merge common-bitlair into common

2024-07-11 21:42:39 +02:00 · 2024-07-11 21:42:39 +02:00 · 7d59c108d6
commit 7d59c108d6
parent b210abc77e
25 changed files with 93 additions and 42 deletions
--- a/bank.yaml
+++ b/bank.yaml
@ -3,7 +3,6 @@
 - hosts: bank
  roles:
    - common
-    - common-bitlair
    - bank
  vars:
    bank_revbank_git: https://github.com/bitlair/revbank.git
--- a/bar.yaml
+++ b/bar.yaml
@ -5,5 +5,5 @@
    raspi_rotate_display: "2"
  roles:
    - raspi
-    - common-bitlair
+    - common
    - bank-terminal
--- a/common.yaml
+++ b/common.yaml
@ -3,4 +3,3 @@
 - hosts: debian
  roles:
    - common
-    - common-bitlair
--- a/fotos.yaml
+++ b/fotos.yaml
@ -3,5 +3,4 @@
 - hosts: fotos
  roles:
    - common
-    - common-bitlair
    - photos
--- a/git-ci.yaml
+++ b/git-ci.yaml
@ -3,5 +3,4 @@
 - hosts: git-ci
  roles:
    - common
-    - common-bitlair
    - git-ci
--- a/git.yaml
+++ b/git.yaml
@ -3,6 +3,5 @@
 - hosts: git
  roles:
    - common
-    - common-bitlair
    - acme
    - git-server
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@ -1,3 +1,5 @@
+---
+
 is_vm: true

 ansible_user: root
@ -31,3 +33,7 @@ root_access:

 mqtt_internal_host: mqtt.bitlair.nl
 mqtt_public_host: bitlair.nl
+
+debian_repourl: "http://deb.debian.org/debian/"
+debian_securityurl: "http://security.debian.org/debian-security"
+
--- a/36
+++ b/36
@ -6,15 +6,49 @@ bank-pi.bitlair.nl
 [kvm]
 kvm4.bitlair.nl

-[debian]
+[bank]
 bank.bitlair.nl
+
+[fotos]
 blockchain.bitlair.nl
+
+[git]
 git.bitlair.nl
+
+[git-ci]
 git-ci.bitlair.nl
+
+[pad]
 pad.bitlair.nl
+
+[lights]
 lights.bitlair.nl
+
+[mqtt]
 mqtt.bitlair.nl
+
+[monitoring]
 dashboard.bitlair.nl
+
+[music]
 music.bitlair.nl
+
+[services]
 service.bitlair.nl
+
+[wiki]
 wiki.bitlair.nl
+
+[debian:children]
+bank
+fotos
+git
+git-ci
+pad
+lights
+mqtt
+monitoring
+music
+services
+wiki
+
--- a/monitoring.yaml
+++ b/monitoring.yaml
@ -3,6 +3,5 @@
 - hosts: monitoring
  roles:
    - common
-    - common-bitlair
    - acme
    - monitoring
--- a/mqtt-internal.yaml
+++ b/mqtt-internal.yaml
@ -3,5 +3,4 @@
 - hosts: mqtt_internal
  roles:
    - common
-    - common-bitlair
    - mqtt-internal
--- a/music.yaml
+++ b/music.yaml
@ -3,7 +3,6 @@
 - hosts: music
  roles:
    - common
-    - common-bitlair
    - acme
    - go
    - music
--- a/pad.yaml
+++ b/pad.yaml
@ -6,6 +6,5 @@
      - [ pad.bitlair.nl ]
  roles:
    - common
-    - common-bitlair
    - acme
    - etherpad
--- a/roles/common/tasks/apt-minimal.yaml
+++ b/roles/common/tasks/apt-minimal.yaml
@ -1,4 +1,5 @@
 ---
+
 - name: Configure auto-upgrades
  ansible.builtin.template:
    src: apt-minimal
--- a/roles/common/tasks/common-bitlair.yaml
+++ b/roles/common/tasks/common-bitlair.yaml
--- a/roles/common/tasks/debian-backports.yaml
+++ b/roles/common/tasks/debian-backports.yaml
@ -1,11 +0,0 @@
---
- name: Install backports source list
-  ansible.builtin.template:
-    src: backports-source.list
-    dest: /etc/apt/sources.list.d/backports.list
-    owner: root
-    group: root
-    mode: 0644
-  notify: apt update
-
- ansible.builtin.meta: flush_handlers
--- a/roles/common/tasks/debian-upgrade.yaml
+++ b/roles/common/tasks/debian-upgrade.yaml
@ -1,4 +1,5 @@
 ---
+
 - name: Install source list
  ansible.builtin.template:
    src: stable-sources.list
--- a/roles/common/tasks/main.yaml
+++ b/roles/common/tasks/main.yaml
@ -6,15 +6,25 @@
  when: ansible_facts['distribution_release'] != "bookworm"
  tags: [ debian-upgrade, never ]

- name: Import debian-backports.yaml
-  ansible.builtin.import_tasks:
-    file: debian-backports.yaml
+- name: Apt config and sources.list
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: "{{ item.mode | default('0644') }}"
+    owner: "{{ item.owner | default('root') }}"
+    group: "{{ item.group | default('root') }}"
+  with_items:
+    - { src: "apt.conf.j2", dest: "/etc/apt/apt.conf" }
+    - { src: "sources.list.j2", dest: "/etc/apt/sources.list" }
+  when:
+    - ansible_os_family == "Debian"
+  tags:
+    - sourceslist

-  tags: debian_backports
-
- tags: unattended_updates
+- name: Import unattended-updates
  ansible.builtin.import_tasks:
    file: unattended-updates.yaml
+  tags: unattended_updates

 - tags: apt-minimal
  ansible.builtin.import_tasks:
--- a/roles/common/tasks/node-exporter.yaml
+++ b/roles/common/tasks/node-exporter.yaml
@ -1,4 +1,5 @@
 ---
+
 - name: Install node-exporter
  ansible.builtin.apt:
    name: prometheus-node-exporter
--- a/roles/common/templates/apt.conf.j2
+++ b/roles/common/templates/apt.conf.j2
@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+{% if proxy_host is defined and proxy_host != "" %}
+Acquire::http::Proxy "http://{{ proxy_host }}:{{ proxy_port }}/";
+{% endif %}
+
+# Don't download translation-files
+Acquire::Languages "none";
--- a/roles/common-bitlair/templates/authorized_keys.j2
+++ b/roles/common-bitlair/templates/authorized_keys.j2
--- a/roles/common/templates/backports-source.list
+++ b/roles/common/templates/backports-source.list
@ -1,4 +0,0 @@
-# Managed by Ansible
-
-deb http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main
-deb-src http://ftp.nl.debian.org/debian/ {{ ansible_facts.distribution_release }}-backports main
--- a/roles/common/templates/sources.list.j2
+++ b/roles/common/templates/sources.list.j2
@ -0,0 +1,24 @@
+# {{ ansible_managed }}
+
+{% if debian_source_repos|default(false) %}
+{% set SRC = "" %}
+{% else %}
+{% set SRC = "# " %}
+{% endif %}
+{% set components = "main contrib non-free-firmware" %}
+
+deb {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }}
+{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }} {{ components }}
+#
+# Updates
+deb {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }}
+{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-updates {{ components }}
+#
+# Backports
+deb {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }}
+{{ SRC }}deb-src {{ debian_repourl }} {{ ansible_distribution_release }}-backports {{ components }}
+#
+# Security patches
+deb {{ debian_securityurl }} {{ ansible_distribution_release }}-security {{ components }}
+{{ SRC }}deb-src {{ debian_securityurl }} {{ ansible_distribution_release }}-security main contrib non-  free
+
--- a/roles/common/templates/stable-sources.list
+++ b/roles/common/templates/stable-sources.list
@ -1,8 +0,0 @@
-deb http://deb.debian.org/debian bookworm main non-free-firmware
-deb-src http://deb.debian.org/debian bookworm main non-free-firmware
-
-deb http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
-deb-src http://deb.debian.org/debian-security/ bookworm-security main non-free-firmware
-
-deb http://deb.debian.org/debian bookworm-updates main non-free-firmware
-deb-src http://deb.debian.org/debian bookworm-updates main non-free-firmware
--- a/services.yaml
+++ b/services.yaml
@ -3,5 +3,4 @@
 - hosts: services
  roles:
    - common
-    - common-bitlair
    - services
--- a/www.yaml
+++ b/www.yaml
@ -3,6 +3,5 @@
 - hosts: wiki
  roles:
    - common
-    - common-bitlair
    - acme
    - www