nag-buster entfernt; set_apt_sources erweitert
This commit is contained in:
parent
e0efdba08c
commit
b9ea23b472
17 changed files with 104 additions and 31 deletions
|
@ -4,6 +4,7 @@ exclude_paths:
|
|||
- roles/igor_mukhin.bash_aliases/
|
||||
- roles/nickjj.ansible-user/
|
||||
- roles/azavea.ansible-pip/
|
||||
- roles/riemers.gitlab-runner/
|
||||
|
||||
parseable: true
|
||||
quiet: true
|
||||
|
|
3
.gitmodules
vendored
3
.gitmodules
vendored
|
@ -10,9 +10,6 @@
|
|||
[submodule "roles/geerlingguy.pip"]
|
||||
path = roles/geerlingguy.pip
|
||||
url = https://github.com/geerlingguy/ansible-role-pip
|
||||
[submodule "roles/ironicbadger.proxmox-nag-removal"]
|
||||
path = roles/ironicbadger.proxmox-nag-removal
|
||||
url = https://github.com/IronicBadger/ansible-role-proxmox-nag-removal
|
||||
[submodule "roles/nickjj.ansible-user"]
|
||||
path = roles/nickjj.ansible-user
|
||||
url = https://github.com/nickjj/ansible-user
|
||||
|
|
|
@ -9,8 +9,7 @@
|
|||
postfix_smtp_server_port: 587
|
||||
postfix_smtp_use_tls: "yes"
|
||||
### mgrote.set_apt_proxy
|
||||
apt_proxy_server_hostname: acng.grote.lan
|
||||
apt_proxy_server_port: 9999
|
||||
manage_sources_apt_proxy_url: "acng.grote.lan:9999"
|
||||
### mgrote.restic
|
||||
restic_folders_to_backup: "/usr/local /etc /root /var/www /home"
|
||||
restic_cron_hours: "19"
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
---
|
||||
|
||||
### geerlingguy.dotfiles
|
||||
dotfiles_repo: "https://github.com/quotengrote/dotfiles.git"
|
||||
dotfiles_repo_local_destination: "/home/mg/dotfiles-repo"
|
|
@ -32,7 +32,7 @@ all:
|
|||
hosts:
|
||||
vm-test.grote.lan:
|
||||
lxc-test2.grote.lan:
|
||||
virt:
|
||||
proxmox:
|
||||
hosts:
|
||||
pve-test.grote.lan:
|
||||
pve2.grote.lan:
|
||||
|
|
|
@ -30,4 +30,4 @@
|
|||
update_password: always
|
||||
password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
|
||||
|
||||
# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Somit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.
|
||||
# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
- { role: mgrote.motd, tags: "motd" }
|
||||
- { role: mgrote.tmux,
|
||||
tags: "tmux",
|
||||
when: "not 'virt' in group_names" }
|
||||
when: "not 'proxmox' in group_names" }
|
||||
- { role: geerlingguy.dotfiles,
|
||||
# become_user: "{{ dotfiles_user }}" ,
|
||||
become: true,
|
||||
|
|
|
@ -7,4 +7,4 @@
|
|||
- { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt
|
||||
tags: "ufw",
|
||||
become: true,
|
||||
when: "not 'virt' in group_names" }
|
||||
when: "not 'proxmox' in group_names" }
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
---
|
||||
- hosts: virt
|
||||
- hosts: proxmox
|
||||
roles:
|
||||
- { role: ironicbadger.proxmox-nag-removal, tags: "nag", become: yes }
|
||||
- { role: mgrote.set_apt_proxy, tags: "apt_sources" }
|
||||
- { role: mgrote.apcupsd, tags: "apcupsd" }
|
||||
- { role: mgrote.smart, tags: "smart" }
|
||||
- { role: mgrote.zfs_tools, tags: "zfs_tools" }
|
|
@ -1 +0,0 @@
|
|||
Subproject commit 7581de87e3e118a87df7589a0abb832ca46a9fd1
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
manage_sources_apt_proxy_url: "" # leer = kein proxy, sonst "acng.grote.lan:9999"
|
||||
manage_sources_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo
|
||||
manage_sources_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
|
||||
manage_sources_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
|
||||
manage_sources_apt_repo_no_subscription: deb http://{{ manage_sources_apt_proxy_url }}/download.proxmox.com/debian/pve buster pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
|
||||
manage_sources_proxmox_base_repos: # welche debian standard repos sollen gesetzt werden, werden vorher gelöscht damit ein proxy dann gesetzt werden kann
|
||||
- repo_url: deb http://ftp.de.debian.org/debian buster main contrib
|
||||
- repo_url: deb http://ftp.de.debian.org/debian buster-updates main contrib
|
||||
- repo_url: deb http://security.debian.org buster/updates main contrib
|
||||
manage_sources_debian_repo_path: /etc/apt/sources.list.d/debian.list # , wol sollen die standard-repos gespeichert werden; nicht auf /etc/apt/sources setzen, diese datei wird gelöscht
|
|
@ -1,13 +1,13 @@
|
|||
- name: sources.list kopieren
|
||||
become: yes
|
||||
ansible.builtin.template:
|
||||
src: "sources.list"
|
||||
dest: "/etc/apt/sources.list"
|
||||
backup: yes
|
||||
register: copy_src
|
||||
---
|
||||
- name: include ubuntu tasks (determined by "ansible_distribution")
|
||||
include_tasks: ubuntu.yml
|
||||
when: ansible_distribution == 'Ubuntu'
|
||||
|
||||
- name: apt_update # noqa 503 503
|
||||
- name: include proxmox tasks (determined by group)
|
||||
include_tasks: proxmox.yml
|
||||
when: "'proxmox' in group_names"
|
||||
|
||||
- name: update package lists # noqa 503 503
|
||||
become: yes
|
||||
ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
|
|
59
roles/mgrote.set_apt_proxy/tasks/proxmox.yml
Normal file
59
roles/mgrote.set_apt_proxy/tasks/proxmox.yml
Normal file
|
@ -0,0 +1,59 @@
|
|||
---
|
||||
- name: check if old debian-repositories exists
|
||||
stat:
|
||||
path: /etc/apt/sources.list
|
||||
register: old_debian_repositories
|
||||
|
||||
- name: backup old debian-repositories
|
||||
become: yes
|
||||
ansible.builtin.copy:
|
||||
src: /etc/apt/sources.list
|
||||
dest: /etc/apt/sources.list.disabled
|
||||
remote_src: yes
|
||||
when: old_debian_repositories.stat.exists == true
|
||||
|
||||
- name: remove old debian-repositories
|
||||
become: yes
|
||||
ansible.builtin.file:
|
||||
path: /etc/apt/sources.list
|
||||
state: absent
|
||||
when: old_debian_repositories.stat.exists == true
|
||||
|
||||
- name: add new debian-repositories
|
||||
become: yes
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "{{ item.repo_url }}"
|
||||
state: present
|
||||
filename: "{{ manage_sources_debian_repo_path }}"
|
||||
update_cache: no
|
||||
register: copy_src
|
||||
loop: "{{ manage_sources_proxmox_base_repos }}"
|
||||
|
||||
- name: remove enterprise-Repository
|
||||
become: yes
|
||||
ansible.builtin.file:
|
||||
path: "{{ manage_sources_enterprise_repo_path }}"
|
||||
state: absent
|
||||
|
||||
- name: check if pve-no-subscription repo keys exists
|
||||
stat:
|
||||
path: "{{ manage_sources_apt_repo_key_path }}"
|
||||
register: pve_no_subscription_repo_keys
|
||||
|
||||
- name: add pve-no-subscription repo keys
|
||||
become: yes
|
||||
ansible.builtin.apt_key:
|
||||
url: "{{ manage_sources_apt_repo_key_url }}"
|
||||
state: present
|
||||
file: "{{ manage_sources_apt_repo_key_path }}"
|
||||
register: copy_src
|
||||
when: pve_no_subscription_repo_keys.stat.exists == true
|
||||
|
||||
- name: add pve-no-subscription repo
|
||||
become: yes
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "{{ manage_sources_apt_repo_no_subscription }}"
|
||||
state: present
|
||||
filename: pve-no-subscription
|
||||
update_cache: no
|
||||
register: copy_src
|
8
roles/mgrote.set_apt_proxy/tasks/ubuntu.yml
Normal file
8
roles/mgrote.set_apt_proxy/tasks/ubuntu.yml
Normal file
|
@ -0,0 +1,8 @@
|
|||
---
|
||||
- name: Ubuntu - copy sources.list
|
||||
become: yes
|
||||
ansible.builtin.template:
|
||||
src: "ubuntu_sources.list"
|
||||
dest: "/etc/apt/sources.list"
|
||||
backup: yes
|
||||
register: copy_src
|
|
@ -1,10 +0,0 @@
|
|||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe
|
||||
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse
|
10
roles/mgrote.set_apt_proxy/templates/ubuntu_sources.list
Normal file
10
roles/mgrote.set_apt_proxy/templates/ubuntu_sources.list
Normal file
|
@ -0,0 +1,10 @@
|
|||
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe
|
||||
deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse
|
Loading…
Reference in a new issue