nag-buster entfernt; set_apt_sources erweitert

This commit is contained in:
Michael Grote 2021-02-05 10:51:39 +01:00
parent e0efdba08c
commit b9ea23b472
17 changed files with 104 additions and 31 deletions

View file

@ -4,6 +4,7 @@ exclude_paths:
- roles/igor_mukhin.bash_aliases/ - roles/igor_mukhin.bash_aliases/
- roles/nickjj.ansible-user/ - roles/nickjj.ansible-user/
- roles/azavea.ansible-pip/ - roles/azavea.ansible-pip/
- roles/riemers.gitlab-runner/
parseable: true parseable: true
quiet: true quiet: true

3
.gitmodules vendored
View file

@ -10,9 +10,6 @@
[submodule "roles/geerlingguy.pip"] [submodule "roles/geerlingguy.pip"]
path = roles/geerlingguy.pip path = roles/geerlingguy.pip
url = https://github.com/geerlingguy/ansible-role-pip url = https://github.com/geerlingguy/ansible-role-pip
[submodule "roles/ironicbadger.proxmox-nag-removal"]
path = roles/ironicbadger.proxmox-nag-removal
url = https://github.com/IronicBadger/ansible-role-proxmox-nag-removal
[submodule "roles/nickjj.ansible-user"] [submodule "roles/nickjj.ansible-user"]
path = roles/nickjj.ansible-user path = roles/nickjj.ansible-user
url = https://github.com/nickjj/ansible-user url = https://github.com/nickjj/ansible-user

View file

@ -9,8 +9,7 @@
postfix_smtp_server_port: 587 postfix_smtp_server_port: 587
postfix_smtp_use_tls: "yes" postfix_smtp_use_tls: "yes"
### mgrote.set_apt_proxy ### mgrote.set_apt_proxy
apt_proxy_server_hostname: acng.grote.lan manage_sources_apt_proxy_url: "acng.grote.lan:9999"
apt_proxy_server_port: 9999
### mgrote.restic ### mgrote.restic
restic_folders_to_backup: "/usr/local /etc /root /var/www /home" restic_folders_to_backup: "/usr/local /etc /root /var/www /home"
restic_cron_hours: "19" restic_cron_hours: "19"

View file

@ -1,5 +1,4 @@
--- ---
### geerlingguy.dotfiles ### geerlingguy.dotfiles
dotfiles_repo: "https://github.com/quotengrote/dotfiles.git" dotfiles_repo: "https://github.com/quotengrote/dotfiles.git"
dotfiles_repo_local_destination: "/home/mg/dotfiles-repo" dotfiles_repo_local_destination: "/home/mg/dotfiles-repo"

View file

@ -32,7 +32,7 @@ all:
hosts: hosts:
vm-test.grote.lan: vm-test.grote.lan:
lxc-test2.grote.lan: lxc-test2.grote.lan:
virt: proxmox:
hosts: hosts:
pve-test.grote.lan: pve-test.grote.lan:
pve2.grote.lan: pve2.grote.lan:

View file

@ -30,4 +30,4 @@
update_password: always update_password: always
password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}" password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Somit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen. # Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.

View file

@ -4,7 +4,7 @@
- { role: mgrote.motd, tags: "motd" } - { role: mgrote.motd, tags: "motd" }
- { role: mgrote.tmux, - { role: mgrote.tmux,
tags: "tmux", tags: "tmux",
when: "not 'virt' in group_names" } when: "not 'proxmox' in group_names" }
- { role: geerlingguy.dotfiles, - { role: geerlingguy.dotfiles,
# become_user: "{{ dotfiles_user }}" , # become_user: "{{ dotfiles_user }}" ,
become: true, become: true,

View file

@ -7,4 +7,4 @@
- { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt - { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt
tags: "ufw", tags: "ufw",
become: true, become: true,
when: "not 'virt' in group_names" } when: "not 'proxmox' in group_names" }

View file

@ -1,7 +1,7 @@
--- ---
- hosts: virt - hosts: proxmox
roles: roles:
- { role: ironicbadger.proxmox-nag-removal, tags: "nag", become: yes } - { role: mgrote.set_apt_proxy, tags: "apt_sources" }
- { role: mgrote.apcupsd, tags: "apcupsd" } - { role: mgrote.apcupsd, tags: "apcupsd" }
- { role: mgrote.smart, tags: "smart" } - { role: mgrote.smart, tags: "smart" }
- { role: mgrote.zfs_tools, tags: "zfs_tools" } - { role: mgrote.zfs_tools, tags: "zfs_tools" }

@ -1 +0,0 @@
Subproject commit 7581de87e3e118a87df7589a0abb832ca46a9fd1

View file

@ -0,0 +1,11 @@
---
manage_sources_apt_proxy_url: "" # leer = kein proxy, sonst "acng.grote.lan:9999"
manage_sources_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo
manage_sources_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
manage_sources_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
manage_sources_apt_repo_no_subscription: deb http://{{ manage_sources_apt_proxy_url }}/download.proxmox.com/debian/pve buster pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
manage_sources_proxmox_base_repos: # welche debian standard repos sollen gesetzt werden, werden vorher gelöscht damit ein proxy dann gesetzt werden kann
- repo_url: deb http://ftp.de.debian.org/debian buster main contrib
- repo_url: deb http://ftp.de.debian.org/debian buster-updates main contrib
- repo_url: deb http://security.debian.org buster/updates main contrib
manage_sources_debian_repo_path: /etc/apt/sources.list.d/debian.list # , wol sollen die standard-repos gespeichert werden; nicht auf /etc/apt/sources setzen, diese datei wird gelöscht

View file

@ -1,13 +1,13 @@
- name: sources.list kopieren ---
become: yes - name: include ubuntu tasks (determined by "ansible_distribution")
ansible.builtin.template: include_tasks: ubuntu.yml
src: "sources.list"
dest: "/etc/apt/sources.list"
backup: yes
register: copy_src
when: ansible_distribution == 'Ubuntu' when: ansible_distribution == 'Ubuntu'
- name: apt_update # noqa 503 503 - name: include proxmox tasks (determined by group)
include_tasks: proxmox.yml
when: "'proxmox' in group_names"
- name: update package lists # noqa 503 503
become: yes become: yes
ansible.builtin.apt: ansible.builtin.apt:
update_cache: yes update_cache: yes

View file

@ -0,0 +1,59 @@
---
- name: check if old debian-repositories exists
stat:
path: /etc/apt/sources.list
register: old_debian_repositories
- name: backup old debian-repositories
become: yes
ansible.builtin.copy:
src: /etc/apt/sources.list
dest: /etc/apt/sources.list.disabled
remote_src: yes
when: old_debian_repositories.stat.exists == true
- name: remove old debian-repositories
become: yes
ansible.builtin.file:
path: /etc/apt/sources.list
state: absent
when: old_debian_repositories.stat.exists == true
- name: add new debian-repositories
become: yes
ansible.builtin.apt_repository:
repo: "{{ item.repo_url }}"
state: present
filename: "{{ manage_sources_debian_repo_path }}"
update_cache: no
register: copy_src
loop: "{{ manage_sources_proxmox_base_repos }}"
- name: remove enterprise-Repository
become: yes
ansible.builtin.file:
path: "{{ manage_sources_enterprise_repo_path }}"
state: absent
- name: check if pve-no-subscription repo keys exists
stat:
path: "{{ manage_sources_apt_repo_key_path }}"
register: pve_no_subscription_repo_keys
- name: add pve-no-subscription repo keys
become: yes
ansible.builtin.apt_key:
url: "{{ manage_sources_apt_repo_key_url }}"
state: present
file: "{{ manage_sources_apt_repo_key_path }}"
register: copy_src
when: pve_no_subscription_repo_keys.stat.exists == true
- name: add pve-no-subscription repo
become: yes
ansible.builtin.apt_repository:
repo: "{{ manage_sources_apt_repo_no_subscription }}"
state: present
filename: pve-no-subscription
update_cache: no
register: copy_src

View file

@ -0,0 +1,8 @@
---
- name: Ubuntu - copy sources.list
become: yes
ansible.builtin.template:
src: "ubuntu_sources.list"
dest: "/etc/apt/sources.list"
backup: yes
register: copy_src

View file

@ -1,10 +0,0 @@
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe
deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse

View file

@ -0,0 +1,10 @@
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse
deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse
deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted
deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe
deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse