feat(role): Initial commit

.gitignore

@@ -1,86 +1 @@
-# ---> JetBrains
-# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider
-# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839
-
-# User-specific stuff
-.idea/**/workspace.xml
-.idea/**/tasks.xml
-.idea/**/usage.statistics.xml
-.idea/**/dictionaries
-.idea/**/shelf
-
-# AWS User-specific
-.idea/**/aws.xml
-
-# Generated files
-.idea/**/contentModel.xml
-
-# Sensitive or high-churn files
-.idea/**/dataSources/
-.idea/**/dataSources.ids
-.idea/**/dataSources.local.xml
-.idea/**/sqlDataSources.xml
-.idea/**/dynamic.xml
-.idea/**/uiDesigner.xml
-.idea/**/dbnavigator.xml
-
-# Gradle
-.idea/**/gradle.xml
-.idea/**/libraries
-
-# Gradle and Maven with auto-import
-# When using Gradle or Maven with auto-import, you should exclude module files,
-# since they will be recreated, and may cause churn.  Uncomment if using
-# auto-import.
-# .idea/artifacts
-# .idea/compiler.xml
-# .idea/jarRepositories.xml
-# .idea/modules.xml
-# .idea/*.iml
-# .idea/modules
-# *.iml
-# *.ipr
-
-# CMake
-cmake-build-*/
-
-# Mongo Explorer plugin
-.idea/**/mongoSettings.xml
-
-# File-based project format
-*.iws
-
-# IntelliJ
-out/
-
-# mpeltonen/sbt-idea plugin
-.idea_modules/
-
-# JIRA plugin
-atlassian-ide-plugin.xml
-
-# Cursive Clojure plugin
-.idea/replstate.xml
-
-# SonarLint plugin
-.idea/sonarlint/
-
-# Crashlytics plugin (for Android Studio and IntelliJ)
-com_crashlytics_export_strings.xml
-crashlytics.properties
-crashlytics-build.properties
-fabric.properties
-
-# Editor-based Rest Client
-.idea/httpRequests
-
-# Android studio 3.1+ serialized cache file
-.idea/caches/build_file_checksums.ser
-
-# ---> JetBrainsWorkspace
-# Additional coverage for JetBrains IDEs workspace files
-.idea/deployment.xml
-.idea/misc.xml
-.idea/remote-mappings.xml
-.idea/*.iml
-
+.idea

README.md

@@ -1,3 +1,62 @@
-# role-common-packages
+[//]: # (SPDX-License-Identifier: MIT)
+# Role Name
 
-Install packages
+role-common-packages
+
+# Description
+
+Installs a smattering of packages into target machines.
+
+# Requirements
+
+Currently deals exclusively with Linux machines.
+
+# Role Variables
+
+Per [defaults/main.yml](defaults/main.yml) this role is equipped to deal with Arch Linux and Debian.
+
+- `packages_linux_common_all_families`: Place package names in this list that are identical across all Linux flavors.
+    ```
+    packages_linux_common_all_families:
+      - 'git'
+      - 'parted'
+      - 'wget'
+    ```
+- `packages_linux_common_*`: Add package names to an operating system-specific list if it's unique to that operating system. The asterisk (`*`) is a placeholder for `ansible_facts['os_family'] | lower`. If `ansible_facts['os_family']` equals `Debian` then this becomes `debian` and the list turns into `packages_linux_common_debian`; same for `packages_linux_common_archlinux` etc. Note that for Arch Linux these are official packages only, not packages from the Arch User Repository.
+    ```
+    packages_linux_common_archlinux:
+      - 'difftastic'
+      - 'eza'
+      - 'openbsd-netcat'
+      
+    packages_linux_common_debian:
+      - 'bind9-dnsutils'
+      - 'unattended-upgrades'
+      - 'xxd'
+    ```
+- `packages_linux_paru_archlinux`: Add package names to this list that are exclusive to Arch Linux and must be installed from the Arch User Repository (AUR).
+    ```
+    `packages_linux_paru_archlinux`:
+      - 'downgrade'
+      - 'flent'
+      - 'paccache-hook'
+    ```
+
+# Dependencies
+
+This role depends on the [kewlfft.aur](https://galaxy.ansible.com/ui/repo/published/kewlfft/aur/) Ansible collection to install packages from Arch User Repository on Arch Linux target machines.
+
+# Example Playbook
+
+In your `playbook.yml` call it like so:
+
+```
+- name: 'Awesome playbook'
+  hosts: all
+  roles:
+    - 'role-common-packages'
+```
+
+# License
+
+MIT

defaults/main.yml

@@ -0,0 +1,54 @@
+# SPDX-License-Identifier: MIT
+packages_linux_common_all_families:
+  - 'bc'
+  - 'btop'
+  - 'dosfstools'
+  - 'fping'
+  - 'git'
+  - 'iperf3'
+  - 'jq'
+  - 'lnav'
+  - 'lsof'
+  - 'mbuffer'
+  - 'mtr'
+  - 'ncdu'
+  - 'netperf'
+  - 'parallel'
+  - 'parted'
+  - 'patch'
+  - 'pigz'
+  - 'pv'
+  - 'rsync'
+  - 'swaks'
+  - 'tcpdump'
+  - 'tmux'
+  - 'tree'
+  - 'unzip'
+  - 'wget'
+
+packages_linux_common_archlinux:
+  - 'bind'
+  - 'difftastic'
+  - 'eza'
+  - 'go-yq'
+  - 'gptfdisk'
+  - 'openbsd-netcat'
+  - 'qemu-guest-agent'
+  - 'uv'
+
+packages_linux_paru_archlinux:
+  - 'downgrade'
+  - 'flent'
+  - 'mmv'
+  - 'paccache-hook'
+
+packages_linux_common_debian:
+  - 'apt-file'
+  - 'bind9-dnsutils'
+  - 'exa'
+  - 'flent'
+  - 'gdisk'
+  - 'mmv'
+  - 'netcat-openbsd'
+  - 'unattended-upgrades'
+  - 'xxd'

files/etc/apt/apt.conf.d/20auto-upgrades

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: MIT
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";

handlers/main.yml

@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: MIT
+- name: 'Rebuild e-mail aliases lookup tables'
+  ansible.builtin.shell: |
+    newaliases
+  listen: 'Ensure that a Mail Transfer Agent is running with newest config'
+
+- name: 'Restart postfix.service'
+  ansible.builtin.service:
+    name: 'postfix.service'
+    state: 'restarted'
+    enabled: true
+  listen: 'Ensure that a Mail Transfer Agent is running with newest config'

meta/main.yml

@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: MIT
+galaxy_info:
+  author: 'hygienic-books'
+  description: 'Installs packages'
+  license: MIT
+  min_ansible_version: 2.18.1
+  galaxy_tags:
+    - 'packages'
+    - 'applications'
+    - 'software'
+dependencies:
+  - kewlfft.aur

tasks/main.yml

@@ -0,0 +1,22 @@
+# SPDX-License-Identifier: MIT
+- name: 'If OS is a Linux flavor install Linux-specific packages'
+  when: 'ansible_facts[''system''] | lower == ''linux'''
+  ansible.builtin.package:
+    name: '{{ packages_linux_common_all_families }}'
+    state: 'present'
+
+- name: 'If ''os_family'' is ''{{ ansible_facts[''os_family''] | lower }}'' install {{ ansible_facts[''os_family''] | lower }}-specific packages'
+  ansible.builtin.package:
+    name: '{{ vars[''packages_linux_common_'' + ansible_facts[''os_family''] | lower] }}'
+    state: 'present'
+
+- name: 'If Arch Linux install Arch User Repository (AUR) packages'
+  when: 'ansible_facts[''os_family''] | lower == ''archlinux'''
+  kewlfft.aur.aur:
+    name: '{{ packages_linux_paru_archlinux }}'
+    state: 'present'
+  become: 'yes'
+  become_user: 'build'
+
+- import_tasks: 'maintenance-unattended-upgrades.yml'
+  when: 'ansible_facts[''os_family''] | lower == ''debian'''

tasks/maintenance-unattended-upgrades.yml

@@ -0,0 +1,32 @@
+# SPDX-License-Identifier: MIT
+- name: 'If Debian configure unattended upgrades behavior'
+  loop_control:
+    loop_var: 'pve_maintenance_unattended_config'
+    label: 'Configure {{ pve_maintenance_unattended_config.human_readable_option }}'
+  loop:
+    - { insertafter: '^Unattended-Upgrade::Origins-Pattern ',             line: '        "origin=*";',                                    regexp: '^        "origin=\*";',                                  human_readable_option: 'all packages as eligible for unattended upgrades' }
+    - { insertafter: '//Unattended-Upgrade::Mail ',                       line: 'Unattended-Upgrade::Mail "root@localhost";',             regexp: '^Unattended-Upgrade::Mail [^;]+;',                       human_readable_option: 'e-mail address for upgrade warnings' }
+    - { insertafter: '//Unattended-Upgrade::MailReport ',                 line: 'Unattended-Upgrade::MailReport "on-change";',            regexp: '^Unattended-Upgrade::MailReport [^;]+;',                 human_readable_option: 'conditions for e-mail upgrade notices' }
+    - { insertafter: '//Unattended-Upgrade::Remove-Unused-Dependencies ', line: 'Unattended-Upgrade::Remove-Unused-Dependencies "true";', regexp: '^Unattended-Upgrade::Remove-Unused-Dependencies [^;]+;', human_readable_option: 'auto-removal of unused dependencies' }
+    - { insertafter: '//Unattended-Upgrade::Automatic-Reboot ',           line: 'Unattended-Upgrade::Automatic-Reboot "true";',           regexp: '^Unattended-Upgrade::Automatic-Reboot [^;]+;',           human_readable_option: 'automatic reboots' }
+    - { insertafter: '//Unattended-Upgrade::Automatic-Reboot-Time ',      line: 'Unattended-Upgrade::Automatic-Reboot-Time "+1";',        regexp: '^Unattended-Upgrade::Automatic-Reboot-Time [^;]+;',      human_readable_option: 'reboots when needed, 1 minute delay' }
+    - { insertafter: '//Acquire::http::Dl-Limit ',                        line: 'Acquire::http::Dl-Limit "0";',                           regexp: '^Acquire::http::Dl-Limit [^;]+;',                        human_readable_option: 'unlimited download speed' }
+  ansible.builtin.lineinfile:
+    path: '/etc/apt/apt.conf.d/50unattended-upgrades'
+    insertafter: '{{ pve_maintenance_unattended_config.insertafter }}'
+    line: '{{ pve_maintenance_unattended_config.line }}'
+    regexp: '{{ pve_maintenance_unattended_config.regexp }}'
+
+- name: 'If Debian configure automatic apt-get update runs'
+  ansible.builtin.copy:
+    src: 'etc/apt/apt.conf.d/20auto-upgrades'
+    dest: '/etc/apt/apt.conf.d/20auto-upgrades'
+
+- name: 'If Debian add e-mail alias for user ''root'''
+  ansible.builtin.lineinfile:
+    path: '/etc/aliases'
+    insertafter: 'EOF'
+    regexp: '^root:.*'
+    line: 'root: {{ e_mail_notifications_addressee }}'
+  notify:
+    - 'Ensure that a Mail Transfer Agent is running with newest config'