ansible/vdk
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Dont use weareinteractive.apt

Browse Source
This commit is contained in:
Tim Dittler 2020-01-14 12:26:15 +01:00
parent 26a6c4a5fc
commit db12ae9703
No known key found for this signature in database
GPG Key ID: 714E3F93A7C7B03B
43 changed files with 24 additions and 1402 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
playbook.yml
View File

@ -34,7 +34,7 @@
- x11vnc
- xz-utils
apt_repositories:
- repo: ppa:nextcloud-devs/client
- ppa:nextcloud-devs/client
packages_absent:
- apport
- gnome-initial-setup
@ -85,8 +85,6 @@
- type: 'opentype'
src: FrutigerLTStd-UltraBlack.otf
dest: frutiger/FrutigerLTStd-UltraBlack.otf
apt_install_recommends: true
apt_remove_recommends: true
admin_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5IhVprsvVOcFPbZzD9xR0nCjZ/9qVG6RhLJ7QBSts81nRvLwnmvcMBHSf5Rfaigey7Ff5dLHfJnxRE0KDATn6n2yd/5mXpn2GAA8hDVfhdsmsb5U7bROjZNr8MmIUrP7c3msUGx1FtvzhwxtyvIWOFQpWx+W5biBa6hFjIxT1pkUJqe6fclp7xbGYKZiqZRBS4qKG5CpKnisuOYDsqYPND+OkU+PShoxGVzp1JywIVze7qeKv6GyYbRA9SP9Np+5Mit6B21Io4zOI81c2Rz6sPX7mwEAQEs7iCm2hzG8qJws45Lb4ERqDkVEVhGNUyHjHgGebS1sZx1mLExdurXlPm1l/EamkncDFDCutHXtLP7lsFFiym7fKUjSEgiiLmyu5Xm+mwZvesKa1FYNaeiFWfYZpCJrNzIk+ffs+mgg3kmL4Sd4Ooy7jXPX+WJe5Xyh1KLU/+Wj2TVrhN+LbmupYAti/Wgd3DA1v601svmG82aLmyJRtKC0rGMePH3kDbtqU72kYpzI8mXERe1TIQ00Z77kQBR/7BF/9y5/0YmYDcXt1wNCoSie+mzz3xYcEdLAc7T+DhYpd4M6VgWnuz/exzRzhQwoSdEKkEED8CpEoBrEWEiMdrlElGmlkVomLU7P9i9j1rshX/pAq0asnqeSoPdC3vNbU3keiJQnhIHECvw== christoph"
physicals_packages_dropbear:
- dropbear-initramfs
@ -121,24 +119,36 @@
regexp: '^ENABLED='
line: 'ENABLED=0'
- name: Delete unnecessary packages
apt:
pkg: "{{ packages_absent }}"
state: absent
tags: apt
roles:
- role: weareinteractive.apt
tags:
- apt
- lightdm
- nextcloud
- role: ontic.fonts
tags: fonts
- role: freedomofpress.signal-desktop
tags: signal
tasks:
- name: Install repositories
apt_repository:
repo: "{{ item }}"
with_items: "{{ apt_repositories }}"
tags:
- apt
- nextcloud
- name: Install packages
apt:
pkg: "{{ apt_packages }}"
tags:
- apt
- lightdm
- nextcloud
- name: Delete unnecessary packages
apt:
pkg: "{{ packages_absent }}"
state: absent
tags: apt
- name: copy debs
copy:
src: "{{ item }}"

2
roles/weareinteractive.apt/.ansible-lint
View File

@ -1,2 +0,0 @@
exclude_paths:
- ./meta/readme.yml

4
roles/weareinteractive.apt/.clog.toml
View File

@ -1,4 +0,0 @@
[clog]
changelog = "CHANGELOG.md"
repository = "https://github.com/weareinteractive/ansible-apt"
from-latest-tag = true

19
roles/weareinteractive.apt/.editorconfig
View File

@ -1,19 +0,0 @@
# EditorConfig helps developers define and maintain consistent
# coding styles between different editors and IDEs
# editorconfig.org
root = true
[*]
# Change these settings to your own preference
indent_size = 2
indent_style = space
# We recommend you to keep these unchanged
charset = utf-8
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
[Makefile]
indent_style = tab

8
roles/weareinteractive.apt/.gitignore vendored
View File

@ -1,8 +0,0 @@
*.log
*.retry
.DS_Store
.vagrant
.vscode/*
!.vscode/settings.json
!.vscode/extensions.json
.idea

60
roles/weareinteractive.apt/.travis.yml
View File

@ -1,60 +0,0 @@
---
sudo: required
language: python
services:
- docker
env:
global:
- role: weareinteractive.apt
matrix:
- distribution: Ubuntu
distribution_version: "18.04"
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- distribution: Ubuntu
distribution_version: "16.04"
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- distribution: Ubuntu
distribution_version: "14.04"
init: /sbin/init
run_opts: ""
- distribution: Debian
distribution_version: "9"
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
- distribution: Debian
distribution_version: "8"
init: /lib/systemd/systemd
run_opts: "--privileged --volume=/sys/fs/cgroup:/sys/fs/cgroup:ro"
before_install:
- sudo apt-get update
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
- docker pull ansiblecheck/ansiblecheck:"${distribution,,}"-"${distribution_version}"
script:
- container_id=$(mktemp)
# Start The Built Container In The Background
- docker run -d -v "${PWD}":/etc/ansible/roles/${role}:ro ${run_opts} ansiblecheck/ansiblecheck:"${distribution,,}"-"${distribution_version}" "${init}" > "${container_id}"
# Print ansible version
- docker exec -t "$(cat ${container_id})" env TERM=xterm ansible --version
# Ansible syntax check.
- 'docker exec -t "$(cat ${container_id})" env TERM=xterm ansible-playbook /etc/ansible/roles/${role}/tests/main.yml --syntax-check'
# Test role.
- 'docker exec "$(cat ${container_id})" env ANSIBLE_FORCE_COLOR=1 ansible-playbook /etc/ansible/roles/${role}/tests/main.yml'
# Test Idempotence
- idempotence=$(mktemp)
- docker exec "$(cat ${container_id})" ansible-playbook /etc/ansible/roles/${role}/tests/main.yml | tee -a ${idempotence}
- >
tail ${idempotence}
| grep -q 'failed=0'
&& (echo 'Idempotence test: pass' && exit 0)
|| (echo 'Idempotence test: fail' && exit 1)
notifications:
webhooks: https://galaxy.ansible.com/api/v1/notifications/

5
roles/weareinteractive.apt/.vscode/extensions.json vendored
View File

@ -1,5 +0,0 @@
{
"recommendations": [
"vscoss.vscode-ansible"
]
}

5
roles/weareinteractive.apt/.vscode/settings.json vendored
View File

@ -1,5 +0,0 @@
{
"files.associations": {
"*.yml": "ansible"
}
}

230
roles/weareinteractive.apt/CHANGELOG.md
View File

@ -1,230 +0,0 @@
<a name="2.9.1"></a>
### 2.9.1 (2019-12-08)
#### Bug Fixes
* fix lint error ([65f889bd](https://github.com/weareinteractive/ansible-apt/commit/65f889bd07e3a7fd33e7df42023e7543b8af7c4a))
<a name="2.9.0"></a>
## 2.9.0 (2019-12-08)
#### Bug Fixes
* fix logic with apt_remove_recommends variable ([eaea78e1](https://github.com/weareinteractive/ansible-apt/commit/eaea78e1fb43f86b2a27db23ba121e805de8d835))
<a name="2.8.0"></a>
## 2.8.0 (2019-10-18)
#### Features
* remove depricated apt_remount_filesystem ([7ca12fb4](https://github.com/weareinteractive/ansible-apt/commit/7ca12fb483e0cd8272589e5b1393e4c74611fb2a))
<a name="2.7.0"></a>
## 2.7.0 (2019-09-16)
#### Features
* extend unattended update config Merge branch 'pbessonies-feature/update_unattended_template' ([7b2c0e4f](https://github.com/weareinteractive/ansible-apt/commit/7b2c0e4fadf07feb8ef3a97425a282b38315a44b))
<a name="2.6.1"></a>
### 2.6.1 (2019-09-16)
#### Bug Fixes
* ensure unattended-upgrades package installation ([03740eea](https://github.com/weareinteractive/ansible-apt/commit/03740eea70fdf744256e708798ea048be22a2a9e))
#### Features
* add bool check ([1f9f71d3](https://github.com/weareinteractive/ansible-apt/commit/1f9f71d32df59563ebb2fb40b82ddc2e916e9de8))
<a name="2.5.1"></a>
### 2.5.1 (2019-06-17)
#### Features
* update syntax to ansible 2.8 ([fa5f8740](https://github.com/weareinteractive/ansible-apt/commit/fa5f87400d1d1db233bffcf8ced0b82c6460fd4d))
<a name="2.5.0"></a>
## 2.5.0 (2018-12-12)
#### Features
* add apt pinning ([349d5b09](https://github.com/weareinteractive/ansible-apt/commit/349d5b09a9b90513da4b66829eca1172da692e96))
* added apt pinning ([d66994de](https://github.com/weareinteractive/ansible-apt/commit/d66994de87a291cb5a2ebfe2ed4867e290ad68fb))
<a name="2.4.2"></a>
### 2.4.2 (2018-11-01)
#### Features
* add options to apt_keys and apt_repositories ([f2ce4e0e](https://github.com/weareinteractive/ansible-apt/commit/f2ce4e0e6d41f539610adb34e0ac1093e482677c))
* added options ([bb80fe88](https://github.com/weareinteractive/ansible-apt/commit/bb80fe8804ee2bac18065b89a8abcadc14f0ed9b))
<a name="2.4.1"></a>
### 2.4.1 (2018-11-01)
#### Bug Fixes
* fix deprication warning for ansible 2.7 and apt package loops ([556b6445](https://github.com/weareinteractive/ansible-apt/commit/556b6445e748004846c6e16248d9d92b69afd0c3))
<a name="2.5.0"></a>
## 2.5.0 (2018-10-08)
<a name="2.3.1"></a>
### 2.3.1 (2017-12-18)
#### Bug Fixes
* rename missing include to include_tasks ([da051d29](https://github.com/weareinteractive/ansible-apt/commit/da051d29e279e48061e7e6b41f504a00f1508b16))
<a name="2.3.0"></a>
## 2.3.0 (2017-12-18)
#### Features
* upgrade tasks for ansible 2.4 ([6e5a1ca4](https://github.com/weareinteractive/ansible-apt/commit/6e5a1ca49a855e7c183446cb4a2d817d58bab59f))
<a name="2.2.0"></a>
## 2.2.0 (2017-08-24)
#### Features
* add option to alter solution cost ([cfaf694c](https://github.com/weareinteractive/ansible-apt/commit/cfaf694c6ea921e6d6209db0e851c84dd35c8fe2))
* allow multiple file systems to be remounted ([5cb5a96c](https://github.com/weareinteractive/ansible-apt/commit/5cb5a96cfbdce66f7b5f4d2f7716e1e30279ac98))
<a name="2.1.0"></a>
## 2.1.0 (2017-01-27)
#### Features
* use builtin autoremove option ([87a34935](https://github.com/weareinteractive/ansible-apt/commit/87a34935874f78d4752f2557c9094496eb51a391))
<a name="2.0.3"></a>
### 2.0.3 (2016-08-18)
#### Bug Fixes
* fix proxy config conditions ([27787e80](https://github.com/weareinteractive/ansible-apt/commit/27787e80dc805a828af35b7206aae835e9d8b0aa))
<a name="2.0.2"></a>
### 2.0.2 (2016-04-25)
#### Features
* always get latest unattended-upgrades instead of just present ([a927d6af](https://github.com/weareinteractive/ansible-apt/commit/a927d6afbc0b35481c5eea3623cd5eebf7a3d415))
<a name="2.0.1"></a>
### 2.0.1 (2016-03-22)
#### Features
* escape bare variables ([96525b39](https://github.com/weareinteractive/ansible-apt/commit/96525b393671352973d81abfcb942272f70dc6bd))
<a name="2.0.0"></a>
## 2.0.0 (2016-03-15)
#### Features
* update to ansible 2.0 ([052bc675](https://github.com/weareinteractive/ansible-apt/commit/052bc675f01ded71c7bd9bd7e8154ecb2f600c4a))
<a name="1.8.0"></a>
## 1.8.0 (2016-01-11)
#### Features
* add support for proxy servers ([91ae92f5](https://github.com/weareinteractive/ansible-apt/commit/91ae92f56e7f3fa2f9851adc03235d3985dd7b7e))
<a name="1.7.1"></a>
### 1.7.1 (2015-12-03)
#### Features
* adds variables to configure apt ([3ec652be](https://github.com/weareinteractive/ansible-apt/commit/3ec652be9513b0d8b9b1bb7f317aa6a4c30256ff))
* only adds 50unattended-upgrades config if enabled ([14742e5e](https://github.com/weareinteractive/ansible-apt/commit/14742e5ee87bf135edf8756ce9cd197ca65b346d))
* updates travis tests ([2d1873da](https://github.com/weareinteractive/ansible-apt/commit/2d1873daec0e1b76e4bcafbb898ac63c4b12e91f))
* using ansible-role to generate README ([3abe7246](https://github.com/weareinteractive/ansible-apt/commit/3abe72463af5d4d101570e233d497a96e910e4ea))
* adds CHANGELOG ([5f4c6673](https://github.com/weareinteractive/ansible-apt/commit/5f4c66734445e239fb96faec557a6c5e708cd5b3))
#### Bug Fixes
* fixes quotation marks on 'APT::Periodic::Enable' value ([bf19c900](https://github.com/weareinteractive/ansible-apt/commit/bf19c90034badb1173ad9b204d815d17cd33ba9d))
* fixes the usage of unattended upgrades ([04f25734](https://github.com/weareinteractive/ansible-apt/commit/04f25734fa29aba48ec3f9461c9488785bfe8ae3))
<a name="1.7.0"></a>
## 1.7.0 (2015-11-30)
#### Features
* adds variables to configure apt ([3ec652be](https://github.com/weareinteractive/ansible-apt/commit/3ec652be9513b0d8b9b1bb7f317aa6a4c30256ff))
* only adds 50unattended-upgrades config if enabled ([14742e5e](https://github.com/weareinteractive/ansible-apt/commit/14742e5ee87bf135edf8756ce9cd197ca65b346d))
* updates travis tests ([2d1873da](https://github.com/weareinteractive/ansible-apt/commit/2d1873daec0e1b76e4bcafbb898ac63c4b12e91f))
* using ansible-role to generate README ([3abe7246](https://github.com/weareinteractive/ansible-apt/commit/3abe72463af5d4d101570e233d497a96e910e4ea))
* adds CHANGELOG ([5f4c6673](https://github.com/weareinteractive/ansible-apt/commit/5f4c66734445e239fb96faec557a6c5e708cd5b3))
#### Bug Fixes
* fixes the usage of unattended upgrades ([04f25734](https://github.com/weareinteractive/ansible-apt/commit/04f25734fa29aba48ec3f9461c9488785bfe8ae3))

22
roles/weareinteractive.apt/LICENSE
View File

@ -1,22 +0,0 @@
Copyright (c) We Are Interactive
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without
restriction, including without limitation the rights to use,
copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the
Software is furnished to do so, subject to the following
conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.

41
roles/weareinteractive.apt/Makefile
View File

@ -1,41 +0,0 @@
PWD=$(shell pwd)
ROLE_NAME=weareinteractive.apt
ROLE_PATH=/etc/ansible/roles/$(ROLE_NAME)
TEST_VERSION=ansible --version
TEST_SYNTAX=ansible-playbook -v -i 'localhost,' -c local $(ROLE_PATH)/tests/main.yml --syntax-check
TEST_PLAYBOOK=ansible-playbook -v -i 'localhost,' -c local $(ROLE_PATH)/tests/main.yml
TEST_IDEMPOTENT=$(TEST_PLAYBOOK) | grep -q 'changed=0.*failed=0' && (echo 'Idempotence test: pass' && exit 0) || (echo 'Idempotence test: fail' && exit 1)
TEST_CMD=$(TEST_VERSION); $(TEST_SYNTAX); $(TEST_DEPS); $(TEST_PLAYBOOK); $(TEST_IDEMPOTENT)
docs:
ansible-role docgen
lint:
ansible-lint .
ubuntu%: TEST_DEPS=apt-get update && \
apt-get install -y python
ubuntu18.04: dist=ubuntu-18.04
ubuntu18.04: .run
ubuntu16.04: dist=ubuntu-16.04
ubuntu16.04: .run
ubuntu14.04: dist=ubuntu-14.04
ubuntu14.04: .run
debian%: TEST_DEPS=apt-get update && \
apt-get install -y python
debian9: dist=debian-9
debian9: .run
debian8: dist=debian-8
debian8: .run
.run:
@echo "RUN:"
@echo " docker run -it --rm -v $(PWD):$(ROLE_PATH) ansiblecheck/ansiblecheck:$(dist) /bin/bash"
@echo " $(TEST_CMD)"
@docker run -it --rm -v $(PWD):$(ROLE_PATH) ansiblecheck/ansiblecheck:$(dist) /bin/bash -c "$(TEST_CMD)"

268
roles/weareinteractive.apt/README.md
View File

@ -1,268 +0,0 @@
# Ansible weareinteractive.apt role
[![Build Status](https://img.shields.io/travis/weareinteractive/ansible-apt.svg)](https://travis-ci.org/weareinteractive/ansible-apt)
[![Galaxy](http://img.shields.io/badge/galaxy-weareinteractive.apt-blue.svg)](https://galaxy.ansible.com/weareinteractive/apt)
[![GitHub Tags](https://img.shields.io/github/tag/weareinteractive/ansible-apt.svg)](https://github.com/weareinteractive/ansible-apt)
[![GitHub Stars](https://img.shields.io/github/stars/weareinteractive/ansible-apt.svg)](https://github.com/weareinteractive/ansible-apt)
> `weareinteractive.apt` is an [Ansible](http://www.ansible.com) role which:
>
> * updates apt
> * cleans up apt
> * configures apt
> * installs packages
> * add repositories
> * add keys
> * apt pinning
> * manages unattended upgrades
> * optionally alters solution cost
> * optionally allows filesystems to be remounted
**Note:**
> Since Ansible Galaxy supports [organization](https://www.ansible.com/blog/ansible-galaxy-2-release) now, this role has moved from `franklinkim.apt` to `weareinteractive.apt`!
## Installation
Using `ansible-galaxy`:
```shell
$ ansible-galaxy install weareinteractive.apt
```
Using `requirements.yml`:
```yaml
- src: weareinteractive.apt
```
Using `git`:
```shell
$ git clone https://github.com/weareinteractive/ansible-apt.git weareinteractive.apt
```
## Dependencies
* Ansible >= 2.4
## Variables
Here is a list of all the default variables for this role, which are also available in `defaults/main.yml`.
```yaml
---
# apt_unattended_upgrades_blacklist:
# - vim
# - libc6
# apt_mails:
# - root
# - foo@dev.null
# apt_keys:
# - id: 473041FA
# file: /tmp/apt.gpg
# data: "{{ lookup('file', 'apt.asc') }}"
# keyring: /etc/apt/trusted.gpg.d/debian.gpg
# keyserver: keyserver.ubuntu.com
# url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
# validate_certs: yes
# state: present
# apt_repositories:
# - codename: trusty
# filename: google-chrome
# mode: 0644
# repo: 'ppa:nginx/stable'
# state: present
# update_cache: yes
# sets the amount of time the cache is valid
apt_cache_valid_time: 3600
# upgrade system: safe | full | dist
apt_upgrade: no
# packages to install
apt_packages: []
# remove packages that are no longer needed for dependencies
apt_autoremove: yes
# remove .deb files for packages no longer on your system
apt_autoclean: yes
# .deb packages to install.
apt_deb_packages: []
# whether or not suggested packages should be installed.
apt_install_suggests: no
# do not install Recommended packages by default
apt_install_recommends: no
# allow 'apt-get autoremove' to remove recommended packages
apt_remove_recommends: no
# Enable the update/upgrade script
apt_periodic: yes
# Do “apt-get update” automatically every n-days (0=disable)
apt_update_package_lists: 1
# Do “apt-get upgrade download-only” every n-days (0=disable)
apt_download_upgradeable_packages: 0
# Do “apt-get autoclean” every n-days (0=disable)
apt_auto_clean_interval: 0
# enable unattended-upgrades
apt_unattended_upgrades: yes
# list of origins patterns to control which packages are upgraded
# replaces allowed-origins, kept for compatibility
apt_unattended_upgrades_origins: []
# List of allowed-origins, default value kept for compatibility
# set to null to use origins-pattern
apt_unattended_upgrades_allowed:
- ${distro_id}:${distro_codename}-security
# list of packages to not update (regexp are supported)
apt_unattended_upgrades_blacklist: []
# Split the upgrade into the smallest possible chunks so that
# they can be interrupted with SIGUSR1. This makes the upgrade
# a bit slower but it has the benefit that shutdown while a upgrade
# is running is possible (with a small delay)
apt_unattended_upgrades_minimal_steps: no
# Send email to this address for problems or packages upgrades
# If empty or unset then no email is sent, make sure that you
# have a working mail setup on your system. A package that provides
# 'mailx' must be installed. E.g. "user@example.com"
apt_mails: []
# Set this value to "true" to get emails only on errors. Default
# is to always send a mail if Unattended-Upgrade::Mail is set
apt_unattended_upgrades_notify_error_only: yes
# Do automatic removal of new unused dependencies after the upgrade
# (equivalent to apt-get autoremove)
apt_unattended_upgrades_autoremove: yes
# Automatically reboot *WITHOUT CONFIRMATION*
# if the file /var/run/reboot-required is found after the upgrade
apt_unattended_upgrades_automatic_reboot: no
# Automatically reboot even if there are users currently logged in.
apt_unattended_upgrades_automatic_reboot_with_users: no
# If automatic reboot is enabled and needed, reboot at the specific
# time instead of immediately
# Values: now | 02:00 | ...
apt_unattended_upgrades_automatic_reboot_time: now
# Enable logging to syslog.
apt_unattended_upgrades_syslog_enable: no
# Specify syslog facility.
apt_unattended_upgrades_syslog_facility: daemon
# Override download timer ? Default no
apt_unattended_upgrades_download_timer_override: null
# In case of override :
# apt_unattended_upgrades_download_timer_override:
# on_calendar_replace: (true|false) If true, delete default system schedule. If not, default and new schedules will be merged
# on_calendar: new schedule, see man systemd.time.7, example : 'Mon..Fri *-*-* 6:00'
# randomized_delay_sec: random delay in sec
# persistent: (true|false)
# See systemd.time.5 for random delay and persistent
# Override upgrade timer the same way
apt_unattended_upgrades_upgrade_timer_override: null
# apt_unattended_upgrades_upgrade_timer_override:
# on_calendar_replace:
# on_calendar:
# randomized_delay_sec:
# persistent:
# remount file system: currently supported options are rootfs and tmpfs
# tmpfs: remount tmp before running if mounted noexec
# rootfs: remount root filesystem r/w before running if mounted r/o
apt_remount_filesystems: []
# repositories to register
apt_repositories: []
# gpg keys for external repositories
apt_keys: []
# HTTP proxy server (optional)
# apt_http_proxy_address:
# HTTP pipeline depth (optional)
# apt_http_pipeline_depth: 5
# Change Aptitudes solution costs, default is not to change anything
# Mirror https://lists.debian.org/543FF3BD.1020609@zen.co.uk
# apt_aptitude_solution_cost:
# - priority
# - removals
# - canceled-actions
apt_aptitude_solution_cost: []
# List of preferences options.
# apt_preferences:
# - file: perl
# package: perl
# pin: "version 5.20*"
# priority: 1001
apt_preferences: []
```
## Handlers
These are the handlers that are defined in `handlers/main.yml`.
```yaml
---
- name: reload systemd
systemd:
daemon_reload: true
```
## Usage
This is an example playbook:
```yaml
---
- hosts: all
become: yes
roles:
- weareinteractive.apt
vars:
apt_cache_valid_time: 7200
apt_packages:
- vim
- tree
- ca-certificates
apt_deb_packages:
- "https://releases.hashicorp.com/vagrant/2.1.5/vagrant_2.1.5_x86_64.deb"
apt_mails:
- root
apt_preferences:
- file: perl
package: perl
pin: "version 5.20*"
priority: 1001
apt_unattended_upgrades_notify_error_only: no
```
## Testing
```shell
$ git clone https://github.com/weareinteractive/ansible-apt.git
$ cd ansible-apt
$ make test
```
## Contributing
In lieu of a formal style guide, take care to maintain the existing coding style. Add unit tests and examples for any new or changed functionality.
1. Fork it
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create new Pull Request
*Note: To update the `README.md` file please install and run `ansible-role`:*
```shell
$ gem install ansible-role
$ ansible-role docgen
```
## License
Copyright (c) We Are Interactive under the MIT license.

141
roles/weareinteractive.apt/defaults/main.yml
View File

@ -1,141 +0,0 @@
---
# apt_unattended_upgrades_blacklist:
# - vim
# - libc6
# apt_mails:
# - root
# - foo@dev.null
# apt_keys:
# - id: 473041FA
# file: /tmp/apt.gpg
# data: "{{ lookup('file', 'apt.asc') }}"
# keyring: /etc/apt/trusted.gpg.d/debian.gpg
# keyserver: keyserver.ubuntu.com
# url: https://ftp-master.debian.org/keys/archive-key-6.0.asc
# validate_certs: yes
# state: present
# apt_repositories:
# - codename: trusty
# filename: google-chrome
# mode: 0644
# repo: 'ppa:nginx/stable'
# state: present
# update_cache: yes
# sets the amount of time the cache is valid
apt_cache_valid_time: 3600
# upgrade system: safe | full | dist
apt_upgrade: no
# packages to install
apt_packages: []
# remove packages that are no longer needed for dependencies
apt_autoremove: yes
# remove .deb files for packages no longer on your system
apt_autoclean: yes
# .deb packages to install.
apt_deb_packages: []
# whether or not suggested packages should be installed.
apt_install_suggests: no
# do not install Recommended packages by default
apt_install_recommends: no
# allow 'apt-get autoremove' to remove recommended packages
apt_remove_recommends: no
# Enable the update/upgrade script
apt_periodic: yes
# Do “apt-get update” automatically every n-days (0=disable)
apt_update_package_lists: 1
# Do “apt-get upgrade download-only” every n-days (0=disable)
apt_download_upgradeable_packages: 0
# Do “apt-get autoclean” every n-days (0=disable)
apt_auto_clean_interval: 0
# enable unattended-upgrades
apt_unattended_upgrades: yes
# list of origins patterns to control which packages are upgraded
# replaces allowed-origins, kept for compatibility
apt_unattended_upgrades_origins: []
# List of allowed-origins, default value kept for compatibility
# set to null to use origins-pattern
apt_unattended_upgrades_allowed:
- ${distro_id}:${distro_codename}-security
# list of packages to not update (regexp are supported)
apt_unattended_upgrades_blacklist: []
# Split the upgrade into the smallest possible chunks so that
# they can be interrupted with SIGUSR1. This makes the upgrade
# a bit slower but it has the benefit that shutdown while a upgrade
# is running is possible (with a small delay)
apt_unattended_upgrades_minimal_steps: no
# Send email to this address for problems or packages upgrades
# If empty or unset then no email is sent, make sure that you
# have a working mail setup on your system. A package that provides
# 'mailx' must be installed. E.g. "user@example.com"
apt_mails: []
# Set this value to "true" to get emails only on errors. Default
# is to always send a mail if Unattended-Upgrade::Mail is set
apt_unattended_upgrades_notify_error_only: yes
# Do automatic removal of new unused dependencies after the upgrade
# (equivalent to apt-get autoremove)
apt_unattended_upgrades_autoremove: yes
# Automatically reboot *WITHOUT CONFIRMATION*
# if the file /var/run/reboot-required is found after the upgrade
apt_unattended_upgrades_automatic_reboot: no
# Automatically reboot even if there are users currently logged in.
apt_unattended_upgrades_automatic_reboot_with_users: no
# If automatic reboot is enabled and needed, reboot at the specific
# time instead of immediately
# Values: now | 02:00 | ...
apt_unattended_upgrades_automatic_reboot_time: now
# Enable logging to syslog.
apt_unattended_upgrades_syslog_enable: no
# Specify syslog facility.
apt_unattended_upgrades_syslog_facility: daemon
# Override download timer ? Default no
apt_unattended_upgrades_download_timer_override: null
# In case of override :
# apt_unattended_upgrades_download_timer_override:
# on_calendar_replace: (true|false) If true, delete default system schedule. If not, default and new schedules will be merged
# on_calendar: new schedule, see man systemd.time.7, example : 'Mon..Fri *-*-* 6:00'
# randomized_delay_sec: random delay in sec
# persistent: (true|false)
# See systemd.time.5 for random delay and persistent
# Override upgrade timer the same way
apt_unattended_upgrades_upgrade_timer_override: null
# apt_unattended_upgrades_upgrade_timer_override:
# on_calendar_replace:
# on_calendar:
# randomized_delay_sec:
# persistent:
# remount file system: currently supported options are rootfs and tmpfs
# tmpfs: remount tmp before running if mounted noexec
# rootfs: remount root filesystem r/w before running if mounted r/o
apt_remount_filesystems: []
# repositories to register
apt_repositories: []
# gpg keys for external repositories
apt_keys: []
# HTTP proxy server (optional)
# apt_http_proxy_address:
# HTTP pipeline depth (optional)
# apt_http_pipeline_depth: 5
# Change Aptitudes solution costs, default is not to change anything
# Mirror https://lists.debian.org/543FF3BD.1020609@zen.co.uk
# apt_aptitude_solution_cost:
# - priority
# - removals
# - canceled-actions
apt_aptitude_solution_cost: []
# List of preferences options.
# apt_preferences:
# - file: perl
# package: perl
# pin: "version 5.20*"
# priority: 1001
apt_preferences: []

5
roles/weareinteractive.apt/handlers/main.yml
View File

@ -1,5 +0,0 @@
---
- name: reload systemd
systemd:
daemon_reload: true

2
roles/weareinteractive.apt/meta/.galaxy_install_info
View File

@ -1,2 +0,0 @@
install_date: Sat Jan 11 17:32:26 2020
version: 2.9.1

142
roles/weareinteractive.apt/meta/main.yml
View File

@ -1,142 +0,0 @@
---
galaxy_info:
author: franklin
company: We Are Interactive
description: Configures apt and installs/updates packages
min_ansible_version: 2.4
license: MIT
# Optionally specify the branch Galaxy will use when accessing the GitHub
# repo for this role. During role install, if no tags are available,
# Galaxy will use this branch. During import Galaxy will access files on
# this branch. If travis integration is cofigured, only notification for this
# branch will be accepted. Otherwise, in all cases, the repo's default branch
# (usually master) will be used.
github_branch: master
#
# Below are all platforms currently available. Just uncomment
# the ones that apply to your role. If you don't see your
# platform on this list, let us know and we'll get it added!
#
platforms:
#- name: EL
# versions:
# - all
# - 5
# - 6
# - 7
#- name: GenericUNIX
# versions:
# - all
# - any
#- name: Solaris
# versions:
# - all
# - 10
# - 11.0
# - 11.1
# - 11.2
# - 11.3
#- name: Fedora
# versions:
# - all
# - 16
# - 17
# - 18
# - 19
# - 20
# - 21
# - 22
# - 23
#- name: Windows
# versions:
# - all
# - 2012R2
#- name: SmartOS
# versions:
# - all
# - any
#- name: opensuse
# versions:
# - all
# - 12.1
# - 12.2
# - 12.3
# - 13.1
# - 13.2
#- name: Amazon
# versions:
# - all
# - 2013.03
# - 2013.09
#- name: GenericBSD
# versions:
# - all
# - any
#- name: FreeBSD
# versions:
# - all
# - 10.0
# - 10.1
# - 10.2
# - 8.0
# - 8.1
# - 8.2
# - 8.3
# - 8.4
# - 9.0
# - 9.1
# - 9.1
# - 9.2
# - 9.3
- name: Ubuntu
versions:
- all
# - lucid
# - maverick
# - natty
# - oneiric
# - precise
# - quantal
# - raring
# - saucy
# - trusty
# - utopic
# - vivid
# - wily
#- name: SLES
# versions:
# - all
# - 10SP3
# - 10SP4
# - 11
# - 11SP1
# - 11SP2
# - 11SP3
#- name: GenericLinux
# versions:
# - all
# - any
- name: Debian
versions:
- all
# - etch
# - jessie
# - lenny
# - squeeze
# - wheezy
#
# List tags for your role here, one per line. A tag is
# a keyword that describes and categorizes the role.
# Users find roles by searching for tags. Be sure to
# remove the '[]' above if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of
# alphanumeric characters. Maximum 20 tags per role.
galaxy_tags:
- system
- apt
# List your role dependencies here, one per line. Only
# dependencies available via galaxy should be listed here.
# Be sure to remove the '[]' above if you add dependencies
# to this list.
dependencies: []

25
roles/weareinteractive.apt/meta/readme.yml
View File

@ -1,25 +0,0 @@
---
galaxy_name: weareinteractive.apt
github_user: weareinteractive
github_name: ansible-apt
badges: |
[![Build Status](https://img.shields.io/travis/weareinteractive/ansible-apt.svg)](https://travis-ci.org/weareinteractive/ansible-apt)
[![Galaxy](http://img.shields.io/badge/galaxy-weareinteractive.apt-blue.svg)](https://galaxy.ansible.com/weareinteractive/apt)
[![GitHub Tags](https://img.shields.io/github/tag/weareinteractive/ansible-apt.svg)](https://github.com/weareinteractive/ansible-apt)
[![GitHub Stars](https://img.shields.io/github/stars/weareinteractive/ansible-apt.svg)](https://github.com/weareinteractive/ansible-apt)
description: |
> * updates apt
> * cleans up apt
> * configures apt
> * installs packages
> * add repositories
> * add keys
> * apt pinning
> * manages unattended upgrades
> * optionally alters solution cost
> * optionally allows filesystems to be remounted
**Note:**
> Since Ansible Galaxy supports [organization](https://www.ansible.com/blog/ansible-galaxy-2-release) now, this role has moved from `franklinkim.apt` to `weareinteractive.apt`!

65
roles/weareinteractive.apt/tasks/config.yml
View File

@ -1,65 +0,0 @@
---
- name: Configuring APT
template:
src: "{{ item }}.j2"
dest: "/{{ item }}"
owner: "root"
group: "root"
mode: "0644"
with_items:
- "etc/apt/apt.conf.d/10general"
- "etc/apt/apt.conf.d/10periodic"
- name: Configuring APT
template:
src: "{{ item }}.j2"
dest: "/{{ item }}"
owner: "root"
group: "root"
mode: "0644"
when: apt_unattended_upgrades | bool
with_items:
- "etc/apt/apt.conf.d/50unattended-upgrades"
- name: Configuring APT Download timer
include_tasks: unattended_upgrades_download_timer.yml
when: apt_unattended_upgrades_download_timer_override is not none
- name: Configuring APT Upgrade timer
include_tasks: unattended_upgrades_upgrade_timer.yml
when: apt_unattended_upgrades_upgrade_timer_override is not none
- name: Configuring remount filesystems
template:
src: "etc/apt/apt.conf.d/10remount_{{ item }}.j2"
dest: "/etc/apt/apt.conf.d/10remount_{{ item }}"
owner: "root"
group: "root"
mode: "0644"
when: apt_remount_filesystems | bool
with_items:
- "{{ apt_remount_filesystems }}"
- name: Configuring APT proxy behavior
template:
src: "{{ item }}.j2"
dest: "/{{ item }}"
owner: "root"
group: "root"
mode: "0644"
when: apt_http_proxy_address is defined or apt_https_proxy_address is defined
with_items:
- "etc/apt/apt.conf.d/00proxy"
- name: Alter Aptitude solution costs
template:
src: "{{ item }}.j2"
dest: "/{{ item }}"
owner: "root"
group: "root"
mode: "0644"
when: apt_aptitude_solution_cost | bool
with_items:
- "etc/apt/apt.conf.d/20alter-aptitude-solution-cost"

7
roles/weareinteractive.apt/tasks/debs.yml
View File

@ -1,7 +0,0 @@
---
- name: Installing .deb packages
apt:
deb: "{{ item }}"
autoremove: "{{ apt_autoremove }}"
with_items: "{{ apt_deb_packages }}"

11
roles/weareinteractive.apt/tasks/dependencies.yml
View File

@ -1,11 +0,0 @@
---
- name: Installing required packages
apt:
name: "{{ packages }}"
state: present
vars:
packages:
- aptitude
- python-apt
- python-pycurl

6
roles/weareinteractive.apt/tasks/install.yml
View File

@ -1,6 +0,0 @@
---
- include_tasks: update.yml
- include_tasks: upgrade.yml
- include_tasks: dependencies.yml
- include_tasks: unattended_upgrades.yml

13
roles/weareinteractive.apt/tasks/keys.yml
View File

@ -1,13 +0,0 @@
---
- name: Adding apt signing key
apt_key:
id: "{{ item.id | default(omit) }}"
file: "{{ item.file | default(omit) }}"
data: "{{ item.data | default(omit) }}"
keyring: "{{ item.keyring | default(omit) }}"
keyserver: "{{ item.keyserver | default(omit) }}"
url: "{{ item.url | default(omit) }}"
validate_certs: "{{ item.validate_certs | default(omit) }}"
state: "{{ item.state | default('present') }}"
with_items: "{{ apt_keys }}"

22
roles/weareinteractive.apt/tasks/main.yml
View File

@ -1,22 +0,0 @@
---
- import_tasks: config.yml
tags:
- system
- apt
- config
- apt-config
- import_tasks: install.yml
tags:
- system
- apt
- install
- apt-install
- import_tasks: manage.yml
tags:
- system
- apt
- manage
- apt-manage

7
roles/weareinteractive.apt/tasks/manage.yml
View File

@ -1,7 +0,0 @@
---
- include_tasks: keys.yml
- include_tasks: repositories.yml
- include_tasks: preferences.yml
- include_tasks: packages.yml
- include_tasks: debs.yml

7
roles/weareinteractive.apt/tasks/packages.yml
View File

@ -1,7 +0,0 @@
---
- name: Installing packages
apt:
name: "{{ apt_packages }}"
state: present
autoremove: "{{ apt_autoremove }}"

10
roles/weareinteractive.apt/tasks/preferences.yml
View File

@ -1,10 +0,0 @@
---
- name: Configuring APT preferences
template:
src: etc/apt/preferences.d/preferences.j2
dest: "/etc/apt/preferences.d/{{ item.file }}"
owner: root
group: root
mode: 0644
with_items: "{{ apt_preferences }}"

11
roles/weareinteractive.apt/tasks/repositories.yml
View File

@ -1,11 +0,0 @@
---
- name: Adding apt repository
apt_repository:
codename: "{{ item.codename | default(omit) }}"
filename: "{{ item.filename | default(omit) }}"
mode: "{{ item.mode | default(omit) }}"
repo: "{{ item.repo | default(omit) }}"
state: "{{ item.state | default(omit) }}"
update_cache: "{{ item.update_cache | default('yes') }}"
with_items: "{{ apt_repositories }}"

7
roles/weareinteractive.apt/tasks/unattended_upgrades.yml
View File

@ -1,7 +0,0 @@
---
- name: Installing packages
apt:
pkg: "unattended-upgrades"
state: "{{ 'latest' if apt_unattended_upgrades else 'absent' }}"
when: apt_unattended_upgrades | bool

20
roles/weareinteractive.apt/tasks/unattended_upgrades_download_timer.yml
View File

@ -1,20 +0,0 @@
---
- name: Creating Download timer directory
file:
path: "/etc/systemd/system/apt-daily.timer.d"
state: directory
owner: root
group: root
mode: "0755"
- name: Configuring Download timer
template:
src: "{{ item }}.j2"
dest: "/{{ item }}"
owner: "root"
group: "root"
mode: "0644"
with_items:
- "etc/systemd/system/apt-daily.timer.d/override.conf"
notify: reload systemd

20
roles/weareinteractive.apt/tasks/unattended_upgrades_upgrade_timer.yml
View File

@ -1,20 +0,0 @@
---
- name: Creating Upgrade timer directory
file:
path: "/etc/systemd/system/apt-daily-upgrade.timer.d"
state: directory
owner: root
group: root
mode: "0755"
- name: Configuring Upgrade timer
template:
src: "{{ item }}.j2"
dest: "/{{ item }}"
owner: "root"
group: "root"
mode: "0644"
with_items:
- "etc/systemd/system/apt-daily-upgrade.timer.d/override.conf"
notify: reload systemd

6
roles/weareinteractive.apt/tasks/update.yml
View File

@ -1,6 +0,0 @@
---
- name: Updating cache
apt:
update_cache: yes
cache_valid_time: "{{ apt_cache_valid_time }}"

8
roles/weareinteractive.apt/tasks/upgrade.yml
View File

@ -1,8 +0,0 @@
---
- name: Upgrading system
apt:
upgrade: "{{ apt_upgrade }}"
update_cache: yes
autoremove: "{{ apt_autoremove }}"
when: (apt_upgrade == "safe") or (apt_upgrade == "full") or (apt_upgrade == "dist")

11
roles/weareinteractive.apt/templates/etc/apt/apt.conf.d/00proxy.j2
View File

@ -1,11 +0,0 @@
// {{ ansible_managed }}
{% if apt_http_proxy_address is defined and apt_http_proxy_address %}
Acquire::http::Proxy "{{ apt_http_proxy_address }}";
{% endif %}
{% if apt_https_proxy_address is defined and apt_https_proxy_address %}
Acquire::https::Proxy "{{ apt_https_proxy_address }}";
{% endif %}
{% if apt_http_pipeline_depth is defined and apt_http_pipeline_depth %}
Acquire::http::Pipeline-Depth "{{ apt_http_pipeline_depth }}";
{% endif %}

12
roles/weareinteractive.apt/templates/etc/apt/apt.conf.d/10general.j2
View File

@ -1,12 +0,0 @@
// {{ ansible_managed }}
// Install Recommended packages by default
APT::Install-Recommends "{{ apt_install_recommends | to_nice_json }}";
// Allow 'apt-get autoremove' to remove recommended packages
APT::AutoRemove::RecommendsImportant "{{ "false" if apt_remove_recommends else "true" }}";
// Install Suggested packages by default
APT::Install-Suggests "{{ apt_install_suggests | to_nice_json }}";
APT::Get::Show-Upgraded "true";

18
roles/weareinteractive.apt/templates/etc/apt/apt.conf.d/10periodic.j2
View File

@ -1,18 +0,0 @@
// {{ ansible_managed }}
// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "{{ apt_periodic | int}}";
// Do “apt-get update” automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "{{ apt_update_package_lists }}";
// Do “apt-get upgrade download-only” every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "{{ apt_download_upgradeable_packages }}";
// Do “apt-get autoclean” every n-days (0=disable)
APT::Periodic::AutocleanInterval "{{ apt_auto_clean_interval }}";
// Run the “unattended-upgrade” security upgrade script every n-days (0=disabled)
// Requires the package “unattended-upgrades” and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "{{ apt_unattended_upgrades | int }}";

7
roles/weareinteractive.apt/templates/etc/apt/apt.conf.d/10remount_rootfs.j2
View File

@ -1,7 +0,0 @@
// {{ ansible_managed }}
DPkg {
// Auto re-mounting of a readonly /
Pre-Invoke { "mount -o remount,rw LABEL=ROOTFS /"; };
Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o remount,ro LABEL=ROOTFS / || true"; };
};

7
roles/weareinteractive.apt/templates/etc/apt/apt.conf.d/10remount_tmpfs.j2
View File

@ -1,7 +0,0 @@
// {{ ansible_managed }}
DPkg {
// Auto re-mounting of a noexec /tmp since some packages desire exec
Pre-Invoke { "mount -o remount,exec /tmp"; };
Post-Invoke { "test ${NO_APT_REMOUNT:-no} = yes || mount -o remount,noexec /tmp || true"; };
};

5
roles/weareinteractive.apt/templates/etc/apt/apt.conf.d/20alter-aptitude-solution-cost.j2
View File

@ -1,5 +0,0 @@
# {{ ansible_managed }}
Aptitude::ProblemResolver {
SolutionCost "{{ apt_aptitude_solution_cost | join(", ") }}";
}

76
roles/weareinteractive.apt/templates/etc/apt/apt.conf.d/50unattended-upgrades.j2
View File

@ -1,76 +0,0 @@
// {{ ansible_managed }}
// Unattended-Upgrade::Origins-Pattern controls which packages are
// upgraded. Replace Allowed-Origins
Unattended-Upgrade::Origins-Pattern {
{% for origin in apt_unattended_upgrades_origins %}
"{{ origin }}";
{% endfor %}
};
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
{% for allowed in apt_unattended_upgrades_allowed %}
"{{ allowed }}";
{% endfor %}
};
// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
{% for package in apt_unattended_upgrades_blacklist %}
"{{ package }}";
{% endfor %}
};
// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
// dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
//Unattended-Upgrade::AutoFixInterruptedDpkg "false";
// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGUSR1. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
Unattended-Upgrade::MinimalSteps "{{ apt_unattended_upgrades_minimal_steps | to_nice_json }}";
// Install all unattended-upgrades when the machine is shuting down
// instead of doing it in the background while the machine is running
// This will (obviously) make shutdown slower
//Unattended-Upgrade::InstallOnShutdown "true";
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "user@example.com"
Unattended-Upgrade::Mail "{{ apt_mails | join(',') }}";
// Set this value to "true" to get emails only on errors. Default
// is to always send a mail if Unattended-Upgrade::Mail is set
Unattended-Upgrade::MailOnlyOnError "{{ apt_unattended_upgrades_notify_error_only | to_nice_json }}";
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "{{ apt_unattended_upgrades_autoremove | to_nice_json }}";
// Automatically reboot *WITHOUT CONFIRMATION*
// if the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "{{ apt_unattended_upgrades_automatic_reboot | to_nice_json }}";
// Automatically reboot even if there are users currently logged in.
Unattended-Upgrade::Automatic-Reboot-WithUsers "{{ apt_unattended_upgrades_automatic_reboot_with_users | to_nice_json }}";
// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
// Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "{{ apt_unattended_upgrades_automatic_reboot_time }}";
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
// Enable logging to syslog. Default is False
Unattended-Upgrade::SyslogEnable "{{ apt_unattended_upgrades_syslog_enable | to_nice_json }}";
// Specify syslog facility. Default is daemon
Unattended-Upgrade::SyslogFacility "{{ apt_unattended_upgrades_syslog_facility }}";

5
roles/weareinteractive.apt/templates/etc/apt/preferences.d/preferences.j2
View File

@ -1,5 +0,0 @@
# {{ ansible_managed }}
Package: {{ item.package | default('*') }}
Pin: {{ item.pin }}
Pin-Priority: {{ item.priority }}

13
roles/weareinteractive.apt/templates/etc/systemd/system/apt-daily-upgrade.timer.d/override.conf.j2
View File

@ -1,13 +0,0 @@
[Timer]
{% if apt_unattended_upgrades_upgrade_timer_override.on_calendar_replace is defined and apt_unattended_upgrades_upgrade_timer_override.on_calendar_replace|bool %}
OnCalendar=
{% endif %}
{% if apt_unattended_upgrades_upgrade_timer_override.on_calendar is defined %}
OnCalendar={{ apt_unattended_upgrades_upgrade_timer_override.on_calendar }}
{% endif %}
{% if apt_unattended_upgrades_upgrade_timer_override.randomized_delay_sec is defined %}
RandomizedDelaySec={{ apt_unattended_upgrades_upgrade_timer_override.randomized_delay_sec }}
{% endif %}
{% if apt_unattended_upgrades_upgrade_timer_override.persistent is defined %}
Persistent={{ apt_unattended_upgrades_upgrade_timer_override.persistent }}
{% endif %}

13
roles/weareinteractive.apt/templates/etc/systemd/system/apt-daily.timer.d/override.conf.j2
View File

@ -1,13 +0,0 @@
[Timer]
{% if apt_unattended_upgrades_download_timer_override.on_calendar_replace is defined and apt_unattended_upgrades_download_timer_override.on_calendar_replace|bool %}
OnCalendar=
{% endif %}
{% if apt_unattended_upgrades_download_timer_override.on_calendar is defined %}
OnCalendar={{ apt_unattended_upgrades_download_timer_override.on_calendar }}
{% endif %}
{% if apt_unattended_upgrades_download_timer_override.randomized_delay_sec is defined %}
RandomizedDelaySec={{ apt_unattended_upgrades_download_timer_override.randomized_delay_sec }}
{% endif %}
{% if apt_unattended_upgrades_download_timer_override.persistent is defined %}
Persistent={{ apt_unattended_upgrades_download_timer_override.persistent }}
{% endif %}

22
roles/weareinteractive.apt/tests/main.yml
View File

@ -1,22 +0,0 @@
---
- hosts: all
become: yes
roles:
- weareinteractive.apt
vars:
apt_cache_valid_time: 7200
apt_packages:
- vim
- tree
- ca-certificates
apt_deb_packages:
- "https://releases.hashicorp.com/vagrant/2.1.5/vagrant_2.1.5_x86_64.deb"
apt_mails:
- root
apt_preferences:
- file: perl
package: perl
pin: "version 5.20*"
priority: 1001
apt_unattended_upgrades_notify_error_only: no