[roles/util/letsencrypt-cert] request letsencrypt-cert helper role

[root/pub/somesible.git] / roles / base / apt / tasks / main.yml

#####################################
### someone's ansible provisioner ###
#####################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2024 by someone <someone@somenet.org>
#
---
- name: copy apt sources.list
  copy:
    src: "{{item}}"
    dest: "/etc/apt/sources.list"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/apt-sources.list"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/apt-sources.list"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/apt-sources.list"
    - "default/apt-sources.list"


- name: copy apt package-pinning
  copy:
    src: "{{item}}"
    dest: "/etc/apt/preferences.d/pinning.pref"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/apt-pinning.pref"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/apt-pinning.pref"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/apt-pinning.pref"
    - "default/apt-pinning.pref"


- name: copy apt kernel autoremove settings
  copy:
    src: "{{item}}"
    dest: "/etc/apt/apt.conf.d/01autoremove"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/apt.conf.d/01autoremove"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/01autoremove"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/01autoremove"
    - "default/apt.conf.d/01autoremove"


- name: copy additional apt settings
  copy:
    src: "{{item}}"
    dest: "/etc/apt/apt.conf.d/90somecustom"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/apt.conf.d/90somecustom"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/90somecustom"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/90somecustom"
    - "default/apt.conf.d/90somecustom"


- name: copy additional dpkg settings
  copy:
    src: "{{item}}"
    dest: "/etc/dpkg/dpkg.cfg.d/90somecustom"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/dpkg.cfg.d-90somecustom"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/dpkg.cfg.d-90somecustom"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/dpkg.cfg.d-90somecustom"
    - "default/dpkg.cfg.d-90somecustom"


- name: copy ucf settings
  copy:
    src: "{{item}}"
    dest: "/etc/ucf.conf"
    mode: 0644
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ucf.conf"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ucf.conf"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ucf.conf"
    - "default/ucf.conf"


- name: copy ucf bin to /usr/bin/ucf
  copy:
    src: "{{item}}"
    dest: "/usr/bin/ucf"
    mode: 0755
    owner: "root"
    group: "root"
  with_first_found:
    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ucf.bin"
    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ucf.bin"
    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ucf.bin"
    - "default/ucf.bin"


- name: disable and stop apt-daily.timer
  systemd:
    name: apt-daily.timer
    daemon_reload: yes
    enabled: no
    state: stopped


- name: disable and stop apt-daily-upgrade.timer
  systemd:
    name: apt-daily-upgrade.timer
    daemon_reload: yes
    enabled: no
    state: stopped


- name: update repository cache if older than {{apt_cache_valid_time}} sec
  apt:
    update_cache: yes
    cache_valid_time: "{{apt_cache_valid_time}}"
  tags: "online"
  ignore_errors: True


- name: install apt helper packages
  apt:
    pkg: "{{apt_helper_packages}}"
    state: present
    policy_rc_d: 101
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"
  register: temp


- name: update repository cache once more
  apt:
    update_cache: yes
  tags: "online"
  ignore_errors: True
  when: temp.changed


# Use new configs. always. otherwise things like distupgrade can break.
- name: upgrade packages
  apt:
    upgrade: dist
    install_recommends: no
    policy_rc_d: 101
    dpkg_options: 'force-confnew,force-confmiss'
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


- name: remove dependencies that are no longer required
  apt:
    autoremove: yes
    purge: yes
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"
  when: apt_cleanup | bool


- name: remove useless packages from the download cache
  apt:
    autoclean: yes
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"
  when: apt_cleanup | bool


- name: install additional packages
  apt:
    pkg: "{{ apt_additional_pkg + apt_additional_pkg_extra }}"
    state: present
    policy_rc_d: 101
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


- name: install additional bare metal packages
  apt:
    pkg: "{{ apt_additional_pkg_bare_metal }}"
    state: present
    policy_rc_d: 101
  when: is_bare_metal | bool
  tags: "online"
  ignore_errors: "{{ignore_online_errors | bool}}"


# hacky, but sufficient for now: enablestart some installed services
- name: enable and start plocate-updatedb.timer
  include_role: name="base/systemd/enable-and-start"
  vars:
    service_name: plocate-updatedb.timer

- name: enable and start lm-sensors.service
  include_role: name="base/systemd/enable-and-start"
  vars:
    service_name: lm-sensors.service
  when: is_bare_metal | bool

- name: enable and start smartmontools.service
  include_role: name="base/systemd/enable-and-start"
  vars:
    service_name: smartmontools.service
  when: is_bare_metal | bool