aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles
diff options
context:
space:
mode:
Diffstat (limited to 'roles')
-rw-r--r--roles/apt/defaults/main.yml2
-rw-r--r--roles/apt/tasks/main.yml2
-rw-r--r--roles/apt/templates/50unattended-upgrades.j220
-rw-r--r--roles/debian_cloud_server/meta/main.yml9
-rw-r--r--roles/debian_server/README.md2
-rw-r--r--roles/debian_server/defaults/main.yml (renamed from roles/debian_cloud_server/defaults/main.yml)3
-rw-r--r--roles/debian_server/meta/main.yml9
7 files changed, 37 insertions, 10 deletions
diff --git a/roles/apt/defaults/main.yml b/roles/apt/defaults/main.yml
index 900172f..2c0fef4 100644
--- a/roles/apt/defaults/main.yml
+++ b/roles/apt/defaults/main.yml
@@ -1,4 +1,4 @@
apt_packages: []
-apt_unattended: false
+apt_unattended_upgrades: false
apt_unattended_reboot: true
apt_unattended_reboot_time: "02:00"
diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml
index e24430f..871d055 100644
--- a/roles/apt/tasks/main.yml
+++ b/roles/apt/tasks/main.yml
@@ -23,4 +23,4 @@
- name: Configure unattended-upgrades
ansible.builtin.include_tasks: unattended_upgrades.yml
- when: apt_unattended
+ when: apt_unattended_upgrades
diff --git a/roles/apt/templates/50unattended-upgrades.j2 b/roles/apt/templates/50unattended-upgrades.j2
index 389bb2b..57c8d20 100644
--- a/roles/apt/templates/50unattended-upgrades.j2
+++ b/roles/apt/templates/50unattended-upgrades.j2
@@ -1,5 +1,25 @@
{{ ansible_managed | comment }}
+// Lines below have the format format is "keyword=value,...". A
+// package will be upgraded only if the values in its metadata match
+// all the supplied keywords in a line. (In other words, omitted
+// keywords are wild cards.) The keywords originate from the Release
+// file, but several aliases are accepted. The accepted keywords are:
+// a,archive,suite (eg, "stable")
+// c,component (eg, "main", "contrib", "non-free")
+// l,label (eg, "Debian", "Debian-Security")
+// o,origin (eg, "Debian", "Unofficial Multimedia Packages")
+// n,codename (eg, "jessie", "jessie-updates")
+// site (eg, "http.debian.net")
+// The available values on the system are printed by the command
+// "apt-cache policy", and can be debugged by running
+// "unattended-upgrades -d" and looking at the log file.
+//
+// Within lines unattended-upgrades allows 2 macros whose values are
+// derived from /etc/debian_version:
+// ${distro_id} Installed origin.
+// ${distro_codename} Installed codename (eg, "buster")
+
Unattended-Upgrade::Origins-Pattern {
"origin=${distro_id},codename=${distro_codename}";
"origin=${distro_id},codename=${distro_codename}-security";
diff --git a/roles/debian_cloud_server/meta/main.yml b/roles/debian_cloud_server/meta/main.yml
index 71d1bc2..937ec95 100644
--- a/roles/debian_cloud_server/meta/main.yml
+++ b/roles/debian_cloud_server/meta/main.yml
@@ -1,10 +1,5 @@
dependencies:
- role: cloud_init_wait
- - role: apt
+ - role: debian_server
vars:
- apt_packages: '{{ debian_cloud_server_packages }}'
- apt_unattended: true
- - role: sshd
- - role: firewall
- - role: linux_status
- - role: journald
+ debian_server_unattended_upgrades: true
diff --git a/roles/debian_server/README.md b/roles/debian_server/README.md
new file mode 100644
index 0000000..ae55607
--- /dev/null
+++ b/roles/debian_server/README.md
@@ -0,0 +1,2 @@
+This is a meta-role, it simply pulls in other roles as dependencies. It's used
+for general maintenance of all my Debian-based machines.
diff --git a/roles/debian_cloud_server/defaults/main.yml b/roles/debian_server/defaults/main.yml
index 8fcd07e..80776a4 100644
--- a/roles/debian_cloud_server/defaults/main.yml
+++ b/roles/debian_server/defaults/main.yml
@@ -1,4 +1,4 @@
-debian_cloud_server_packages:
+debian_server_packages:
# Some common & useful packages:
- curl
- dnsutils
@@ -13,3 +13,4 @@ debian_cloud_server_packages:
- tmux
- vim
- wget
+debian_server_unattended_upgrades: false
diff --git a/roles/debian_server/meta/main.yml b/roles/debian_server/meta/main.yml
new file mode 100644
index 0000000..10d3eb8
--- /dev/null
+++ b/roles/debian_server/meta/main.yml
@@ -0,0 +1,9 @@
+dependencies:
+ - role: apt
+ vars:
+ apt_packages: '{{ debian_server_packages }}'
+ apt_unattended_upgrades: '{{ debian_server_unattended_upgrades }}'
+ - role: sshd
+ - role: firewall
+ - role: linux_status
+ - role: journald
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-10 04:41:36 +0000