Do not build snapraid on NAS host

serpro69 · serpro69 · commit e8bf33e4d360 · 2026-02-11T11:33:54.000+01:00
Avoid installing build dependencies - reduce atack vector.
Instead, depend on the snapraid installation file, .deb or .rpm
being available in the 'files' dir

The installation file can be built with serpro69/docker-apps-build
diff --git a/metal/roles/storage/files/.gitkeep b/metal/roles/storage/files/.gitkeep
diff --git a/metal/roles/storage/tasks/setup_debian.yml b/metal/roles/storage/tasks/setup_debian.yml
@@ -15,14 +15,23 @@
       # nfs
       - nfs-kernel-server
       - nfs-common
-      # snapraid build dependencies
-      - build-essential
-      - git
-      - wget
     state: present
     update_cache: true
 
 - name: Install mergerfs
   apt:
     deb: "{{ mergerfs_url_deb }}"
     state: present
+
+- name: Copy snapraid .deb
+  copy:
+    src: files/snapraid_{{ snapraid_ver }}_{{ ansible_distribution_release }}.deb
+    dest: /tmp/
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: Install snapraid
+  apt:
+    deb: /tmp/snapraid_{{ snapraid_ver }}_{{ ansible_distribution_release }}.deb
+    state: present
diff --git a/metal/roles/storage/tasks/setup_redhat.yml b/metal/roles/storage/tasks/setup_redhat.yml
@@ -1,10 +1,18 @@
 ---
-- name: Download rpm
+- name: Download mergerfs rpm
   get_url:
     url: "{{ mergerfs_url_rpm }}"
     dest: "/tmp/mergerfs-{{ mergerfs_ver }}.rpm"
     mode: "0755"
 
+- name: Copy snapraid .rpm
+  copy:
+    src: files/snapraid_{{ snapraid_ver }}_{{ ansible_distribution_release }}.rpm
+    dest: /tmp/
+    owner: root
+    group: root
+    mode: "0755"
+
 - name: Set fastestmirror=True for dnf
   lineinfile:
     path: /etc/dnf/dnf.conf
@@ -27,14 +35,14 @@
       - lm_sensors
       # nfs
       - nfs-utils
-      # snapraid build dependencies
-      - gcc
-      - make
-      - git
-      - wget
     state: present
 
 - name: Install mergerfs
   dnf:
-    name: "/tmp/mergerfs-{{ mergerfs_ver }}.rpm"
+    name: /tmp/mergerfs-{{ mergerfs_ver }}.rpm
+    state: present
+
+- name: Install snapraid
+  dnf:
+    name: "tmp/snapraid_{{ snapraid_ver }}_{{ ansible_distribution_release }}.rpm"
     state: present
diff --git a/metal/roles/storage/tasks/snapraid.yml b/metal/roles/storage/tasks/snapraid.yml
@@ -9,43 +9,6 @@
     fail_msg: "Cannot configure snapraid: parity_drives or data_drives is empty or undefined"
     success_msg: "Parity drives validation passed: {{ parity_drives | length }} parity drive(s), {{ data_drives | length }} data drive(s)"
 
-- name: Create snapraid build directory
-  tempfile:
-    state: directory
-  register: snapraid_build_dir
-
-- name: Download snapraid source
-  get_url:
-    url: "{{ snapraid_url }}"
-    dest: "{{ snapraid_build_dir.path }}/snapraid-{{ snapraid_version }}.tar.gz"
-    mode: "0644"
-
-- name: Extract snapraid source
-  unarchive:
-    src: "{{ snapraid_build_dir.path }}/snapraid-{{ snapraid_version }}.tar.gz"
-    dest: "{{ snapraid_build_dir.path }}"
-    remote_src: true
-    creates: "{{ snapraid_build_dir.path }}/snapraid-{{ snapraid_version }}"
-
-- name: Configure snapraid build
-  command: ./configure
-  args:
-    chdir: "{{ snapraid_build_dir.path }}/snapraid-{{ snapraid_version }}"
-    creates: "{{ snapraid_build_dir.path }}/snapraid-{{ snapraid_version }}/Makefile"
-
-- name: Build snapraid
-  command: make -j{{ ansible_processor_vcpus }}
-  args:
-    chdir: "{{ snapraid_build_dir.path }}/snapraid-{{ snapraid_version }}"
-    creates: "{{ snapraid_build_dir.path }}/snapraid-{{ snapraid_version }}/snapraid"
-
-- name: Install snapraid
-  command: make install
-  args:
-    chdir: "{{ snapraid_build_dir.path }}/snapraid-{{ snapraid_version }}"
-    creates: /usr/local/bin/snapraid
-  become: true
-
 - name: Create snapraid configuration
   template:
     src: snapraid.conf.j2
@@ -258,8 +221,3 @@
     enabled: "{{ snapraid_maintenance.content_backup_enabled }}"
     daemon_reload: true
   when: snapraid_maintenance.content_backup_enabled
-
-- name: Cleanup build directory
-  file:
-    path: "{{ snapraid_build_dir.path }}"
-    state: absent
diff --git a/metal/roles/storage/vars/main.yml b/metal/roles/storage/vars/main.yml
@@ -6,8 +6,7 @@ mergerfs_pkg_rpm: mergerfs-{{ mergerfs_ver }}.fc{{ ansible_distribution_release
 mergerfs_url_deb: "{{ mergerfs_url_release }}/{{ mergerfs_pkg_deb}}"
 mergerfs_url_rpm: "{{ mergerfs_url_release }}/{{ mergerfs_pkg_rpm }}"
 
-snapraid_version: "12.3"
-snapraid_url: "https://github.com/amadvance/snapraid/releases/download/v{{ snapraid_version }}/snapraid-{{ snapraid_version }}.tar.gz"
+snapraid_version: "13.0"
 snapraid_runner_url: "https://raw.githubusercontent.com/Chronial/snapraid-runner/master/snapraid-runner.py"
 
 # Storage directories
