Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • registry-mirror
  • nginx-default-site
  • acmeserver2
  • clickhouse
  • improve-dns-toplevel-probes
  • tabacco-in-container
  • rsyslog-modern-json
  • improve-service-discovery
  • prometheus-external-healthchecks
  • env-vars-in-include-paths
  • dns-resolver
  • service-turndown
  • use_proxy_protocol
  • loki
  • docs_operating
  • net-overlay_firewall_containers
  • webdiff
18 results

apt.yml

Blame
    • apt.yml 3.58 KiB 
    ---

# Set the global apt HTTP proxy to the value of 'apt_proxy'. This
# will cover the default package sources (so we don't have to mangle
# sources.list). For https sources though we're going to have to use
# the awful {% if %} construct inline, to inject the apt_proxy in
# the apt_repository itself. See the docker role for an example.
- name: Install apt proxy
  when: apt_proxy is defined
  template:
    src: 90proxy.j2
    dest: /etc/apt/apt.conf.d/90proxy

- name: Disable apt proxy
  when: apt_proxy is not defined
  file:
    state: absent
    dest: /etc/apt/apt.conf.d/90proxy

- name: Configure apt
  copy:
    src: "apt/{{ item }}"
    dest: "/etc/apt/apt.conf.d/{{ item }}"
  with_items:
    - 02periodic
    - 03no-recommends
    - 50unattended-upgrades

- name: Setup apt trusted keyring
  copy:
    src: "apt/deb_autistici_org.gpg"
    dest: "/usr/share/keyrings/deb.autistici.org.gpg"

- name: Remove legacy apt keyring
  file:
    path: "/etc/apt/trusted.gpg.d/deb_autistici_org.gpg"
    state: absent

- name: Remove legacy repositories
  apt_repository:
    repo: "{{ item }}"
    state: absent
    update_cache: no
  loop:
    - "deb http://deb.autistici.org/urepo ai3/"
    - "deb http://deb.autistici.org/urepo buster-podman/"

- name: Install our standard sources.list
  template:
    src: "sources.list.j2"
    dest: "/etc/apt/sources.list"
  register: sources_list

- name: Install package repositories
  apt_repository:
    repo: "deb [signed-by=/usr/share/keyrings/deb.autistici.org.gpg] http://deb.autistici.org/urepo float/{{ item }}/"
    state: "{{ 'present' if item == float_debian_dist else 'absent' }}"
  loop:
    - stretch
    - buster
    - bullseye
    - bookworm

- name: Run apt update
  apt:
    update_cache: yes
    cache_valid_time: '{{ 1800 if ansible_distribution_release == float_debian_dist else 1 }}'
  changed_when: false

# If we're updating the distro, the first round of 'apt upgrade'