apt_manage_sources: templating (#549)
Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: #549
This commit is contained in:
parent
83e76dd518
commit
d6b5e4f1d7
17 changed files with 145 additions and 156 deletions
|
@ -106,11 +106,16 @@
|
|||
unattended_origins_patterns:
|
||||
- 'origin=Ubuntu,archive=${distro_codename}-security'
|
||||
- 'o=Ubuntu,a=${distro_codename}-updates'
|
||||
### mgrote.systemd-timesyncd
|
||||
ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
||||
ntp_timesyncd_servers: # welche Server sollen befragt werden
|
||||
- 192.168.2.1
|
||||
ntp_chrony_logging: false # logging an/aus
|
||||
### mgrote.ntp_chrony_client
|
||||
ntp_chrony_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
||||
ntp_chrony_driftfile_directory: "/var/lib/chrony" # Ordner für das driftfile
|
||||
ntp_chrony_servers: # welche Server sollen befragt werden
|
||||
- address: ptbtime1.ptb.de
|
||||
options: iburst #optionaler parameter
|
||||
ntp_chrony_user: _chrony # Nutzer + Gruppe für den Dienst
|
||||
ntp_chrony_group: _chrony # Nutzer + Gruppe für den Dienst
|
||||
ntp_chrony_logging: false
|
||||
|
||||
### mgrote.postfix
|
||||
postfix_absender_mailadresse: info@mgrote.net
|
||||
postfix_absender_passwort: "{{ lookup('keepass', 'postfix_absender_passwort', 'password') }}"
|
||||
|
@ -119,8 +124,6 @@
|
|||
postfix_smtp_server: smtp.strato.de
|
||||
postfix_smtp_server_port: 587
|
||||
postfix_smtp_use_tls: "yes"
|
||||
### mgrote.apt_manage_sources
|
||||
manage_sources_apt_proxy: ""
|
||||
### mgrote.tmux
|
||||
tmux_conf_destination: "/home/mg/.tmux.conf"
|
||||
tmux_bashrc_destination: "/home/mg/.bashrc"
|
||||
|
|
|
@ -53,14 +53,9 @@
|
|||
- lolcat
|
||||
- fortune-mod
|
||||
### mgrote.apt_manage_sources
|
||||
manage_sources_apt_proxy: ""
|
||||
manage_sources_extra_repos: # Extra Repositories
|
||||
- name: vivaldi
|
||||
url: "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
|
||||
### mgrote.systemd-timesyncd
|
||||
ntp_timesyncd_timezone: "Europe/Berlin" # Zeitzone in der sich der Computer befindet
|
||||
ntp_timesyncd_servers: # welche Server sollen befragt werden
|
||||
- pool.ntp.org
|
||||
# Extra-Repositories, sollte pro Host gesetzt werden
|
||||
extra_repos:
|
||||
- "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
|
||||
### oefenweb.ufw
|
||||
ufw_rules:
|
||||
- rule: allow
|
||||
|
|
|
@ -112,9 +112,6 @@
|
|||
- name: http_response
|
||||
- name: timesync
|
||||
|
||||
### mgrote.apt_manage_sources
|
||||
manage_sources_apt_proxy: ""
|
||||
|
||||
# Ansible Variablen
|
||||
### sudo
|
||||
sudo: false
|
||||
|
|
|
@ -1,22 +1,18 @@
|
|||
---
|
||||
# pve
|
||||
manage_sources_proxmox_enterprise_repo_path: /etc/apt/sources.list.d/pve-enterprise.list # wo ist das enterprise-repo
|
||||
manage_sources_proxmox_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
|
||||
manage_sources_proxmox_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
|
||||
manage_sources_proxmox_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription # url zum für no-subscription-repo, manage_sources_apt_proxy_url wird aus der variable entnommen
|
||||
manage_sources_proxmox_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg # url zum key für no-subscription-repo
|
||||
manage_sources_proxmox_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg # pfad lokal zum key für no-subscription-repo
|
||||
# pbs
|
||||
manage_sources_pbs_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
|
||||
manage_sources_pbs_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
|
||||
|
||||
# Extra-Repositories, sollte pro Host gesetzt werden
|
||||
# extra_repos:
|
||||
# - "deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main"
|
||||
|
||||
manage_sources_apt_proxy: docker10.grote.lan:9999 # url+Port vom proxy
|
||||
# manage_sources_extra_repos: # Extra Repositories
|
||||
# - name: vivaldi # optional
|
||||
# url: deb [arch=amd64] https://repo.vivaldi.com/stable/deb/ stable main
|
||||
# state: present # default: present
|
||||
# - name: xnview
|
||||
# url: deb https://repo.vivaldi.com/archive/deb/ stable main
|
||||
# in welche Datei sollen die Repositories geschrieben werden
|
||||
repo_sources_file: "/etc/apt/sources.list"
|
||||
|
||||
|
||||
# pbs
|
||||
manage_sources_pbs_enterprise_repo_path: /etc/apt/sources.list.d/pbs-enterprise.list
|
||||
manage_sources_pbs_apt_repo_key_path: /etc/apt/trusted.gpg.d/proxmox-ve-release-6.x.gpg
|
||||
manage_sources_pbs_apt_repo_key_url: http://download.proxmox.com/debian/proxmox-ve-release-6.x.gpg
|
||||
manage_sources_pbs_apt_repo_no_subscription: deb http://download.proxmox.com/debian/pbs bullseye pbs-no-subscription
|
||||
# überschreibe vars-File Repos in den host-vars
|
||||
# repos_override: # wenn diese variable gesetzt ist, überschreibt die den inhalt der vars/<os>.yaml
|
||||
# - hallo
|
||||
|
|
|
@ -1,9 +0,0 @@
|
|||
---
|
||||
- name: add extra repositories
|
||||
become: true
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "{{ item.url }}"
|
||||
filename: "{{ item.name | default(omit) }}"
|
||||
state: "{{ item.state | default('present')}}"
|
||||
with_items: "{{ manage_sources_extra_repos }}"
|
||||
when: manage_sources_extra_repos is defined
|
|
@ -1,29 +1,49 @@
|
|||
---
|
||||
- name: include ubuntu tasks (determined by "ansible_distribution")
|
||||
include_tasks: ubuntu.yml
|
||||
- name: include vars (ubuntu) (determined by "ansible_distribution")
|
||||
ansible.builtin.include_vars:
|
||||
file: ubuntu.yaml
|
||||
when:
|
||||
- ansible_distribution == 'Ubuntu'
|
||||
- manage_sources_apt_proxy is defined
|
||||
|
||||
- name: include Linux Mint tasks (determined by "ansible_distribution")
|
||||
include_tasks: mint.yml
|
||||
- name: include vars (mint) (determined by "ansible_distribution")
|
||||
ansible.builtin.include_vars:
|
||||
file: mint.yaml
|
||||
when:
|
||||
- ansible_distribution == 'Linux Mint'
|
||||
- manage_sources_apt_proxy is defined
|
||||
|
||||
- name: include pve tasks (determined by group)
|
||||
include_tasks: pve.yml
|
||||
- name: include vars (pve) (determined by group)
|
||||
ansible.builtin.include_vars:
|
||||
file: pve.yaml
|
||||
when:
|
||||
- "'pve' in group_names"
|
||||
- manage_sources_apt_proxy is defined
|
||||
|
||||
- name: include extra repo tasks
|
||||
include_tasks: extra_repos.yml
|
||||
when:
|
||||
- manage_sources_extra_repos is defined
|
||||
|
||||
- name: include pbs tasks (determined by group)
|
||||
include_tasks: pbs.yml
|
||||
- name: include vars (pbs) (determined by group)
|
||||
ansible.builtin.include_vars:
|
||||
file: pbs.yaml
|
||||
when:
|
||||
- "'pbs' in group_names"
|
||||
- manage_sources_apt_proxy is defined
|
||||
|
||||
- name: ensure /etc/apt/sources.list.d/ is absent
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: /etc/apt/sources.list.d/
|
||||
state: absent
|
||||
|
||||
- name: include preparation tasks (pbs) (determined by group)
|
||||
ansible.builtin.include_tasks: pbs.yml
|
||||
when:
|
||||
- "'pbs' in group_names"
|
||||
|
||||
- name: include preparation tasks (pve) (determined by group)
|
||||
ansible.builtin.include_tasks: pve.yml
|
||||
when:
|
||||
- "'pve' in group_names"
|
||||
|
||||
- name: template sources.list
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: sources.j2
|
||||
dest: "{{ repo_sources_file }}"
|
||||
notify: update package lists
|
||||
when:
|
||||
- repos is defined
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
- name: ensure apt.conf exists
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: apt.conf
|
||||
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
|
||||
backup: yes
|
||||
notify: update package lists
|
|
@ -1,36 +1,14 @@
|
|||
---
|
||||
- name: ensure apt.conf exists
|
||||
- name: check if pbs-no-subscription repo keys exists
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: apt.conf
|
||||
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
|
||||
backup: yes
|
||||
notify: update package lists
|
||||
|
||||
- name: remove enterprise-Repository
|
||||
become: yes
|
||||
ansible.builtin.file:
|
||||
path: "{{ manage_sources_pbs_enterprise_repo_path }}"
|
||||
state: absent
|
||||
|
||||
- name: check if pbs-no-subscription repo keys exists
|
||||
stat:
|
||||
path: "{{ manage_sources_pbs_apt_repo_key_path }}"
|
||||
register: pbs_no_subscription_repo_keys
|
||||
|
||||
- name: add pbs-no-subscription repo keys
|
||||
become: yes
|
||||
- name: add pbs-no-subscription repo keys
|
||||
become: true
|
||||
ansible.builtin.apt_key:
|
||||
url: "{{ manage_sources_pbs_apt_repo_key_url }}"
|
||||
state: present
|
||||
notify: update package lists
|
||||
when: pbs_no_subscription_repo_keys.stat.exists == false
|
||||
|
||||
- name: add pbs-no-subscription repo
|
||||
become: yes
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "{{ manage_sources_pbs_apt_repo_no_subscription }}"
|
||||
state: present
|
||||
filename: pbs-no-subscription
|
||||
update_cache: no
|
||||
notify: update package lists
|
||||
|
|
|
@ -1,34 +1,14 @@
|
|||
---
|
||||
- name: ensure apt.conf exists
|
||||
- name: check if pve-no-subscription repo keys exists
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: apt.conf
|
||||
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
|
||||
backup: yes
|
||||
notify: update package lists
|
||||
|
||||
- name: remove enterprise-Repository
|
||||
become: yes
|
||||
ansible.builtin.file:
|
||||
path: "{{ manage_sources_proxmox_enterprise_repo_path }}"
|
||||
state: absent
|
||||
|
||||
- name: check if pve-no-subscription repo keys exists
|
||||
stat:
|
||||
path: "{{ manage_sources_proxmox_apt_repo_key_path }}"
|
||||
register: pve_no_subscription_repo_keys
|
||||
|
||||
- name: add pve-no-subscription repo keys
|
||||
- name: add pve-no-subscription repo keys
|
||||
become: yes
|
||||
ansible.builtin.apt_key:
|
||||
url: "{{ manage_sources_proxmox_apt_repo_key_url }}"
|
||||
state: present
|
||||
notify: update package lists
|
||||
when: pve_no_subscription_repo_keys.stat.exists == false
|
||||
|
||||
- name: add pve-no-subscription repo
|
||||
become: yes
|
||||
ansible.builtin.template:
|
||||
src: pve-no-subscription.j2
|
||||
dest: pve-no-subscription.list
|
||||
notify: update package lists
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
---
|
||||
- name: ensure apt.conf exists
|
||||
become: true
|
||||
ansible.builtin.template:
|
||||
src: apt.conf
|
||||
dest: "{{ apt_proxy_apt_conf_path | default ('/etc/apt/apt.conf') }}"
|
||||
backup: yes
|
||||
notify: update package lists
|
|
@ -1,5 +0,0 @@
|
|||
{{ file_header | default () }}
|
||||
{% if manage_sources_apt_proxy | length > 0 %}
|
||||
Acquire::http::proxy "http://{{ manage_sources_apt_proxy | default() }}";
|
||||
Acquire::https::proxy "http://{{ manage_sources_apt_proxy | default() }}";
|
||||
{% endif %}
|
|
@ -1 +0,0 @@
|
|||
{{ manage_sources_proxmox_apt_repo_no_subscription }}
|
15
roles/mgrote.apt_manage_sources/templates/sources.j2
Normal file
15
roles/mgrote.apt_manage_sources/templates/sources.j2
Normal file
|
@ -0,0 +1,15 @@
|
|||
{{ file_header | default () }}
|
||||
{% if repos_override is defined %}
|
||||
{% for item in repos_override %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
{% else %}
|
||||
{% for item in repos %}
|
||||
{{ item }}
|
||||
{% endfor %}{% endif %}
|
||||
|
||||
{% if extra_repos is defined %}
|
||||
{% for item in extra_repos %}
|
||||
{{ item }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
9
roles/mgrote.apt_manage_sources/vars/mint.yml
Normal file
9
roles/mgrote.apt_manage_sources/vars/mint.yml
Normal file
|
@ -0,0 +1,9 @@
|
|||
---
|
||||
# Repositories
|
||||
repos:
|
||||
- "deb http://packages.linuxmint.com vera main upstream import backport"
|
||||
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} main restricted universe multiverse"
|
||||
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates main restricted universe multiverse"
|
||||
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-backports main restricted universe multiverse"
|
||||
- "deb http://security.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-security main restricted universe multiverse"
|
||||
- "deb http://archive.canonical.com/ubuntu/ {{ ansible_distribution_release }} partner"
|
7
roles/mgrote.apt_manage_sources/vars/pbs.yaml
Normal file
7
roles/mgrote.apt_manage_sources/vars/pbs.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
# Repositories
|
||||
repos:
|
||||
- "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }} main contrib"
|
||||
- "deb http://ftp.de.debian.org/debian {{ ansible_distribution_release }}-updates main contrib"
|
||||
- "deb http://security.debian.org {{ ansible_distribution_release }}-security main contrib"
|
||||
- "deb http://download.proxmox.com/debian/pbs {{ ansible_distribution_release }} pbs-no-subscription"
|
7
roles/mgrote.apt_manage_sources/vars/pve.yaml
Normal file
7
roles/mgrote.apt_manage_sources/vars/pve.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
# Repositories
|
||||
repos:
|
||||
- "deb http://deb.debian.org/debian {{ ansible_distribution_release }} main contrib"
|
||||
- "deb http://deb.debian.org/debian {{ ansible_distribution_release }}-updates main contrib"
|
||||
- "deb http://download.proxmox.com/debian/pve {{ ansible_distribution_release }} pve-no-subscription"
|
||||
- "deb http://security.debian.org/debian-security {{ ansible_distribution_release }}-security main contrib"
|
13
roles/mgrote.apt_manage_sources/vars/ubuntu.yaml
Normal file
13
roles/mgrote.apt_manage_sources/vars/ubuntu.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
# Repositories
|
||||
repos:
|
||||
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} main restricted"
|
||||
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates main restricted"
|
||||
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} universe"
|
||||
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates universe"
|
||||
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} multiverse"
|
||||
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates multiverse"
|
||||
- "deb http://de.archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-backports main restricted universe multiverse"
|
||||
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security main restricted"
|
||||
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security universe"
|
||||
- "deb http://security.ubuntu.com/ubuntu {{ ansible_distribution_release }}-security multiverse"
|
Loading…
Reference in a new issue