apt_manage_sources: templating (#549)

Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: #549
This commit is contained in:
Michael Grote 2023-07-05 15:30:24 +02:00
parent 83e76dd518
commit d6b5e4f1d7
17 changed files with 145 additions and 156 deletions

View file

@ -106,11 +106,16 @@
unattended_origins_patterns: unattended_origins_patterns:
- 'origin=Ubuntu,archive=${distro_codename}-security' - 'origin=Ubuntu,archive=${distro_codename}-security'
- 'o=Ubuntu,a=${distro_codename}-updates' - 'o=Ubuntu,a=${distro_codename}-updates'
### mgrote.systemd-timesyncd ### mgrote.ntp_chrony_client
ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
ntp_timesyncd_servers: # welche Server sollen befragt werden ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
- 192.168.2.1 ntp_chrony_servers: # welche Server sollen befragt werden
ntp_chrony_logging: false # logging an/aus - address: ptbtime1.ptb.de
options: iburst #optionaler parameter
ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
ntp_chrony_logging: false
### mgrote.postfix ### mgrote.postfix
postfix_absender_mailadresse: info@mgrote.net postfix_absender_mailadresse: info@mgrote.net
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}" postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
@ -119,8 +124,6 @@
postfix_smtp_server: smtp.strato.de postfix_smtp_server: smtp.strato.de
postfix_smtp_server_port: 587 postfix_smtp_server_port: 587
postfix_smtp_use_tls: "yes" postfix_smtp_use_tls: "yes"
### mgrote.apt_manage_sources
manage_sources_apt_proxy: ""
### mgrote.tmux ### mgrote.tmux
tmux_conf_destination: "/home/mg/.tmux.conf" tmux_conf_destination: "/home/mg/.tmux.conf"
tmux_bashrc_destination: "/home/mg/.bashrc" tmux_bashrc_destination: "/home/mg/.bashrc"

View file

@ -53,14 +53,9 @@
- lolcat - lolcat
- fortune-mod - fortune-mod
### mgrote.apt_manage_sources ### mgrote.apt_manage_sources
manage_sources_apt_proxy: "" # Extra-Repositories, sollte pro Host gesetzt werden
manage_sources_extra_repos: # Extra Repositories extra_repos:
- name: vivaldi - "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
url: "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
### mgrote.systemd-timesyncd
ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
ntp_timesyncd_servers: # welche Server sollen befragt werden
- pool.ntp.org
### oefenweb.ufw ### oefenweb.ufw
ufw_rules: ufw_rules:
- rule: allow - rule: allow

View file

@ -112,9 +112,6 @@
- name: http_response - name: http_response
- name: timesync - name: timesync
### mgrote.apt_manage_sources
manage_sources_apt_proxy: ""
# Ansible Variablen # Ansible Variablen
### sudo ### sudo
sudo: false sudo: false

View file

@ -1,22 +1,18 @@
--- ---
# pve # pve
manage_sources_proxmox_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo manage_sources_proxmox_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
manage_sources_proxmox_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo manage_sources_proxmox_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
manage_sources_proxmox_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo # pbs
manage_sources_proxmox_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen manage_sources_pbs_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
manage_sources_pbs_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
# Extra-Repositories, sollte pro Host gesetzt werden
# extra_repos:
# - "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
manage_sources_apt_proxy: docker10.grote.lan:9999 # url+Port vom proxy # in welche Datei sollen die Repositories geschrieben werden
# manage_sources_extra_repos: # Extra Repositories repo_sources_file: "/etc/apt/sources.list"
# - name: vivaldi # optional
# url: deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main
# state: present # default: present
# - name: xnview
# url: deb https://repo.vivaldi.com/archive/deb/ stable main
# überschreibe vars-File Repos in den host-vars
# pbs # repos_override: # wenn diese variable gesetzt ist, überschreibt die den inhalt der vars/<os>.yaml
manage_sources_pbs_enterprise_repo_path: /etc/apt/sources.list.d/pbs-enterprise.list # - hallo
manage_sources_pbs_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
manage_sources_pbs_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
manage_sources_pbs_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription

View file

@ -1,9 +0,0 @@
---
- name: add extra repositories
become: true
ansible.builtin.apt_repository:
repo: "{{ item.url }}"
filename: "{{ item.name | default(omit) }}"
state: "{{ item.state | default('present')}}"
with_items: "{{ manage_sources_extra_repos }}"
when: manage_sources_extra_repos is defined

View file

@ -1,29 +1,49 @@
--- ---
- name: include ubuntu tasks (determined by "ansible_distribution") - name: include vars (ubuntu) (determined by "ansible_distribution")
include_tasks: ubuntu.yml ansible.builtin.include_vars:
when: file: ubuntu.yaml
- ansible_distribution == 'Ubuntu' when:
- manage_sources_apt_proxy is defined - ansible_distribution == 'Ubuntu'
- name: include Linux Mint tasks (determined by "ansible_distribution") - name: include vars (mint) (determined by "ansible_distribution")
include_tasks: mint.yml ansible.builtin.include_vars:
when: file: mint.yaml
- ansible_distribution == 'Linux Mint' when:
- manage_sources_apt_proxy is defined - ansible_distribution == 'Linux Mint'
- name: include pve tasks (determined by group) - name: include vars (pve) (determined by group)
include_tasks: pve.yml ansible.builtin.include_vars:
when: file: pve.yaml
- "'pve' in group_names" when:
- manage_sources_apt_proxy is defined - "'pve' in group_names"
- name: include extra repo tasks - name: include vars (pbs) (determined by group)
include_tasks: extra_repos.yml ansible.builtin.include_vars:
when: file: pbs.yaml
- manage_sources_extra_repos is defined when:
- "'pbs' in group_names"
- name: include pbs tasks (determined by group) - name: ensure /etc/apt/sources.list.d/ is absent
include_tasks: pbs.yml become: true
when: ansible.builtin.file:
- "'pbs' in group_names" path: /etc/apt/sources.list.d/
- manage_sources_apt_proxy is defined state: absent
- name: include preparation tasks (pbs) (determined by group)
ansible.builtin.include_tasks: pbs.yml
when:
- "'pbs' in group_names"
- name: include preparation tasks (pve) (determined by group)
ansible.builtin.include_tasks: pve.yml
when:
- "'pve' in group_names"
- name: template sources.list
become: true
ansible.builtin.template:
src: sources.j2
dest: "{{ repo_sources_file }}"
notify: update package lists
when:
- repos is defined

View file

@ -1,8 +0,0 @@
---
- name: ensure apt.conf exists
become: true
ansible.builtin.template:
src: apt.conf
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
backup: yes
notify: update package lists

View file

@ -1,36 +1,14 @@
--- ---
- name: ensure apt.conf exists - name: check if pbs-no-subscription repo keys exists
become: true become: true
ansible.builtin.template: stat:
src: apt.conf path: "{{ manage_sources_pbs_apt_repo_key_path }}"
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}" register: pbs_no_subscription_repo_keys
backup: yes
notify: update package lists
- name: remove enterprise-Repository - name: add pbs-no-subscription repo keys
become: yes become: true
ansible.builtin.file: ansible.builtin.apt_key:
path: "{{ manage_sources_pbs_enterprise_repo_path }}" url: "{{ manage_sources_pbs_apt_repo_key_url }}"
state: absent state: present
notify: update package lists
- name: check if pbs-no-subscription repo keys exists when: pbs_no_subscription_repo_keys.stat.exists == false
stat:
path: "{{ manage_sources_pbs_apt_repo_key_path }}"
register: pbs_no_subscription_repo_keys
- name: add pbs-no-subscription repo keys
become: yes
ansible.builtin.apt_key:
url: "{{ manage_sources_pbs_apt_repo_key_url }}"
state: present
notify: update package lists
when: pbs_no_subscription_repo_keys.stat.exists == false
- name: add pbs-no-subscription repo
become: yes
ansible.builtin.apt_repository:
repo: "{{ manage_sources_pbs_apt_repo_no_subscription }}"
state: present
filename: pbs-no-subscription
update_cache: no
notify: update package lists

View file

@ -1,34 +1,14 @@
--- ---
- name: ensure apt.conf exists - name: check if pve-no-subscription repo keys exists
become: true become: true
ansible.builtin.template: stat:
src: apt.conf path: "{{ manage_sources_proxmox_apt_repo_key_path }}"
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}" register: pve_no_subscription_repo_keys
backup: yes
notify: update package lists
- name: remove enterprise-Repository - name: add pve-no-subscription repo keys
become: yes become: yes
ansible.builtin.file: ansible.builtin.apt_key:
path: "{{ manage_sources_proxmox_enterprise_repo_path }}" url: "{{ manage_sources_proxmox_apt_repo_key_url }}"
state: absent state: present
notify: update package lists
- name: check if pve-no-subscription repo keys exists when: pve_no_subscription_repo_keys.stat.exists == false
stat:
path: "{{ manage_sources_proxmox_apt_repo_key_path }}"
register: pve_no_subscription_repo_keys
- name: add pve-no-subscription repo keys
become: yes
ansible.builtin.apt_key:
url: "{{ manage_sources_proxmox_apt_repo_key_url }}"
state: present
notify: update package lists
when: pve_no_subscription_repo_keys.stat.exists == false
- name: add pve-no-subscription repo
become: yes
ansible.builtin.template:
src: pve-no-subscription.j2
dest: pve-no-subscription.list
notify: update package lists

View file

@ -1,8 +0,0 @@
---
- name: ensure apt.conf exists
become: true
ansible.builtin.template:
src: apt.conf
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
backup: yes
notify: update package lists

View file

@ -1,5 +0,0 @@
{{ file_header | default () }}
{% if manage_sources_apt_proxy | length > 0 %}
Acquire::http::proxy "http://{{ manage_sources_apt_proxy | default() }}";
Acquire::https::proxy "http://{{ manage_sources_apt_proxy | default() }}";
{% endif %}

View file

@ -1 +0,0 @@
{{ manage_sources_proxmox_apt_repo_no_subscription }}

View file

@ -0,0 +1,15 @@
{{ file_header | default () }}
{% if repos_override is defined %}
{% for item in repos_override %}
{{ item }}
{% endfor %}
{% else %}
{% for item in repos %}
{{ item }}
{% endfor %}{% endif %}
{% if extra_repos is defined %}
{% for item in extra_repos %}
{{ item }}
{% endfor %}
{% endif %}

View file

@ -0,0 +1,9 @@
---
# Repositories
repos:
- "deb http://packages.linuxmint.com vera main upstream import backport"
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} main restricted universe multiverse"
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates main restricted universe multiverse"
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-backports main restricted universe multiverse"
- "deb http://security.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse"
- "deb http://archive.canonical.com/ubuntu/ {{ ansible_distribution_release }} partner"

View file

@ -0,0 +1,7 @@
---
# Repositories
repos:
- "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }} main contrib"
- "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }}-updates main contrib"
- "deb http://security.debian.org {{ ansible_distribution_release }}-security main contrib"
- "deb http://download.proxmox.com/debian/pbs {{ ansible_distribution_release }} pbs-no-subscription"

View file

@ -0,0 +1,7 @@
---
# Repositories
repos:
- "deb http://deb.debian.org/debian {{ ansible_distribution_release }} main contrib"
- "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-updates main contrib"
- "deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription"
- "deb http://security.debian.org/debian-security {{ ansible_distribution_release }}-security main contrib"

View file

@ -0,0 +1,13 @@
---
# Repositories
repos:
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates main restricted"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} universe"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates universe"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} multiverse"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates multiverse"
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-backports main restricted universe multiverse"
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted"
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security universe"
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security multiverse"