aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-09-04 13:02:08 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-09-04 13:02:08 +0200
commitf56478fa1a90d5fff172ff80562daa8a6dfaa6d3 (patch)
tree3f463d17ba10394b3ee46a637702cfc6c6417f1f /roles
parentsshd: validate the new config (diff)
downloadinfra-ansible-f56478fa1a90d5fff172ff80562daa8a6dfaa6d3.tar.gz
infra-ansible-f56478fa1a90d5fff172ff80562daa8a6dfaa6d3.zip
fix task names, small refactoring, etc.
Diffstat (limited to 'roles')
-rw-r--r--roles/apt/tasks/unattended_upgrades.yml6
-rw-r--r--roles/apt_repo/tasks/main.yml72
-rw-r--r--roles/apt_repo/templates/repo.list.j22
-rw-r--r--roles/apt_repo/vars/main.yml5
-rw-r--r--roles/my_workspace/tasks/project.yml2
5 files changed, 43 insertions, 44 deletions
diff --git a/roles/apt/tasks/unattended_upgrades.yml b/roles/apt/tasks/unattended_upgrades.yml
index e9fdd05..938c903 100644
--- a/roles/apt/tasks/unattended_upgrades.yml
+++ b/roles/apt/tasks/unattended_upgrades.yml
@@ -5,7 +5,7 @@
state: present
install_recommends: false
-- name: 50unattended-upgrades
+- name: Configure 50unattended-upgrades
become: true
ansible.builtin.template:
src: 50unattended-upgrades.j2
@@ -17,13 +17,13 @@
# https://wiki.debian.org/UnattendedUpgrades says that 20auto-upgrades and
# 02periodic are _alternatives_ (and, presumably, not mechanisms that can be
# used together).
-- name: 20auto-upgrades
+- name: Configure 20auto-upgrades
become: true
ansible.builtin.file:
path: /etc/apt/apt.conf.d/20auto-upgrades
state: absent
-- name: 02periodic
+- name: Configure 02periodic
become: true
ansible.builtin.template:
src: 02periodic.j2
diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml
index ef34bf5..21df05d 100644
--- a/roles/apt_repo/tasks/main.yml
+++ b/roles/apt_repo/tasks/main.yml
@@ -1,44 +1,38 @@
-- name: Set up repository
+- name: Create keys directory
become: true
- vars:
- # For some reason, if the key is in a weird format that requires
- # running `gpg --dearmor`, you must save it with the .gpg extension
- # instead of .asc. You can then completely skip the gpg step. Source:
- # https://stackoverflow.com/q/71585303/514684
- key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
- block:
- - name: Create keys directory
- ansible.builtin.file:
- path: '{{ apt_repo_keys_dir }}'
- state: directory
- owner: root
- group: root
- mode: '755'
+ ansible.builtin.file:
+ path: '{{ apt_repo_keys_dir }}'
+ state: directory
+ owner: root
+ group: root
+ mode: '755'
- - name: 'Add key: {{ apt_repo_name }}'
- ansible.builtin.get_url:
- url: '{{ apt_repo_key_url }}'
- dest: '{{ key_path }}'
- owner: root
- group: root
- mode: '644'
- notify: apt_repo_update
+- name: 'Add key: {{ apt_repo_name }}'
+ become: true
+ ansible.builtin.get_url:
+ url: '{{ apt_repo_key_url }}'
+ dest: '{{ apt_repo_key_path }}'
+ owner: root
+ group: root
+ mode: '644'
+ notify: apt_repo_update
- - name: Get host distro
- ansible.builtin.setup:
- gather_subset: [distribution_release]
+- name: Get host distro
+ ansible.builtin.setup:
+ gather_subset: [distribution_release]
- # Not using the apt_repository module, since it _adds_ a new repository
- # in the .list file. That way, we can end up with an invalid repository
- # line.
- - name: 'Add repository: {{ apt_repo_name }}'
- ansible.builtin.template:
- src: repo.list.j2
- dest: '/etc/apt/sources.list.d/{{ apt_repo_name }}.list'
- owner: root
- group: root
- mode: '644'
- notify: apt_repo_update
+# Not using the apt_repository module, since it _adds_ a new repository
+# in the .list file. That way, we can end up with an invalid repository
+# line.
+- name: 'Add repository: {{ apt_repo_name }}'
+ become: true
+ ansible.builtin.template:
+ src: repo.list.j2
+ dest: '/etc/apt/sources.list.d/{{ apt_repo_name }}.list'
+ owner: root
+ group: root
+ mode: '644'
+ notify: apt_repo_update
- - name: Refresh apt repositories if necessary
- ansible.builtin.meta: flush_handlers
+- name: Refresh apt repositories if necessary
+ ansible.builtin.meta: flush_handlers
diff --git a/roles/apt_repo/templates/repo.list.j2 b/roles/apt_repo/templates/repo.list.j2
index ffb100c..d7c8138 100644
--- a/roles/apt_repo/templates/repo.list.j2
+++ b/roles/apt_repo/templates/repo.list.j2
@@ -1,3 +1,3 @@
{{ ansible_managed | comment }}
-deb [signed-by={{ key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component }}
+deb [signed-by={{ apt_repo_key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component }}
diff --git a/roles/apt_repo/vars/main.yml b/roles/apt_repo/vars/main.yml
new file mode 100644
index 0000000..4265d4b
--- /dev/null
+++ b/roles/apt_repo/vars/main.yml
@@ -0,0 +1,5 @@
+# For some reason, if the key is in a weird format that requires
+# running `gpg --dearmor`, you must save it with the .gpg extension
+# instead of .asc. You can then completely skip the gpg step. Source:
+# https://stackoverflow.com/q/71585303/514684
+apt_repo_key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
diff --git a/roles/my_workspace/tasks/project.yml b/roles/my_workspace/tasks/project.yml
index 02ca422..cd21ddb 100644
--- a/roles/my_workspace/tasks/project.yml
+++ b/roles/my_workspace/tasks/project.yml
@@ -4,7 +4,7 @@
project_name: "{{ project.name | default(project_url | urlsplit('path') | basename | regex_replace('\\.git$', '')) }}"
project_dir: '{{ my_workspace_dir }}/{{ project_name }}'
block:
- - name: 'Update repository: {{ project_name }}'
+ - name: Update repository
ansible.builtin.git: # noqa: latest
repo: '{{ project_url }}'
dest: '{{ project_dir }}'