apt_manage_sources: templating (#549)
Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #549
This commit is contained in:
parent
83e76dd518
commit
d6b5e4f1d7
17 changed files with 145 additions and 156 deletions
|
@ -106,11 +106,16 @@
|
||||||
unattended_origins_patterns:
|
unattended_origins_patterns:
|
||||||
- 'origin=Ubuntu,archive=${distro_codename}-security'
|
- 'origin=Ubuntu,archive=${distro_codename}-security'
|
||||||
- 'o=Ubuntu,a=${distro_codename}-updates'
|
- 'o=Ubuntu,a=${distro_codename}-updates'
|
||||||
### mgrote.systemd-timesyncd
|
### mgrote.ntp_chrony_client
|
||||||
ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
||||||
ntp_timesyncd_servers: # welche Server sollen befragt werden
|
ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
|
||||||
- 192.168.2.1
|
ntp_chrony_servers: # welche Server sollen befragt werden
|
||||||
ntp_chrony_logging: false # logging an/aus
|
- address: ptbtime1.ptb.de
|
||||||
|
options: iburst #optionaler parameter
|
||||||
|
ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
|
||||||
|
ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
|
||||||
|
ntp_chrony_logging: false
|
||||||
|
|
||||||
### mgrote.postfix
|
### mgrote.postfix
|
||||||
postfix_absender_mailadresse: info@mgrote.net
|
postfix_absender_mailadresse: info@mgrote.net
|
||||||
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
|
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
|
||||||
|
@ -119,8 +124,6 @@
|
||||||
postfix_smtp_server: smtp.strato.de
|
postfix_smtp_server: smtp.strato.de
|
||||||
postfix_smtp_server_port: 587
|
postfix_smtp_server_port: 587
|
||||||
postfix_smtp_use_tls: "yes"
|
postfix_smtp_use_tls: "yes"
|
||||||
### mgrote.apt_manage_sources
|
|
||||||
manage_sources_apt_proxy: ""
|
|
||||||
### mgrote.tmux
|
### mgrote.tmux
|
||||||
tmux_conf_destination: "/home/mg/.tmux.conf"
|
tmux_conf_destination: "/home/mg/.tmux.conf"
|
||||||
tmux_bashrc_destination: "/home/mg/.bashrc"
|
tmux_bashrc_destination: "/home/mg/.bashrc"
|
||||||
|
|
|
@ -53,14 +53,9 @@
|
||||||
- lolcat
|
- lolcat
|
||||||
- fortune-mod
|
- fortune-mod
|
||||||
### mgrote.apt_manage_sources
|
### mgrote.apt_manage_sources
|
||||||
manage_sources_apt_proxy: ""
|
# Extra-Repositories, sollte pro Host gesetzt werden
|
||||||
manage_sources_extra_repos: # Extra Repositories
|
extra_repos:
|
||||||
- name: vivaldi
|
- "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
|
||||||
url: "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
|
|
||||||
### mgrote.systemd-timesyncd
|
|
||||||
ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
|
||||||
ntp_timesyncd_servers: # welche Server sollen befragt werden
|
|
||||||
- pool.ntp.org
|
|
||||||
### oefenweb.ufw
|
### oefenweb.ufw
|
||||||
ufw_rules:
|
ufw_rules:
|
||||||
- rule: allow
|
- rule: allow
|
||||||
|
|
|
@ -112,9 +112,6 @@
|
||||||
- name: http_response
|
- name: http_response
|
||||||
- name: timesync
|
- name: timesync
|
||||||
|
|
||||||
### mgrote.apt_manage_sources
|
|
||||||
manage_sources_apt_proxy: ""
|
|
||||||
|
|
||||||
# Ansible Variablen
|
# Ansible Variablen
|
||||||
### sudo
|
### sudo
|
||||||
sudo: false
|
sudo: false
|
||||||
|
|
|
@ -1,22 +1,18 @@
|
||||||
---
|
---
|
||||||
# pve
|
# pve
|
||||||
manage_sources_proxmox_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo
|
manage_sources_proxmox_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
|
||||||
manage_sources_proxmox_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
|
manage_sources_proxmox_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
|
||||||
manage_sources_proxmox_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
|
# pbs
|
||||||
manage_sources_proxmox_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
|
manage_sources_pbs_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
|
||||||
|
manage_sources_pbs_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
|
||||||
|
|
||||||
|
# Extra-Repositories, sollte pro Host gesetzt werden
|
||||||
|
# extra_repos:
|
||||||
|
# - "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
|
||||||
|
|
||||||
manage_sources_apt_proxy: docker10.grote.lan:9999 # url+Port vom proxy
|
# in welche Datei sollen die Repositories geschrieben werden
|
||||||
# manage_sources_extra_repos: # Extra Repositories
|
repo_sources_file: "/etc/apt/sources.list"
|
||||||
# - name: vivaldi # optional
|
|
||||||
# url: deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main
|
|
||||||
# state: present # default: present
|
|
||||||
# - name: xnview
|
|
||||||
# url: deb https://repo.vivaldi.com/archive/deb/ stable main
|
|
||||||
|
|
||||||
|
# überschreibe vars-File Repos in den host-vars
|
||||||
# pbs
|
# repos_override: # wenn diese variable gesetzt ist, überschreibt die den inhalt der vars/<os>.yaml
|
||||||
manage_sources_pbs_enterprise_repo_path: /etc/apt/sources.list.d/pbs-enterprise.list
|
# - hallo
|
||||||
manage_sources_pbs_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
|
|
||||||
manage_sources_pbs_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
|
|
||||||
manage_sources_pbs_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription
|
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
---
|
|
||||||
- name: add extra repositories
|
|
||||||
become: true
|
|
||||||
ansible.builtin.apt_repository:
|
|
||||||
repo: "{{ item.url }}"
|
|
||||||
filename: "{{ item.name | default(omit) }}"
|
|
||||||
state: "{{ item.state | default('present')}}"
|
|
||||||
with_items: "{{ manage_sources_extra_repos }}"
|
|
||||||
when: manage_sources_extra_repos is defined
|
|
|
@ -1,29 +1,49 @@
|
||||||
---
|
---
|
||||||
- name: include ubuntu tasks (determined by "ansible_distribution")
|
- name: include vars (ubuntu) (determined by "ansible_distribution")
|
||||||
include_tasks: ubuntu.yml
|
ansible.builtin.include_vars:
|
||||||
when:
|
file: ubuntu.yaml
|
||||||
- ansible_distribution == 'Ubuntu'
|
when:
|
||||||
- manage_sources_apt_proxy is defined
|
- ansible_distribution == 'Ubuntu'
|
||||||
|
|
||||||
- name: include Linux Mint tasks (determined by "ansible_distribution")
|
- name: include vars (mint) (determined by "ansible_distribution")
|
||||||
include_tasks: mint.yml
|
ansible.builtin.include_vars:
|
||||||
when:
|
file: mint.yaml
|
||||||
- ansible_distribution == 'Linux Mint'
|
when:
|
||||||
- manage_sources_apt_proxy is defined
|
- ansible_distribution == 'Linux Mint'
|
||||||
|
|
||||||
- name: include pve tasks (determined by group)
|
- name: include vars (pve) (determined by group)
|
||||||
include_tasks: pve.yml
|
ansible.builtin.include_vars:
|
||||||
when:
|
file: pve.yaml
|
||||||
- "'pve' in group_names"
|
when:
|
||||||
- manage_sources_apt_proxy is defined
|
- "'pve' in group_names"
|
||||||
|
|
||||||
- name: include extra repo tasks
|
- name: include vars (pbs) (determined by group)
|
||||||
include_tasks: extra_repos.yml
|
ansible.builtin.include_vars:
|
||||||
when:
|
file: pbs.yaml
|
||||||
- manage_sources_extra_repos is defined
|
when:
|
||||||
|
- "'pbs' in group_names"
|
||||||
|
|
||||||
- name: include pbs tasks (determined by group)
|
- name: ensure /etc/apt/sources.list.d/ is absent
|
||||||
include_tasks: pbs.yml
|
become: true
|
||||||
when:
|
ansible.builtin.file:
|
||||||
- "'pbs' in group_names"
|
path: /etc/apt/sources.list.d/
|
||||||
- manage_sources_apt_proxy is defined
|
state: absent
|
||||||
|
|
||||||
|
- name: include preparation tasks (pbs) (determined by group)
|
||||||
|
ansible.builtin.include_tasks: pbs.yml
|
||||||
|
when:
|
||||||
|
- "'pbs' in group_names"
|
||||||
|
|
||||||
|
- name: include preparation tasks (pve) (determined by group)
|
||||||
|
ansible.builtin.include_tasks: pve.yml
|
||||||
|
when:
|
||||||
|
- "'pve' in group_names"
|
||||||
|
|
||||||
|
- name: template sources.list
|
||||||
|
become: true
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: sources.j2
|
||||||
|
dest: "{{ repo_sources_file }}"
|
||||||
|
notify: update package lists
|
||||||
|
when:
|
||||||
|
- repos is defined
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
- name: ensure apt.conf exists
|
|
||||||
become: true
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: apt.conf
|
|
||||||
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
|
|
||||||
backup: yes
|
|
||||||
notify: update package lists
|
|
|
@ -1,36 +1,14 @@
|
||||||
---
|
---
|
||||||
- name: ensure apt.conf exists
|
- name: check if pbs-no-subscription repo keys exists
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
stat:
|
||||||
src: apt.conf
|
path: "{{ manage_sources_pbs_apt_repo_key_path }}"
|
||||||
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
|
register: pbs_no_subscription_repo_keys
|
||||||
backup: yes
|
|
||||||
notify: update package lists
|
|
||||||
|
|
||||||
- name: remove enterprise-Repository
|
- name: add pbs-no-subscription repo keys
|
||||||
become: yes
|
become: true
|
||||||
ansible.builtin.file:
|
ansible.builtin.apt_key:
|
||||||
path: "{{ manage_sources_pbs_enterprise_repo_path }}"
|
url: "{{ manage_sources_pbs_apt_repo_key_url }}"
|
||||||
state: absent
|
state: present
|
||||||
|
notify: update package lists
|
||||||
- name: check if pbs-no-subscription repo keys exists
|
when: pbs_no_subscription_repo_keys.stat.exists == false
|
||||||
stat:
|
|
||||||
path: "{{ manage_sources_pbs_apt_repo_key_path }}"
|
|
||||||
register: pbs_no_subscription_repo_keys
|
|
||||||
|
|
||||||
- name: add pbs-no-subscription repo keys
|
|
||||||
become: yes
|
|
||||||
ansible.builtin.apt_key:
|
|
||||||
url: "{{ manage_sources_pbs_apt_repo_key_url }}"
|
|
||||||
state: present
|
|
||||||
notify: update package lists
|
|
||||||
when: pbs_no_subscription_repo_keys.stat.exists == false
|
|
||||||
|
|
||||||
- name: add pbs-no-subscription repo
|
|
||||||
become: yes
|
|
||||||
ansible.builtin.apt_repository:
|
|
||||||
repo: "{{ manage_sources_pbs_apt_repo_no_subscription }}"
|
|
||||||
state: present
|
|
||||||
filename: pbs-no-subscription
|
|
||||||
update_cache: no
|
|
||||||
notify: update package lists
|
|
||||||
|
|
|
@ -1,34 +1,14 @@
|
||||||
---
|
---
|
||||||
- name: ensure apt.conf exists
|
- name: check if pve-no-subscription repo keys exists
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
stat:
|
||||||
src: apt.conf
|
path: "{{ manage_sources_proxmox_apt_repo_key_path }}"
|
||||||
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
|
register: pve_no_subscription_repo_keys
|
||||||
backup: yes
|
|
||||||
notify: update package lists
|
|
||||||
|
|
||||||
- name: remove enterprise-Repository
|
- name: add pve-no-subscription repo keys
|
||||||
become: yes
|
become: yes
|
||||||
ansible.builtin.file:
|
ansible.builtin.apt_key:
|
||||||
path: "{{ manage_sources_proxmox_enterprise_repo_path }}"
|
url: "{{ manage_sources_proxmox_apt_repo_key_url }}"
|
||||||
state: absent
|
state: present
|
||||||
|
notify: update package lists
|
||||||
- name: check if pve-no-subscription repo keys exists
|
when: pve_no_subscription_repo_keys.stat.exists == false
|
||||||
stat:
|
|
||||||
path: "{{ manage_sources_proxmox_apt_repo_key_path }}"
|
|
||||||
register: pve_no_subscription_repo_keys
|
|
||||||
|
|
||||||
- name: add pve-no-subscription repo keys
|
|
||||||
become: yes
|
|
||||||
ansible.builtin.apt_key:
|
|
||||||
url: "{{ manage_sources_proxmox_apt_repo_key_url }}"
|
|
||||||
state: present
|
|
||||||
notify: update package lists
|
|
||||||
when: pve_no_subscription_repo_keys.stat.exists == false
|
|
||||||
|
|
||||||
- name: add pve-no-subscription repo
|
|
||||||
become: yes
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: pve-no-subscription.j2
|
|
||||||
dest: pve-no-subscription.list
|
|
||||||
notify: update package lists
|
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
- name: ensure apt.conf exists
|
|
||||||
become: true
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: apt.conf
|
|
||||||
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
|
|
||||||
backup: yes
|
|
||||||
notify: update package lists
|
|
|
@ -1,5 +0,0 @@
|
||||||
{{ file_header | default () }}
|
|
||||||
{% if manage_sources_apt_proxy | length > 0 %}
|
|
||||||
Acquire::http::proxy "http://{{ manage_sources_apt_proxy | default() }}";
|
|
||||||
Acquire::https::proxy "http://{{ manage_sources_apt_proxy | default() }}";
|
|
||||||
{% endif %}
|
|
|
@ -1 +0,0 @@
|
||||||
{{ manage_sources_proxmox_apt_repo_no_subscription }}
|
|
15
roles/mgrote.apt_manage_sources/templates/sources.j2
Normal file
15
roles/mgrote.apt_manage_sources/templates/sources.j2
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{{ file_header | default () }}
|
||||||
|
{% if repos_override is defined %}
|
||||||
|
{% for item in repos_override %}
|
||||||
|
{{ item }}
|
||||||
|
{% endfor %}
|
||||||
|
{% else %}
|
||||||
|
{% for item in repos %}
|
||||||
|
{{ item }}
|
||||||
|
{% endfor %}{% endif %}
|
||||||
|
|
||||||
|
{% if extra_repos is defined %}
|
||||||
|
{% for item in extra_repos %}
|
||||||
|
{{ item }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
9
roles/mgrote.apt_manage_sources/vars/mint.yml
Normal file
9
roles/mgrote.apt_manage_sources/vars/mint.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
# Repositories
|
||||||
|
repos:
|
||||||
|
- "deb http://packages.linuxmint.com vera main upstream import backport"
|
||||||
|
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} main restricted universe multiverse"
|
||||||
|
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates main restricted universe multiverse"
|
||||||
|
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-backports main restricted universe multiverse"
|
||||||
|
- "deb http://security.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse"
|
||||||
|
- "deb http://archive.canonical.com/ubuntu/ {{ ansible_distribution_release }} partner"
|
7
roles/mgrote.apt_manage_sources/vars/pbs.yaml
Normal file
7
roles/mgrote.apt_manage_sources/vars/pbs.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
# Repositories
|
||||||
|
repos:
|
||||||
|
- "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }} main contrib"
|
||||||
|
- "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }}-updates main contrib"
|
||||||
|
- "deb http://security.debian.org {{ ansible_distribution_release }}-security main contrib"
|
||||||
|
- "deb http://download.proxmox.com/debian/pbs {{ ansible_distribution_release }} pbs-no-subscription"
|
7
roles/mgrote.apt_manage_sources/vars/pve.yaml
Normal file
7
roles/mgrote.apt_manage_sources/vars/pve.yaml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
# Repositories
|
||||||
|
repos:
|
||||||
|
- "deb http://deb.debian.org/debian {{ ansible_distribution_release }} main contrib"
|
||||||
|
- "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-updates main contrib"
|
||||||
|
- "deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription"
|
||||||
|
- "deb http://security.debian.org/debian-security {{ ansible_distribution_release }}-security main contrib"
|
13
roles/mgrote.apt_manage_sources/vars/ubuntu.yaml
Normal file
13
roles/mgrote.apt_manage_sources/vars/ubuntu.yaml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
# Repositories
|
||||||
|
repos:
|
||||||
|
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted"
|
||||||
|
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates main restricted"
|
||||||
|
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} universe"
|
||||||
|
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates universe"
|
||||||
|
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} multiverse"
|
||||||
|
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates multiverse"
|
||||||
|
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-backports main restricted universe multiverse"
|
||||||
|
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted"
|
||||||
|
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security universe"
|
||||||
|
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security multiverse"
|
Loading…
Reference in a new issue