nag-buster entfernt; set_apt_sources erweitert

.ansible-lint

@@ -4,6 +4,7 @@ exclude_paths:
   - roles/igor_mukhin.bash_aliases/
   - roles/nickjj.ansible-user/
   - roles/azavea.ansible-pip/
+  - roles/riemers.gitlab-runner/
 
 parseable: true
 quiet: true

.gitmodules

@@ -10,9 +10,6 @@
 [submodule "roles/geerlingguy.pip"]
 	path = roles/geerlingguy.pip
 	url = https://github.com/geerlingguy/ansible-role-pip
-[submodule "roles/ironicbadger.proxmox-nag-removal"]
-	path = roles/ironicbadger.proxmox-nag-removal
-	url = https://github.com/IronicBadger/ansible-role-proxmox-nag-removal
 [submodule "roles/nickjj.ansible-user"]
 	path = roles/nickjj.ansible-user
 	url = https://github.com/nickjj/ansible-user

group_vars/all.yml

@@ -9,8 +9,7 @@
   postfix_smtp_server_port: 587
   postfix_smtp_use_tls: "yes"
   ### mgrote.set_apt_proxy
-  apt_proxy_server_hostname: acng.grote.lan
+  manage_sources_apt_proxy_url: "acng.grote.lan:9999"
-  apt_proxy_server_port: 9999
   ### mgrote.restic
   restic_folders_to_backup: "/usr/local /etc /root /var/www /home"
   restic_cron_hours: "19"

group_vars/proxmox.yml

@@ -1,5 +1,4 @@
 ---
-
   ### geerlingguy.dotfiles
   dotfiles_repo: "https://github.com/quotengrote/dotfiles.git"
   dotfiles_repo_local_destination: "/home/mg/dotfiles-repo"

inventory

@@ -32,7 +32,7 @@ all:
       hosts:
         vm-test.grote.lan:
         lxc-test2.grote.lan:
-    virt:
+    proxmox:
       hosts:
         pve-test.grote.lan:
         pve2.grote.lan:

playbooks/base/1_bootstrap.yml

@@ -30,4 +30,4 @@
           update_password: always
           password: "{{ lookup('keepass', 'linux_mg_user_password_hash', 'password') }}"
 
-# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Somit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.
+# Nach dem ersten durchlaufen ist keine Anmeldung mehr per Passwort & ssh möglich. Damit scheitert auch der Versuch das Playbook ein zweites mal durchlaufen zu lassen.

playbooks/base/5_personalisierung.yml

@@ -4,7 +4,7 @@
       - { role: mgrote.motd, tags: "motd" }
       - { role: mgrote.tmux,
           tags: "tmux",
-          when: "not 'virt' in group_names" }
+          when: "not 'proxmox' in group_names" }
       - { role: geerlingguy.dotfiles,
 #          become_user: "{{ dotfiles_user }}" ,
           become: true,

playbooks/base/6_haertung.yml

@@ -7,4 +7,4 @@
       - { role: oefenweb.ufw, # Regeln werden in den Group/Host-Vars gesetzt
           tags: "ufw",
           become: true,
-          when: "not 'virt' in group_names" }
+          when: "not 'proxmox' in group_names" }

playbooks/service/proxmox.yml

@@ -1,7 +1,7 @@
 ---
-- hosts: virt
+- hosts: proxmox
   roles:
-    - { role: ironicbadger.proxmox-nag-removal, tags: "nag", become: yes }
+    - { role: mgrote.set_apt_proxy, tags: "apt_sources" }
     - { role: mgrote.apcupsd, tags: "apcupsd" }
     - { role: mgrote.smart, tags: "smart" }
     - { role: mgrote.zfs_tools, tags: "zfs_tools" }

roles/ironicbadger.proxmox-nag-removal

@@ -1 +0,0 @@
-Subproject commit 7581de87e3e118a87df7589a0abb832ca46a9fd1

roles/mgrote.set_apt_proxy/defaults/main.yml

@@ -0,0 +1,11 @@
+---
+  manage_sources_apt_proxy_url: "" # leer = kein proxy, sonst "acng.grote.lan:9999"
+  manage_sources_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo
+  manage_sources_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
+  manage_sources_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
+  manage_sources_apt_repo_no_subscription: deb http://{{ manage_sources_apt_proxy_url }}/download.proxmox.com/debian/pve buster pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
+  manage_sources_proxmox_base_repos: # welche debian standard repos sollen gesetzt werden, werden vorher gelöscht damit ein proxy dann gesetzt werden kann
+    - repo_url: deb http://ftp.de.debian.org/debian buster main contrib
+    - repo_url: deb http://ftp.de.debian.org/debian buster-updates main contrib
+    - repo_url: deb http://security.debian.org buster/updates main contrib
+  manage_sources_debian_repo_path: /etc/apt/sources.list.d/debian.list # , wol sollen die standard-repos gespeichert werden; nicht auf /etc/apt/sources setzen, diese datei wird gelöscht

roles/mgrote.set_apt_proxy/tasks/main.yml

@@ -1,13 +1,13 @@
-  - name: sources.list kopieren
+---
-    become: yes
+  - name: include ubuntu tasks (determined by "ansible_distribution")
-    ansible.builtin.template:
+    include_tasks: ubuntu.yml
-      src: "sources.list"
-      dest: "/etc/apt/sources.list"
-      backup: yes
-    register: copy_src
     when: ansible_distribution == 'Ubuntu'
 
-  - name: apt_update # noqa 503 503
+  - name: include proxmox tasks (determined by group)
+    include_tasks: proxmox.yml
+    when: "'proxmox' in group_names"
+
+  - name: update package lists # noqa 503 503
     become: yes
     ansible.builtin.apt:
       update_cache: yes

roles/mgrote.set_apt_proxy/tasks/proxmox.yml

@@ -0,0 +1,59 @@
+---
+  - name: check if old debian-repositories exists
+    stat:
+      path: /etc/apt/sources.list
+    register: old_debian_repositories
+
+  - name: backup old debian-repositories
+    become: yes
+    ansible.builtin.copy:
+      src: /etc/apt/sources.list
+      dest: /etc/apt/sources.list.disabled
+      remote_src: yes
+    when: old_debian_repositories.stat.exists == true
+
+  - name: remove old debian-repositories
+    become: yes
+    ansible.builtin.file:
+      path: /etc/apt/sources.list
+      state: absent
+    when: old_debian_repositories.stat.exists == true
+
+  - name: add new debian-repositories
+    become: yes
+    ansible.builtin.apt_repository:
+      repo: "{{ item.repo_url }}"
+      state: present
+      filename: "{{ manage_sources_debian_repo_path }}"
+      update_cache: no
+    register: copy_src
+    loop: "{{ manage_sources_proxmox_base_repos }}"
+
+  - name: remove enterprise-Repository
+    become: yes
+    ansible.builtin.file:
+      path: "{{ manage_sources_enterprise_repo_path }}"
+      state: absent
+
+  - name: check if pve-no-subscription repo keys exists
+    stat:
+      path: "{{ manage_sources_apt_repo_key_path }}"
+    register: pve_no_subscription_repo_keys
+
+  - name: add pve-no-subscription repo keys
+    become: yes
+    ansible.builtin.apt_key:
+      url: "{{ manage_sources_apt_repo_key_url }}"
+      state: present
+      file: "{{ manage_sources_apt_repo_key_path }}"
+    register: copy_src
+    when: pve_no_subscription_repo_keys.stat.exists == true
+
+  - name: add pve-no-subscription repo
+    become: yes
+    ansible.builtin.apt_repository:
+      repo: "{{ manage_sources_apt_repo_no_subscription }}"
+      state: present
+      filename: pve-no-subscription
+      update_cache: no
+    register: copy_src

roles/mgrote.set_apt_proxy/tasks/ubuntu.yml

@@ -0,0 +1,8 @@
+---
+  - name: Ubuntu - copy sources.list
+    become: yes
+    ansible.builtin.template:
+      src: "ubuntu_sources.list"
+      dest: "/etc/apt/sources.list"
+      backup: yes
+    register: copy_src

roles/mgrote.set_apt_proxy/templates/sources.list

@@ -1,10 +0,0 @@
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe
-deb http://{{ apt_proxy_server_hostname }}:{{ apt_proxy_server_port }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse

roles/mgrote.set_apt_proxy/templates/ubuntu_sources.list

@@ -0,0 +1,10 @@
+deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted
+deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted
+deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe
+deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe
+deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse
+deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse
+deb http://{{ manage_sources_apt_proxy_url }}/de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse
+deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted
+deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe
+deb http://{{ manage_sources_apt_proxy_url }}/security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse