apt_manage_sources: templating (#549)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: #549

group_vars/all.yml

@@ -106,11 +106,16 @@
   unattended_origins_patterns:
     - 'origin=Ubuntu,archive=${distro_codename}-security'
     - 'o=Ubuntu,a=${distro_codename}-updates'
-  ### mgrote.systemd-timesyncd
-  ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
-  ntp_timesyncd_servers: # welche Server sollen befragt werden
-    - 192.168.2.1
-  ntp_chrony_logging: false # logging an/aus
+  ### mgrote.ntp_chrony_client
+  ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
+  ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
+  ntp_chrony_servers: # welche Server sollen befragt werden
+    - address: ptbtime1.ptb.de
+      options: iburst #optionaler parameter
+  ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
+  ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
+  ntp_chrony_logging: false
+
   ### mgrote.postfix
   postfix_absender_mailadresse: info@mgrote.net
   postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
@@ -119,8 +124,6 @@
   postfix_smtp_server: smtp.strato.de
   postfix_smtp_server_port: 587
   postfix_smtp_use_tls: "yes"
-  ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy: ""
   ### mgrote.tmux
   tmux_conf_destination: "/home/mg/.tmux.conf"
   tmux_bashrc_destination: "/home/mg/.bashrc"

group_vars/laptop.yml

@@ -53,14 +53,9 @@
     - lolcat
     - fortune-mod
   ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy: ""
-  manage_sources_extra_repos: # Extra Repositories
-    - name: vivaldi
-      url: "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
-  ### mgrote.systemd-timesyncd
-  ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
-  ntp_timesyncd_servers: # welche Server sollen befragt werden
-    - pool.ntp.org
+  # Extra-Repositories, sollte pro Host gesetzt werden
+  extra_repos:
+    - "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
   ### oefenweb.ufw
   ufw_rules:
     - rule: allow

group_vars/pve.yml

@@ -112,9 +112,6 @@
     - name: http_response
     - name: timesync
 
-  ### mgrote.apt_manage_sources
-  manage_sources_apt_proxy: ""
-
   # Ansible Variablen
   ### sudo
   sudo: false

roles/mgrote.apt_manage_sources/defaults/main.yml

@@ -1,22 +1,18 @@
 ---
 # pve
-  manage_sources_proxmox_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo
-  manage_sources_proxmox_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
-  manage_sources_proxmox_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
-  manage_sources_proxmox_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
+manage_sources_proxmox_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
+manage_sources_proxmox_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
+# pbs
+manage_sources_pbs_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
+manage_sources_pbs_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
 
+# Extra-Repositories, sollte pro Host gesetzt werden
+# extra_repos:
+#   - "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
 
-  manage_sources_apt_proxy: docker10.grote.lan:9999 # url+Port vom proxy
-#  manage_sources_extra_repos: # Extra Repositories
-#    - name: vivaldi # optional
-#      url: deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main
-#      state: present # default: present
-#    - name: xnview
-#      url: deb https://repo.vivaldi.com/archive/deb/ stable main
+# in welche Datei sollen die Repositories geschrieben werden
+repo_sources_file: "/etc/apt/sources.list"
 
-
-  # pbs
-  manage_sources_pbs_enterprise_repo_path: /etc/apt/sources.list.d/pbs-enterprise.list
-  manage_sources_pbs_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
-  manage_sources_pbs_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
-  manage_sources_pbs_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription
+# überschreibe vars-File Repos in den host-vars
+# repos_override: # wenn diese variable gesetzt ist, überschreibt die den inhalt der vars/<os>.yaml
+  # - hallo

roles/mgrote.apt_manage_sources/tasks/extra_repos.yml

@@ -1,9 +0,0 @@
----
-  - name: add extra repositories
-    become: true
-    ansible.builtin.apt_repository:
-      repo: "{{ item.url }}"
-      filename: "{{ item.name | default(omit) }}"
-      state: "{{ item.state  | default('present')}}"
-    with_items: "{{ manage_sources_extra_repos }}"
-    when: manage_sources_extra_repos is defined

roles/mgrote.apt_manage_sources/tasks/main.yml

@@ -1,29 +1,49 @@
 ---
-  - name: include ubuntu tasks (determined by "ansible_distribution")
-    include_tasks: ubuntu.yml
-    when:
-      - ansible_distribution == 'Ubuntu'
-      - manage_sources_apt_proxy is defined
+- name: include vars (ubuntu) (determined by "ansible_distribution")
+  ansible.builtin.include_vars:
+    file: ubuntu.yaml
+  when:
+    - ansible_distribution == 'Ubuntu'
 
-  - name: include Linux Mint tasks (determined by "ansible_distribution")
-    include_tasks: mint.yml
-    when:
-      - ansible_distribution == 'Linux Mint'
-      - manage_sources_apt_proxy is defined
+- name: include vars (mint) (determined by "ansible_distribution")
+  ansible.builtin.include_vars:
+    file: mint.yaml
+  when:
+    - ansible_distribution == 'Linux Mint'
 
-  - name: include pve tasks (determined by group)
-    include_tasks: pve.yml
-    when:
-      - "'pve' in group_names"
-      - manage_sources_apt_proxy is defined
+- name: include vars (pve) (determined by group)
+  ansible.builtin.include_vars:
+    file: pve.yaml
+  when:
+    - "'pve' in group_names"
 
-  - name: include extra repo tasks
-    include_tasks: extra_repos.yml
-    when:
-      - manage_sources_extra_repos is defined
+- name: include vars (pbs) (determined by group)
+  ansible.builtin.include_vars:
+    file: pbs.yaml
+  when:
+    - "'pbs' in group_names"
 
-  - name: include pbs tasks (determined by group)
-    include_tasks: pbs.yml
-    when:
-      - "'pbs' in group_names"
-      - manage_sources_apt_proxy is defined
+- name: ensure /etc/apt/sources.list.d/ is absent
+  become: true
+  ansible.builtin.file:
+    path: /etc/apt/sources.list.d/
+    state: absent
+
+- name: include preparation tasks (pbs) (determined by group)
+  ansible.builtin.include_tasks: pbs.yml
+  when:
+    - "'pbs' in group_names"
+
+- name: include preparation tasks (pve) (determined by group)
+  ansible.builtin.include_tasks: pve.yml
+  when:
+    - "'pve' in group_names"
+
+- name: template sources.list
+  become: true
+  ansible.builtin.template:
+    src: sources.j2
+    dest: "{{ repo_sources_file }}"
+  notify: update package lists
+  when:
+    - repos is defined

roles/mgrote.apt_manage_sources/tasks/mint.yml

@@ -1,8 +0,0 @@
----
-  - name: ensure apt.conf exists
-    become: true
-    ansible.builtin.template:
-      src: apt.conf
-      dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
-      backup: yes
-    notify: update package lists

roles/mgrote.apt_manage_sources/tasks/pbs.yml

@@ -1,36 +1,14 @@
 ---
-  - name: ensure apt.conf exists
-    become: true
-    ansible.builtin.template:
-      src: apt.conf
-      dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
-      backup: yes
-    notify: update package lists
+- name: check if pbs-no-subscription repo keys exists
+  become: true
+  stat:
+    path: "{{ manage_sources_pbs_apt_repo_key_path }}"
+  register: pbs_no_subscription_repo_keys
 
-  - name: remove enterprise-Repository
-    become: yes
-    ansible.builtin.file:
-      path: "{{ manage_sources_pbs_enterprise_repo_path }}"
-      state: absent
-
-  - name: check if pbs-no-subscription repo keys exists
-    stat:
-      path: "{{ manage_sources_pbs_apt_repo_key_path }}"
-    register: pbs_no_subscription_repo_keys
-
-  - name: add pbs-no-subscription repo keys
-    become: yes
-    ansible.builtin.apt_key:
-      url: "{{ manage_sources_pbs_apt_repo_key_url }}"
-      state: present
-    notify: update package lists
-    when: pbs_no_subscription_repo_keys.stat.exists == false
-
-  - name: add pbs-no-subscription repo
-    become: yes
-    ansible.builtin.apt_repository:
-      repo: "{{ manage_sources_pbs_apt_repo_no_subscription }}"
-      state: present
-      filename: pbs-no-subscription
-      update_cache: no
-    notify: update package lists
+- name: add pbs-no-subscription repo keys
+  become: true
+  ansible.builtin.apt_key:
+    url: "{{ manage_sources_pbs_apt_repo_key_url }}"
+    state: present
+  notify: update package lists
+  when: pbs_no_subscription_repo_keys.stat.exists == false

roles/mgrote.apt_manage_sources/tasks/pve.yml

@@ -1,34 +1,14 @@
 ---
-  - name: ensure apt.conf exists
-    become: true
-    ansible.builtin.template:
-      src: apt.conf
-      dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
-      backup: yes
-    notify: update package lists
+- name: check if pve-no-subscription repo keys exists
+  become: true
+  stat:
+    path: "{{ manage_sources_proxmox_apt_repo_key_path }}"
+  register: pve_no_subscription_repo_keys
 
-  - name: remove enterprise-Repository
-    become: yes
-    ansible.builtin.file:
-      path: "{{ manage_sources_proxmox_enterprise_repo_path }}"
-      state: absent
-
-  - name: check if pve-no-subscription repo keys exists
-    stat:
-      path: "{{ manage_sources_proxmox_apt_repo_key_path }}"
-    register: pve_no_subscription_repo_keys
-
-  - name: add pve-no-subscription repo keys
-    become: yes
-    ansible.builtin.apt_key:
-      url: "{{ manage_sources_proxmox_apt_repo_key_url }}"
-      state: present
-    notify: update package lists
-    when: pve_no_subscription_repo_keys.stat.exists == false
-
-  - name: add pve-no-subscription repo
-    become: yes
-    ansible.builtin.template:
-      src: pve-no-subscription.j2
-      dest: pve-no-subscription.list
-    notify: update package lists
+- name: add pve-no-subscription repo keys
+  become: yes
+  ansible.builtin.apt_key:
+    url: "{{ manage_sources_proxmox_apt_repo_key_url }}"
+    state: present
+  notify: update package lists
+  when: pve_no_subscription_repo_keys.stat.exists == false

roles/mgrote.apt_manage_sources/tasks/ubuntu.yml

@@ -1,8 +0,0 @@
----
-  - name: ensure apt.conf exists
-    become: true
-    ansible.builtin.template:
-      src: apt.conf
-      dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
-      backup: yes
-    notify: update package lists

roles/mgrote.apt_manage_sources/templates/apt.conf

@@ -1,5 +0,0 @@
-{{ file_header | default () }}
-{% if manage_sources_apt_proxy | length > 0 %}
-Acquire::http::proxy "http://{{ manage_sources_apt_proxy | default() }}";
-Acquire::https::proxy "http://{{ manage_sources_apt_proxy | default() }}";
-{% endif %}

roles/mgrote.apt_manage_sources/templates/pve-no-subscription.j2

@@ -1 +0,0 @@
-{{ manage_sources_proxmox_apt_repo_no_subscription }}

roles/mgrote.apt_manage_sources/templates/sources.j2

@@ -0,0 +1,15 @@
+{{ file_header | default () }}
+{% if repos_override is defined %}
+{% for item in repos_override %}
+{{ item }}
+{% endfor %}
+{% else %}
+{% for item in repos %}
+{{ item }}
+{% endfor %}{% endif %}
+
+{% if extra_repos is defined %}
+{% for item in extra_repos %}
+{{ item }}
+{% endfor %}
+{% endif %}

roles/mgrote.apt_manage_sources/vars/mint.yml

@@ -0,0 +1,9 @@
+---
+# Repositories
+repos:
+  - "deb http://packages.linuxmint.com vera main upstream import backport"
+  - "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} main restricted universe multiverse"
+  - "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates main restricted universe multiverse"
+  - "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-backports main restricted universe multiverse"
+  - "deb http://security.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse"
+  - "deb http://archive.canonical.com/ubuntu/ {{ ansible_distribution_release }} partner"

roles/mgrote.apt_manage_sources/vars/pbs.yaml

@@ -0,0 +1,7 @@
+---
+# Repositories
+repos:
+  - "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }} main contrib"
+  - "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }}-updates main contrib"
+  - "deb http://security.debian.org {{ ansible_distribution_release }}-security main contrib"
+  - "deb http://download.proxmox.com/debian/pbs {{ ansible_distribution_release }} pbs-no-subscription"

roles/mgrote.apt_manage_sources/vars/pve.yaml

@@ -0,0 +1,7 @@
+---
+# Repositories
+repos:
+  - "deb http://deb.debian.org/debian {{ ansible_distribution_release }} main contrib"
+  - "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-updates main contrib"
+  - "deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription"
+  - "deb http://security.debian.org/debian-security {{ ansible_distribution_release }}-security main contrib"

roles/mgrote.apt_manage_sources/vars/ubuntu.yaml

@@ -0,0 +1,13 @@
+---
+# Repositories
+repos:
+  - "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted"
+  - "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates main restricted"
+  - "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} universe"
+  - "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates universe"
+  - "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} multiverse"
+  - "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates multiverse"
+  - "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-backports main restricted universe multiverse"
+  - "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted"
+  - "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security universe"
+  - "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security multiverse"