diff options
Diffstat (limited to '')
| -rw-r--r-- | galaxy.yml | 2 | ||||
| -rw-r--r-- | roles/apt/defaults/main.yml | 2 | ||||
| -rw-r--r-- | roles/apt/tasks/main.yml | 2 | ||||
| -rw-r--r-- | roles/apt/templates/50unattended-upgrades.j2 | 20 | ||||
| -rw-r--r-- | roles/debian_cloud_server/meta/main.yml | 9 | ||||
| -rw-r--r-- | roles/debian_server/README.md | 2 | ||||
| -rw-r--r-- | roles/debian_server/defaults/main.yml (renamed from roles/debian_cloud_server/defaults/main.yml) | 3 | ||||
| -rw-r--r-- | roles/debian_server/meta/main.yml | 9 |
8 files changed, 38 insertions, 11 deletions
@@ -1,6 +1,6 @@ namespace: tensin name: infra -version: 3.0.0 +version: 4.0.0 description: Some common Ansible roles used by me to manage things repository: https://github.com/egor-tensin/infra-ansible readme: README.md diff --git a/roles/apt/defaults/main.yml b/roles/apt/defaults/main.yml index 900172f..2c0fef4 100644 --- a/roles/apt/defaults/main.yml +++ b/roles/apt/defaults/main.yml @@ -1,4 +1,4 @@ apt_packages: [] -apt_unattended: false +apt_unattended_upgrades: false apt_unattended_reboot: true apt_unattended_reboot_time: "02:00" diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml index e24430f..871d055 100644 --- a/roles/apt/tasks/main.yml +++ b/roles/apt/tasks/main.yml @@ -23,4 +23,4 @@ - name: Configure unattended-upgrades ansible.builtin.include_tasks: unattended_upgrades.yml - when: apt_unattended + when: apt_unattended_upgrades diff --git a/roles/apt/templates/50unattended-upgrades.j2 b/roles/apt/templates/50unattended-upgrades.j2 index 389bb2b..57c8d20 100644 --- a/roles/apt/templates/50unattended-upgrades.j2 +++ b/roles/apt/templates/50unattended-upgrades.j2 @@ -1,5 +1,25 @@ {{ ansible_managed | comment }} +// Lines below have the format format is "keyword=value,...". A +// package will be upgraded only if the values in its metadata match +// all the supplied keywords in a line. (In other words, omitted +// keywords are wild cards.) The keywords originate from the Release +// file, but several aliases are accepted. The accepted keywords are: +// a,archive,suite (eg, "stable") +// c,component (eg, "main", "contrib", "non-free") +// l,label (eg, "Debian", "Debian-Security") +// o,origin (eg, "Debian", "Unofficial Multimedia Packages") +// n,codename (eg, "jessie", "jessie-updates") +// site (eg, "http.debian.net") +// The available values on the system are printed by the command +// "apt-cache policy", and can be debugged by running +// "unattended-upgrades -d" and looking at the log file. +// +// Within lines unattended-upgrades allows 2 macros whose values are +// derived from /etc/debian_version: +// ${distro_id} Installed origin. +// ${distro_codename} Installed codename (eg, "buster") + Unattended-Upgrade::Origins-Pattern { "origin=${distro_id},codename=${distro_codename}"; "origin=${distro_id},codename=${distro_codename}-security"; diff --git a/roles/debian_cloud_server/meta/main.yml b/roles/debian_cloud_server/meta/main.yml index 71d1bc2..937ec95 100644 --- a/roles/debian_cloud_server/meta/main.yml +++ b/roles/debian_cloud_server/meta/main.yml @@ -1,10 +1,5 @@ dependencies: - role: cloud_init_wait - - role: apt + - role: debian_server vars: - apt_packages: '{{ debian_cloud_server_packages }}' - apt_unattended: true - - role: sshd - - role: firewall - - role: linux_status - - role: journald + debian_server_unattended_upgrades: true diff --git a/roles/debian_server/README.md b/roles/debian_server/README.md new file mode 100644 index 0000000..ae55607 --- /dev/null +++ b/roles/debian_server/README.md @@ -0,0 +1,2 @@ +This is a meta-role, it simply pulls in other roles as dependencies. It's used +for general maintenance of all my Debian-based machines. diff --git a/roles/debian_cloud_server/defaults/main.yml b/roles/debian_server/defaults/main.yml index 8fcd07e..80776a4 100644 --- a/roles/debian_cloud_server/defaults/main.yml +++ b/roles/debian_server/defaults/main.yml @@ -1,4 +1,4 @@ -debian_cloud_server_packages: +debian_server_packages: # Some common & useful packages: - curl - dnsutils @@ -13,3 +13,4 @@ debian_cloud_server_packages: - tmux - vim - wget +debian_server_unattended_upgrades: false diff --git a/roles/debian_server/meta/main.yml b/roles/debian_server/meta/main.yml new file mode 100644 index 0000000..10d3eb8 --- /dev/null +++ b/roles/debian_server/meta/main.yml @@ -0,0 +1,9 @@ +dependencies: + - role: apt + vars: + apt_packages: '{{ debian_server_packages }}' + apt_unattended_upgrades: '{{ debian_server_unattended_upgrades }}' + - role: sshd + - role: firewall + - role: linux_status + - role: journald |