From 47c279411d7ad2a43463809b2712554c68c00fcd Mon Sep 17 00:00:00 2001
From: polyfloyd <floyd@polyfloyd.net>
Date: Sat, 11 Feb 2023 13:21:17 +0100
Subject: [PATCH] Sync from polyfloyd infra

---
 roles/common/defaults/main.yaml            |  1 +
 roles/common/templates/unattended-upgrades | 45 +++-------------------
 roles/go/tasks/main.yaml                   | 12 +++---
 3 files changed, 14 insertions(+), 44 deletions(-)

diff --git a/roles/common/defaults/main.yaml b/roles/common/defaults/main.yaml
index 62dbfa8..350a20e 100644
--- a/roles/common/defaults/main.yaml
+++ b/roles/common/defaults/main.yaml
@@ -1,5 +1,6 @@
 ssh_port: "22"
 unattended_upgrades_auto_reboot_time: "04:00"
+unattended_upgrades_extra_origin_patterns: []
 trusted_ranges:
   - { v: ipv4, cidr: 127.0.0.1 }
   - { v: ipv4, cidr: 10.0.0.0/8 }
diff --git a/roles/common/templates/unattended-upgrades b/roles/common/templates/unattended-upgrades
index d994b78..34f5683 100644
--- a/roles/common/templates/unattended-upgrades
+++ b/roles/common/templates/unattended-upgrades
@@ -23,48 +23,15 @@
 //   ${distro_id}            Installed origin.
 //   ${distro_codename}      Installed codename (eg, "buster")
 Unattended-Upgrade::Origins-Pattern {
-        // Codename based matching:
-        // This will follow the migration of a release through different
-        // archives (e.g. from testing to stable and later oldstable).
-        // Software will be the latest available for the named release,
-        // but the Debian release itself will not be automatically upgraded.
-//      "origin=Debian,codename=${distro_codename}-updates";
-//      "origin=Debian,codename=${distro_codename}-proposed-updates";
-        "origin=Debian,codename=${distro_codename},label=Debian";
-        "origin=Debian,codename=${distro_codename},label=Debian-Security";
-        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
-
-        // Archive or Suite based matching:
-        // Note that this will silently match a different release after
-        // migration to the specified archive (e.g. testing becomes the
-        // new stable).
-//      "o=Debian,a=stable";
-//      "o=Debian,a=stable-updates";
-//      "o=Debian,a=proposed-updates";
-//      "o=Debian Backports,a=${distro_codename}-backports,l=Debian Backports";
+        "o=Debian,a=stable";
+        "o=Debian,a=stable-security";
+        "o=Debian,a=${distro_codename}-backports";
+        {% for line in unattended_upgrades_extra_origin_patterns %}"{{ line }}";
+        {% endfor %}
 };
 
 // Python regular expressions, matching packages to exclude from upgrading
-Unattended-Upgrade::Package-Blacklist {
-    // The following matches all packages starting with linux-
-//  "linux-";
-
-    // Use $ to explicitely define the end of a package name. Without
-    // the $, "libc6" would match all of them.
-//  "libc6$";
-//  "libc6-dev$";
-//  "libc6-i686$";
-
-    // Special characters need escaping
-//  "libstdc\+\+6$";
-
-    // The following matches packages like xen-system-amd64, xen-utils-4.1,
-    // xenstore-utils and libxenstore3.0
-//  "(lib)?xen(store)?";
-
-    // For more information about Python regular expressions, see
-    // https://docs.python.org/3/howto/regex.html
-};
+Unattended-Upgrade::Package-Blacklist {};
 
 // This option allows you to control if on a unclean dpkg exit
 // unattended-upgrades will automatically run
diff --git a/roles/go/tasks/main.yaml b/roles/go/tasks/main.yaml
index f027632..90348f2 100644
--- a/roles/go/tasks/main.yaml
+++ b/roles/go/tasks/main.yaml
@@ -14,9 +14,7 @@
         state: present
 
     - name: Fetch Go latest version
-      shell: "curl --silent --location https://go.dev/doc/devel/release | grep -Eo 'go[0-9]+(\\.[0-9]+)+' | sort -V | uniq | tail -1 | sed s/^go//"
-      args:
-        warn: false
+      shell: "curl --silent --location https://go.dev/dl/ | grep -Eo 'go[0-9]+(\\.[0-9]+)+.linux' | sort -V | uniq | tail -1 | sed s/^go// | sed s/\\.linux$//"
       changed_when: false
       register: go_latest_version_shell
 
@@ -25,15 +23,19 @@
         go_latest_version: "{{ go_latest_version_shell.stdout }}"
 
     - name: Detect installed Go version
-      shell: "go version | grep -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
+      shell: "go version | grep --color=never -Po '\\d\\.\\d+(\\.\\d+)?' || echo none"
       register: go_installed_version_shell
-      ignore_errors: true
       changed_when: false
 
     - name: Format Go version variable
       set_fact:
         go_installed_version: "{{ go_installed_version_shell.stdout }}"
 
+    - debug:
+        msg:
+          - "Latest Go version: {{ go_latest_version}}"
+          - "Installed Go version: {{ go_installed_version }}"
+
     - name: Remove installed go
       file:
         state: absent