diff options
author | Egor Tensin <Egor.Tensin@gmail.com> | 2023-09-04 13:02:08 +0200 |
---|---|---|
committer | Egor Tensin <Egor.Tensin@gmail.com> | 2023-09-04 13:02:08 +0200 |
commit | f56478fa1a90d5fff172ff80562daa8a6dfaa6d3 (patch) | |
tree | 3f463d17ba10394b3ee46a637702cfc6c6417f1f /roles | |
parent | sshd: validate the new config (diff) | |
download | infra-ansible-f56478fa1a90d5fff172ff80562daa8a6dfaa6d3.tar.gz infra-ansible-f56478fa1a90d5fff172ff80562daa8a6dfaa6d3.zip |
fix task names, small refactoring, etc.
Diffstat (limited to 'roles')
-rw-r--r-- | roles/apt/tasks/unattended_upgrades.yml | 6 | ||||
-rw-r--r-- | roles/apt_repo/tasks/main.yml | 72 | ||||
-rw-r--r-- | roles/apt_repo/templates/repo.list.j2 | 2 | ||||
-rw-r--r-- | roles/apt_repo/vars/main.yml | 5 | ||||
-rw-r--r-- | roles/my_workspace/tasks/project.yml | 2 |
5 files changed, 43 insertions, 44 deletions
diff --git a/roles/apt/tasks/unattended_upgrades.yml b/roles/apt/tasks/unattended_upgrades.yml index e9fdd05..938c903 100644 --- a/roles/apt/tasks/unattended_upgrades.yml +++ b/roles/apt/tasks/unattended_upgrades.yml @@ -5,7 +5,7 @@ state: present install_recommends: false -- name: 50unattended-upgrades +- name: Configure 50unattended-upgrades become: true ansible.builtin.template: src: 50unattended-upgrades.j2 @@ -17,13 +17,13 @@ # https://wiki.debian.org/UnattendedUpgrades says that 20auto-upgrades and # 02periodic are _alternatives_ (and, presumably, not mechanisms that can be # used together). -- name: 20auto-upgrades +- name: Configure 20auto-upgrades become: true ansible.builtin.file: path: /etc/apt/apt.conf.d/20auto-upgrades state: absent -- name: 02periodic +- name: Configure 02periodic become: true ansible.builtin.template: src: 02periodic.j2 diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml index ef34bf5..21df05d 100644 --- a/roles/apt_repo/tasks/main.yml +++ b/roles/apt_repo/tasks/main.yml @@ -1,44 +1,38 @@ -- name: Set up repository +- name: Create keys directory become: true - vars: - # For some reason, if the key is in a weird format that requires - # running `gpg --dearmor`, you must save it with the .gpg extension - # instead of .asc. You can then completely skip the gpg step. Source: - # https://stackoverflow.com/q/71585303/514684 - key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}' - block: - - name: Create keys directory - ansible.builtin.file: - path: '{{ apt_repo_keys_dir }}' - state: directory - owner: root - group: root - mode: '755' + ansible.builtin.file: + path: '{{ apt_repo_keys_dir }}' + state: directory + owner: root + group: root + mode: '755' - - name: 'Add key: {{ apt_repo_name }}' - ansible.builtin.get_url: - url: '{{ apt_repo_key_url }}' - dest: '{{ key_path }}' - owner: root - group: root - mode: '644' - notify: apt_repo_update +- name: 'Add key: {{ apt_repo_name }}' + become: true + ansible.builtin.get_url: + url: '{{ apt_repo_key_url }}' + dest: '{{ apt_repo_key_path }}' + owner: root + group: root + mode: '644' + notify: apt_repo_update - - name: Get host distro - ansible.builtin.setup: - gather_subset: [distribution_release] +- name: Get host distro + ansible.builtin.setup: + gather_subset: [distribution_release] - # Not using the apt_repository module, since it _adds_ a new repository - # in the .list file. That way, we can end up with an invalid repository - # line. - - name: 'Add repository: {{ apt_repo_name }}' - ansible.builtin.template: - src: repo.list.j2 - dest: '/etc/apt/sources.list.d/{{ apt_repo_name }}.list' - owner: root - group: root - mode: '644' - notify: apt_repo_update +# Not using the apt_repository module, since it _adds_ a new repository +# in the .list file. That way, we can end up with an invalid repository +# line. +- name: 'Add repository: {{ apt_repo_name }}' + become: true + ansible.builtin.template: + src: repo.list.j2 + dest: '/etc/apt/sources.list.d/{{ apt_repo_name }}.list' + owner: root + group: root + mode: '644' + notify: apt_repo_update - - name: Refresh apt repositories if necessary - ansible.builtin.meta: flush_handlers +- name: Refresh apt repositories if necessary + ansible.builtin.meta: flush_handlers diff --git a/roles/apt_repo/templates/repo.list.j2 b/roles/apt_repo/templates/repo.list.j2 index ffb100c..d7c8138 100644 --- a/roles/apt_repo/templates/repo.list.j2 +++ b/roles/apt_repo/templates/repo.list.j2 @@ -1,3 +1,3 @@ {{ ansible_managed | comment }} -deb [signed-by={{ key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component }} +deb [signed-by={{ apt_repo_key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component }} diff --git a/roles/apt_repo/vars/main.yml b/roles/apt_repo/vars/main.yml new file mode 100644 index 0000000..4265d4b --- /dev/null +++ b/roles/apt_repo/vars/main.yml @@ -0,0 +1,5 @@ +# For some reason, if the key is in a weird format that requires +# running `gpg --dearmor`, you must save it with the .gpg extension +# instead of .asc. You can then completely skip the gpg step. Source: +# https://stackoverflow.com/q/71585303/514684 +apt_repo_key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}' diff --git a/roles/my_workspace/tasks/project.yml b/roles/my_workspace/tasks/project.yml index 02ca422..cd21ddb 100644 --- a/roles/my_workspace/tasks/project.yml +++ b/roles/my_workspace/tasks/project.yml @@ -4,7 +4,7 @@ project_name: "{{ project.name | default(project_url | urlsplit('path') | basename | regex_replace('\\.git$', '')) }}" project_dir: '{{ my_workspace_dir }}/{{ project_name }}' block: - - name: 'Update repository: {{ project_name }}' + - name: Update repository ansible.builtin.git: # noqa: latest repo: '{{ project_url }}' dest: '{{ project_dir }}' |