apt.conf (#140)

apcupsd verschoben

pihole vars

vars

vars

apt.conf

tasks

templates

acng https passtrough

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#140
Co-Authored-By: mg <mg@noreply.git.mgrote.net>
Co-Committed-By: mg <mg@noreply.git.mgrote.net>

group_vars/all.yml

@@ -53,9 +53,6 @@
       local_path: "/home/mg/.tmux.conf"
     - repo_path: "{{ dotfiles_repo_path}}/.gitconfig"
       local_path: "/home/mg/.gitconfig"
-  dotfiles_dirs:
-    - path: /home/mg/.config/i3
-    - path: /home/mg/.config/polybar
   dotfiles_owner: mg
   ### jnv.unattended_upgrades
   unattended_mail: "{{ empfaenger_mail }}"
@@ -79,7 +76,8 @@
   postfix_smtp_server_port: 587
   postfix_smtp_use_tls: "yes"
   ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy_url: "acng.grote.lan:9999/"
+  manage_sources_apt_proxy_server: acng.grote.lan
+  manage_sources_apt_proxy_port: 9999
   ### mgrote.restic
   restic_folders_to_backup: "/usr/local /etc /root /home"
   restic_cron_hours: "19"
@@ -203,19 +201,6 @@
     - qemu-guest-agent
     - open-vm-tools
 
-  ### mgrote.apcupsd
-  apcupsd_master_onbatterydelay: 10
-  apcupsd_master_batterylevel_for_shutdown: 50
-  apcupsd_master_minutes_for_shutdown: 10
-  apcupsd_master_nologon_when_active: disable
-  apcupsd_slave_onbatterydelay: 10
-  apcupsd_slave_batterylevel_for_shutdown: 50
-  apcupsd_slave_minutes_for_shutdown: 10
-  apcupsd_slave_nologon_when_active: disable
-  apcupsd_nis_master: on
-  apcupsd_nis_master_listen_ip: 0.0.0.0
-  apcupsd_nis_master_listen_port: 3551
-  apcupsd_ups_name: APC-BX950U-GR
 
 
   # Ansible Variablen

group_vars/pihole.yml

@@ -33,4 +33,5 @@
     - address: pool.ntp.org
       options: iburst #optionaler parameter
   ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy_url: "192.168.2.46:9999/" # weil pihole den fqdn nicht auflösen kann
+  manage_sources_apt_proxy_server: ""
+  manage_sources_apt_proxy_port: ""

group_vars/proxmox.yml

@@ -55,6 +55,22 @@
     - name: docker_mem
     - name: apc_nis
     - name: lvm_
+    
+  ### mgrote.apcupsd
+  apcupsd_master_onbatterydelay: 10
+  apcupsd_master_batterylevel_for_shutdown: 50
+  apcupsd_master_minutes_for_shutdown: 10
+  apcupsd_master_nologon_when_active: disable
+  apcupsd_slave_onbatterydelay: 10
+  apcupsd_slave_batterylevel_for_shutdown: 50
+  apcupsd_slave_minutes_for_shutdown: 10
+  apcupsd_slave_nologon_when_active: disable
+  apcupsd_nis_master: on
+  apcupsd_nis_master_listen_ip: 0.0.0.0
+  apcupsd_nis_master_listen_port: 3551
+  apcupsd_ups_name: APC-BX950U-GR
+
+
   # Ansible Variablen
   ### sudo
   sudo: false

roles/mgrote.acng/templates/acng.conf

@@ -408,6 +408,11 @@ LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng
 # PassThroughPattern: private-ppa\.launchpad\.net:443$
 # PassThroughPattern: .* # this would allow CONNECT to everything
 #
+
+# apt-cacher-ng will obviously fail to serve HTTPS repositories. There are many solutions upstream but I have found the simplest solution to be to simply tunnel HTTPS connections directly on the proxy, by putting this in /etc/apt-cacher-ng/acng.conf:
+# https://wiki.debian.org/AptCacherNg
+PassThroughPattern: ^(.*):443$
+
 # Default: ^(bugs\.debian\.org|changelogs\.ubuntu\.com):443$
 # PassThroughPattern: ^(bugs\.debian\.org|changelogs\.ubuntu\.com):443$
 

roles/mgrote.apt_manage_sources/defaults/main.yml

@@ -1,11 +1,7 @@
 ---
-  manage_sources_apt_proxy_url: "" # leer = kein proxy, sonst "acng.grote.lan:9999"
   manage_sources_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo
   manage_sources_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
   manage_sources_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
-  manage_sources_apt_repo_no_subscription: deb http://{{ manage_sources_apt_proxy_url }}/download.proxmox.com/debian/pve buster pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
+  manage_sources_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pve buster pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
-  manage_sources_proxmox_base_repos: # welche debian standard repos sollen gesetzt werden, werden vorher gelöscht damit ein proxy dann gesetzt werden kann
+  manage_sources_apt_proxy_server: acng.grote.lan
-    - repo_url: deb http://ftp.de.debian.org/debian buster main contrib
+  manage_sources_apt_proxy_port: 9999
-    - repo_url: deb http://ftp.de.debian.org/debian buster-updates main contrib
-    - repo_url: deb http://security.debian.org buster/updates main contrib
-  manage_sources_debian_repo_path: /etc/apt/sources.list.d/debian # wo sollen die standard-repos gespeichert werden; nicht auf /etc/apt/sources setzen, diese datei wird gelöscht

roles/mgrote.apt_manage_sources/tasks/mint.yml

@@ -1,8 +1,9 @@
 ---
-  - name: Mint - copy sources.list
+  - name: ensure apt.conf exists
-    become: yes
+    become: true
     ansible.builtin.template:
-      src: "mint_sources.list"
+      src: apt.conf
-      dest: "/etc/apt/sources.list.d/official-package-repositories.list"
+      dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
       backup: yes
     register: copy_src
+    when: manage_sources_apt_proxy_server is defined

roles/mgrote.apt_manage_sources/tasks/proxmox.yml

@@ -1,33 +1,12 @@
 ---
-  - name: check if old debian-repositories exists
+  - name: ensure apt.conf exists
-    stat:
+    become: true
-      path: /etc/apt/sources.list
+    ansible.builtin.template:
-    register: old_debian_repositories
+      src: apt.conf
-
+      dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
-  - name: backup old debian-repositories
+      backup: yes
-    become: yes
-    ansible.builtin.copy:
-      src: /etc/apt/sources.list
-      dest: /etc/apt/sources.list.disabled
-      remote_src: yes
-    when: old_debian_repositories.stat.exists == true
-
-  - name: remove old debian-repositories
-    become: yes
-    ansible.builtin.file:
-      path: /etc/apt/sources.list
-      state: absent
-    when: old_debian_repositories.stat.exists == true
-
-  - name: add new debian-repositories
-    become: yes
-    ansible.builtin.apt_repository:
-      repo: "{{ item.repo_url }}"
-      state: present
-      filename: "{{ manage_sources_debian_repo_path }}"
-      update_cache: no
     register: copy_src
-    loop: "{{ manage_sources_proxmox_base_repos }}"
+    when: manage_sources_apt_proxy_server is defined
 
   - name: remove enterprise-Repository
     become: yes

roles/mgrote.apt_manage_sources/tasks/ubuntu.yml

@@ -1,8 +1,9 @@
 ---
-  - name: Ubuntu - copy sources.list
+  - name: ensure apt.conf exists
-    become: yes
+    become: true
     ansible.builtin.template:
-      src: "ubuntu_sources.list"
+      src: apt.conf
-      dest: "/etc/apt/sources.list"
+      dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
       backup: yes
     register: copy_src
+    when: manage_sources_apt_proxy_server is defined

roles/mgrote.apt_manage_sources/templates/apt.conf

@@ -0,0 +1,2 @@
+Acquire::http::proxy "http://{{ manage_sources_apt_proxy_server | default() }}:{{ manage_sources_apt_proxy_port | default() }}";
+Acquire::https::proxy "http://{{ manage_sources_apt_proxy_server | default() }}:{{ manage_sources_apt_proxy_port | default() }}";

roles/mgrote.apt_manage_sources/templates/mint_sources.list

@@ -1,9 +0,0 @@
-{{ file_header | default () }}
-deb http://{{ manage_sources_apt_proxy_url }}packages.linuxmint.com ulyssa main upstream import backport
-
-deb http://{{ manage_sources_apt_proxy_url }}archive.ubuntu.com/ubuntu focal main restricted universe multiverse
-deb http://{{ manage_sources_apt_proxy_url }}archive.ubuntu.com/ubuntu focal-updates main restricted universe multiverse
-deb http://{{ manage_sources_apt_proxy_url }}archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse
-
-deb http://{{ manage_sources_apt_proxy_url }}security.ubuntu.com/ubuntu/ focal-security main restricted universe multiverse
-deb http://{{ manage_sources_apt_proxy_url }}archive.canonical.com/ubuntu/ focal partner

roles/mgrote.apt_manage_sources/templates/ubuntu_sources.list

@@ -1,11 +0,0 @@
-{{ file_header | default () }}
-deb http://{{ manage_sources_apt_proxy_url }}de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} main restricted
-deb http://{{ manage_sources_apt_proxy_url }}de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates main restricted
-deb http://{{ manage_sources_apt_proxy_url }}de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} universe
-deb http://{{ manage_sources_apt_proxy_url }}de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates universe
-deb http://{{ manage_sources_apt_proxy_url }}de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}} multiverse
-deb http://{{ manage_sources_apt_proxy_url }}de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-updates multiverse
-deb http://{{ manage_sources_apt_proxy_url }}de.archive.ubuntu.com/ubuntu/ {{ansible_distribution_release}}-backports main restricted universe multiverse
-deb http://{{ manage_sources_apt_proxy_url }}security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security main restricted
-deb http://{{ manage_sources_apt_proxy_url }}security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security universe
-deb http://{{ manage_sources_apt_proxy_url }}security.ubuntu.com/ubuntu {{ansible_distribution_release}}-security multiverse