file',
+      source => "puppet:///modules/repomaster/reprepro/ubuntu-distributions",
+      path   => '/srv/repos/ubuntu/conf/distributions',
+
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+  }
+
+  file {
+    'ubuntu-options-repo':
+      ensure => 'file',
+      source => "puppet:///modules/repomaster/reprepro/ubuntu-options",
+      path   => '/srv/repos/ubuntu/conf/options',
+
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+  }
+
+  file {
+    '/srv/repos/ubuntu/conf/override.precise':
+      ensure => 'present',
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+  }
+
+  file {
+    '/srv/repos/ubuntu/conf/override.trusty':
+      ensure => 'present',
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+  }
+
+  file {
+    '/srv/repos/ubuntu/conf/override.bionic':
+      ensure => 'present',
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+  }
+
+  ### Debian
+  file {
+    [
+      '/srv/repos/debian', '/srv/repos/debian/conf', '/srv/repos/debian/db',
+      '/srv/repos/debian/incoming',
+    ]:
+      ensure => 'directory',
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+      before => [ File['debian-options-repo'], File['debian-distributions-repo']],
+  }
+
+  file {
+    'debian-distributions-repo':
+      ensure => 'file',
+      source => "puppet:///modules/repomaster/reprepro/debian-distributions",
+      path   => '/srv/repos/debian/conf/distributions',
+
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+  }
+
+  file {
+    'debian-options-repo':
+      ensure => 'file',
+      source => "puppet:///modules/repomaster/reprepro/debian-options",
+      path   => '/srv/repos/debian/conf/options',
+
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+  }
+
+  file {
+    '/srv/repos/debian/conf/override.wheezy':
+      ensure => 'present',
+      group  => 'root',
+      owner  => 'root',
+      mode   => '0775',
+  }
+
+  ### nginx
+  file { '/etc/nginx/sites-enabled/default':
+    ensure  => absent,
+    notify  => Service['nginx'],
+  }
+
+  file {
+    'repo-nginx-conf':
+      ensure  => 'file',
+      content => template("repomaster/nginx/repo"),
+      path    => '/etc/nginx/sites-enabled/repo',
+
+      group   => 'root',
+      owner   => 'root',
+      mode    => '0644',
+
+      notify  => Service['nginx'],
+  }
+
+  service { 'nginx':
+    ensure => running,
+    enable => true,
+  }
+
+  file_line { 'gpg-digest-algo-preference':
+    path => '/root/.gnupg/gpg.conf',
+    line => 'personal-digest-preferences SHA512',
+  }
+}

manifests/init.pp

+class repomaster {
+  include ::repomaster::yum_repository
+  include ::repomaster::deb_repository
+}

manifests/yum_repository.pp

+# Sets up machine to be deb AND RPM repo master.
+class repomaster::yum_repository
+{
+  $arches = [
+    'x86_64',
+  ]
+
+  ensure_packages(['createrepo-c'])
+
+  # RHEL, CentOS, Rocky, etc.
+  repomaster::yum_repository::init_repos { 'enterprise linux':
+    os_slug  => 'el',
+    versions => [
+      '7',
+      '8',
+      '9',
+    ],
+    arches   => $arches,
+  }
+
+  # Fedora
+  repomaster::yum_repository::init_repos { 'fedora':
+    os_slug  => 'fedora',
+    versions => [
+      '35',
+      '36',
+      '37',
+      '38',
+      '39',
+    ],
+    arches   => $arches,
+  }
+
+  # contains chronic, required by lysator_update_yum_repos_cron
+  ensure_packages(['moreutils'])
+
+  file { '/usr/local/bin/lysator_update_yum_repos_cron':
+    ensure => file,
+    source => "puppet:///modules/repomaster/lysator_update_yum_repos_cron",
+    owner  => root,
+    group  => root,
+    mode   => '0555',
+  }
+
+  cron { 'lysator_update_yum_repos_cron':
+    command => '/usr/local/bin/lysator_update_yum_repos_cron',
+    user    => root,
+    minute  => 24,
+  }
+
+  file { '/usr/local/bin/add_latest_thinlinc_client_to_repos':
+    ensure => file,
+    source => "puppet:///modules/repomaster/add_latest_thinlinc_client_to_repos",
+    owner  => root,
+    group  => root,
+    mode   => '0555',
+  }
+
+  cron { 'add_latest_thinlinc_client_to_repos':
+    command => '/usr/local/bin/add_latest_thinlinc_client_to_repos',
+    user    => root,
+    weekday => 6,
+    hour    => 6,
+    minute  => 15,
+  }
+}

manifests/yum_repository/init_repos.pp

+define repomaster::yum_repository::init_repos (
+  String $os_slug,
+  Array[String] $versions,
+  Array[String] $arches,
+) {
+  file { "/srv/repos/${os_slug}/":
+    ensure => directory,
+    owner  => root,
+    group  => root,
+    mode   => '0775',
+  }
+
+  $versions.each |$version| {
+    file { "/srv/repos/${os_slug}/${version}":
+      ensure  => directory,
+      owner   => root,
+      group   => root,
+      mode    => '0775',
+      require => File["/srv/repos/${os_slug}/"],
+    }
+    $arches.each |$arch| {
+      $repo_path = "/srv/repos/${os_slug}/${version}/${arch}"
+      file { $repo_path:
+        ensure  => directory,
+        owner   => root,
+        group   => root,
+        mode    => '0775',
+        require => File["/srv/repos/${os_slug}/${version}"],
+      }
+      ~> exec { "/usr/bin/createrepo_c ${repo_path}":
+        refreshonly => true,
+      }
+    }
+  }
+}

templates/nginx/repo

+server {
+        listen [::]:80 default_server ipv6only=off;
+        server_name <%= @hostname %>;
+
+        access_log /var/log/nginx/repo-access.log;
+        error_log /var/log/nginx/repo-error.log;
+
+
+        location / {
+                allow 130.236.0.0/16;
+                allow 2001:6b0:17::/48;
+                deny all;
+                autoindex on;
+
+                root /srv/repos;
+                index index.html;
+        }
+
+        location ~ /[^/]+/conf {
+                deny all;
+        }
+
+        location ~ /[^/]+/db {
+                deny all;
+        }
+
+        location ~ /[^/]+/incoming {
+                deny all;
+        }
+}