diff --git a/roles/common/defaults/main.yaml b/roles/common/defaults/main.yaml
index 62dbfa8..350a20e 100644
--- a/roles/common/defaults/main.yaml
+++ b/roles/common/defaults/main.yaml
@@ -1,5 +1,6 @@
ssh_port: "22"
unattended_upgrades_auto_reboot_time: "04:00"
+unattended_upgrades_extra_origin_patterns: []
trusted_ranges:
- { v: ipv4, cidr: 127.0.0.1 }
- { v: ipv4, cidr: 10.0.0.0/8 }
diff --git a/roles/common/templates/unattended-upgrades b/roles/common/templates/unattended-upgrades
index d994b78..34f5683 100644
--- a/roles/common/templates/unattended-upgrades
+++ b/roles/common/templates/unattended-upgrades
@@ -23,48 +23,15 @@
// ${distro_id} Installed origin.
// ${distro_codename} Installed codename (eg, "buster")
Unattended-Upgrade::Origins-Pattern {
- // Codename based matching:
- // This will follow the migration of a release through different
- // archives (e.g. from testing to stable and later oldstable).
- // Software will be the latest available for the named release,
- // but the Debian release itself will not be automatically upgraded.
-// "origin=Debian,codename=${distro_codename}-updates";
-// "origin=Debian,codename=${distro_codename}-proposed-updates";
- "origin=Debian,codename=${distro_codename},label=Debian";
- "origin=Debian,codename=${distro_codename},label=Debian-Security";
- "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
-
- // Archive or Suite based matching:
- // Note that this will silently match a different release after
- // migration to the specified archive (e.g. testing becomes the
- // new stable).
-// "o=Debian,a=stable";
-// "o=Debian,a=stable-updates";
-// "o=Debian,a=proposed-updates";
-// "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
+ "o=Debian,a=stable";
+ "o=Debian,a=stable-security";
+ "o=Debian,a=${distro_codename}-backports";
+ {% for line in unattended_upgrades_extra_origin_patterns %}"{{ line }}";
+ {% endfor %}
};
// Python regular expressions, matching packages to exclude from upgrading
-Unattended-Upgrade::Package-Blacklist {
- // The following matches all packages starting with linux-
-// "linux-";
-
- // Use $ to explicitely define the end of a package name. Without
- // the $, "libc6" would match all of them.
-// "libc6$";
-// "libc6-dev$";
-// "libc6-i686$";
-
- // Special characters need escaping
-// "libstdc\+\+6$";
-
- // The following matches packages like xen-system-amd64, xen-utils-4.1,
- // xenstore-utils and libxenstore3.0
-// "(lib)?xen(store)?";
-
- // For more information about Python regular expressions, see
- // https://docs.python.org/3/howto/regex.html
-};
+Unattended-Upgrade::Package-Blacklist {};
// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
diff --git a/roles/go/tasks/main.yaml b/roles/go/tasks/main.yaml
index f027632..90348f2 100644
--- a/roles/go/tasks/main.yaml
+++ b/roles/go/tasks/main.yaml
@@ -14,9 +14,7 @@
state: present
- name: Fetch Go latest version
- shell: "curl --silent --location https://go.dev/doc/devel/release | grep -Eo 'go[0-9]+(\\.[0-9]+)+' | sort -V | uniq | tail -1 | sed s/^go//"
- args:
- warn: false
+ shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//"
changed_when: false
register: go_latest_version_shell
@@ -25,15 +23,19 @@
go_latest_version: "{{ go_latest_version_shell.stdout }}"
- name: Detect installed Go version
- shell: "go version | grep -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
+ shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
register: go_installed_version_shell
- ignore_errors: true
changed_when: false
- name: Format Go version variable
set_fact:
go_installed_version: "{{ go_installed_version_shell.stdout }}"
+ - debug:
+ msg:
+ - "Latest Go version: {{ go_latest_version}}"
+ - "Installed Go version: {{ go_installed_version }}"
+
- name: Remove installed go
file:
state: absent