##################################### ### someone's ansible provisioner ### ##################################### # Part of: https://git.somenet.org/root/pub/somesible.git # 2017-2024 by someone # --- - name: copy apt sources.list copy: src: "{{item}}" dest: "/etc/apt/sources.list" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/apt-sources.list" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/apt-sources.list" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/apt-sources.list" - "default/apt-sources.list" - name: copy apt package-pinning copy: src: "{{item}}" dest: "/etc/apt/preferences.d/pinning.pref" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/apt-pinning.pref" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/apt-pinning.pref" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/apt-pinning.pref" - "default/apt-pinning.pref" - name: copy apt kernel autoremove settings copy: src: "{{item}}" dest: "/etc/apt/apt.conf.d/01autoremove" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/apt.conf.d/01autoremove" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/01autoremove" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/01autoremove" - "default/apt.conf.d/01autoremove" - name: copy additional apt settings copy: src: "{{item}}" dest: "/etc/apt/apt.conf.d/90somecustom" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/apt.conf.d/90somecustom" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/90somecustom" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/90somecustom" - "default/apt.conf.d/90somecustom" - name: copy additional dpkg settings copy: src: "{{item}}" dest: "/etc/dpkg/dpkg.cfg.d/90somecustom" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/dpkg.cfg.d-90somecustom" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/dpkg.cfg.d-90somecustom" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/dpkg.cfg.d-90somecustom" - "default/dpkg.cfg.d-90somecustom" - name: copy ucf settings copy: src: "{{item}}" dest: "/etc/ucf.conf" mode: 0644 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ucf.conf" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ucf.conf" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ucf.conf" - "default/ucf.conf" - name: copy ucf bin to /usr/bin/ucf copy: src: "{{item}}" dest: "/usr/bin/ucf" mode: 0755 owner: "root" group: "root" with_first_found: - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ucf.bin" - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ucf.bin" - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ucf.bin" - "default/ucf.bin" - name: disable and stop apt-daily.timer systemd: name: apt-daily.timer daemon_reload: yes enabled: no state: stopped - name: disable and stop apt-daily-upgrade.timer systemd: name: apt-daily-upgrade.timer daemon_reload: yes enabled: no state: stopped - name: update repository cache if older than {{apt_cache_valid_time}} sec apt: update_cache: yes cache_valid_time: "{{apt_cache_valid_time}}" tags: "online" ignore_errors: True - name: install apt helper packages apt: pkg: "{{apt_helper_packages}}" state: present policy_rc_d: 101 tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" register: temp - name: update repository cache once more apt: update_cache: yes tags: "online" ignore_errors: True when: temp.changed # Use new configs. always. otherwise things like distupgrade can break. - name: upgrade packages apt: upgrade: dist install_recommends: no policy_rc_d: 101 dpkg_options: 'force-confnew,force-confmiss' tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" - name: remove dependencies that are no longer required apt: autoremove: yes purge: yes tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" when: apt_cleanup | bool - name: remove useless packages from the download cache apt: autoclean: yes tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" when: apt_cleanup | bool - name: install additional packages apt: pkg: "{{ apt_additional_pkg + apt_additional_pkg_extra }}" state: present policy_rc_d: 101 tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" - name: install additional bare metal packages apt: pkg: "{{ apt_additional_pkg_bare_metal }}" state: present policy_rc_d: 101 when: is_bare_metal | bool tags: "online" ignore_errors: "{{ignore_online_errors | bool}}" # hacky, but sufficient for now: enablestart some installed services - name: enable and start plocate-updatedb.timer include_role: name="base/systemd/enable-and-start" vars: service_name: plocate-updatedb.timer - name: enable and start lm-sensors.service include_role: name="base/systemd/enable-and-start" vars: service_name: lm-sensors.service when: is_bare_metal | bool - name: enable and start smartmontools.service include_role: name="base/systemd/enable-and-start" vars: service_name: smartmontools.service when: is_bare_metal | bool