From 06345b13ffbd48b9b800cbadf0568e03f526a5be Mon Sep 17 00:00:00 2001 From: hygienic-books Date: Wed, 2 Apr 2025 03:17:05 +0200 Subject: [PATCH] feat(role): Initial commit --- .gitignore | 87 +---------------------- README.md | 63 +++++++++++++++- defaults/main.yml | 54 ++++++++++++++ files/etc/apt/apt.conf.d/20auto-upgrades | 3 + handlers/main.yml | 12 ++++ meta/main.yml | 12 ++++ tasks/main.yml | 22 ++++++ tasks/maintenance-unattended-upgrades.yml | 32 +++++++++ 8 files changed, 197 insertions(+), 88 deletions(-) create mode 100644 defaults/main.yml create mode 100644 files/etc/apt/apt.conf.d/20auto-upgrades create mode 100644 handlers/main.yml create mode 100644 meta/main.yml create mode 100644 tasks/main.yml create mode 100644 tasks/maintenance-unattended-upgrades.yml diff --git a/.gitignore b/.gitignore index 5a43d99..485dee6 100644 --- a/.gitignore +++ b/.gitignore @@ -1,86 +1 @@ -# ---> JetBrains -# Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider -# Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 - -# User-specific stuff -.idea/**/workspace.xml -.idea/**/tasks.xml -.idea/**/usage.statistics.xml -.idea/**/dictionaries -.idea/**/shelf - -# AWS User-specific -.idea/**/aws.xml - -# Generated files -.idea/**/contentModel.xml - -# Sensitive or high-churn files -.idea/**/dataSources/ -.idea/**/dataSources.ids -.idea/**/dataSources.local.xml -.idea/**/sqlDataSources.xml -.idea/**/dynamic.xml -.idea/**/uiDesigner.xml -.idea/**/dbnavigator.xml - -# Gradle -.idea/**/gradle.xml -.idea/**/libraries - -# Gradle and Maven with auto-import -# When using Gradle or Maven with auto-import, you should exclude module files, -# since they will be recreated, and may cause churn. Uncomment if using -# auto-import. -# .idea/artifacts -# .idea/compiler.xml -# .idea/jarRepositories.xml -# .idea/modules.xml -# .idea/*.iml -# .idea/modules -# *.iml -# *.ipr - -# CMake -cmake-build-*/ - -# Mongo Explorer plugin -.idea/**/mongoSettings.xml - -# File-based project format -*.iws - -# IntelliJ -out/ - -# mpeltonen/sbt-idea plugin -.idea_modules/ - -# JIRA plugin -atlassian-ide-plugin.xml - -# Cursive Clojure plugin -.idea/replstate.xml - -# SonarLint plugin -.idea/sonarlint/ - -# Crashlytics plugin (for Android Studio and IntelliJ) -com_crashlytics_export_strings.xml -crashlytics.properties -crashlytics-build.properties -fabric.properties - -# Editor-based Rest Client -.idea/httpRequests - -# Android studio 3.1+ serialized cache file -.idea/caches/build_file_checksums.ser - -# ---> JetBrainsWorkspace -# Additional coverage for JetBrains IDEs workspace files -.idea/deployment.xml -.idea/misc.xml -.idea/remote-mappings.xml -.idea/*.iml - +.idea diff --git a/README.md b/README.md index 2592aa9..a00ca89 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,62 @@ -# role-common-packages +[//]: # (SPDX-License-Identifier: MIT) +# Role Name -Install packages \ No newline at end of file +role-common-packages + +# Description + +Installs a smattering of packages into target machines. + +# Requirements + +Currently deals exclusively with Linux machines. + +# Role Variables + +Per [defaults/main.yml](defaults/main.yml) this role is equipped to deal with Arch Linux and Debian. + +- `packages_linux_common_all_families`: Place package names in this list that are identical across all Linux flavors. + ``` + packages_linux_common_all_families: + - 'git' + - 'parted' + - 'wget' + ``` +- `packages_linux_common_*`: Add package names to an operating system-specific list if it's unique to that operating system. The asterisk (`*`) is a placeholder for `ansible_facts['os_family'] | lower`. If `ansible_facts['os_family']` equals `Debian` then this becomes `debian` and the list turns into `packages_linux_common_debian`; same for `packages_linux_common_archlinux` etc. Note that for Arch Linux these are official packages only, not packages from the Arch User Repository. + ``` + packages_linux_common_archlinux: + - 'difftastic' + - 'eza' + - 'openbsd-netcat' + + packages_linux_common_debian: + - 'bind9-dnsutils' + - 'unattended-upgrades' + - 'xxd' + ``` +- `packages_linux_paru_archlinux`: Add package names to this list that are exclusive to Arch Linux and must be installed from the Arch User Repository (AUR). + ``` + `packages_linux_paru_archlinux`: + - 'downgrade' + - 'flent' + - 'paccache-hook' + ``` + +# Dependencies + +This role depends on the [kewlfft.aur](https://galaxy.ansible.com/ui/repo/published/kewlfft/aur/) Ansible collection to install packages from Arch User Repository on Arch Linux target machines. + +# Example Playbook + +In your `playbook.yml` call it like so: + +``` +- name: 'Awesome playbook' + hosts: all + roles: + - 'role-common-packages' +``` + +# License + +MIT diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..9cff485 --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,54 @@ +# SPDX-License-Identifier: MIT +packages_linux_common_all_families: + - 'bc' + - 'btop' + - 'dosfstools' + - 'fping' + - 'git' + - 'iperf3' + - 'jq' + - 'lnav' + - 'lsof' + - 'mbuffer' + - 'mtr' + - 'ncdu' + - 'netperf' + - 'parallel' + - 'parted' + - 'patch' + - 'pigz' + - 'pv' + - 'rsync' + - 'swaks' + - 'tcpdump' + - 'tmux' + - 'tree' + - 'unzip' + - 'wget' + +packages_linux_common_archlinux: + - 'bind' + - 'difftastic' + - 'eza' + - 'go-yq' + - 'gptfdisk' + - 'openbsd-netcat' + - 'qemu-guest-agent' + - 'uv' + +packages_linux_paru_archlinux: + - 'downgrade' + - 'flent' + - 'mmv' + - 'paccache-hook' + +packages_linux_common_debian: + - 'apt-file' + - 'bind9-dnsutils' + - 'exa' + - 'flent' + - 'gdisk' + - 'mmv' + - 'netcat-openbsd' + - 'unattended-upgrades' + - 'xxd' diff --git a/files/etc/apt/apt.conf.d/20auto-upgrades b/files/etc/apt/apt.conf.d/20auto-upgrades new file mode 100644 index 0000000..41c4cfd --- /dev/null +++ b/files/etc/apt/apt.conf.d/20auto-upgrades @@ -0,0 +1,3 @@ +// SPDX-License-Identifier: MIT +APT::Periodic::Update-Package-Lists "1"; +APT::Periodic::Unattended-Upgrade "1"; diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..279c7f1 --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: MIT +- name: 'Rebuild e-mail aliases lookup tables' + ansible.builtin.shell: | + newaliases + listen: 'Ensure that a Mail Transfer Agent is running with newest config' + +- name: 'Restart postfix.service' + ansible.builtin.service: + name: 'postfix.service' + state: 'restarted' + enabled: true + listen: 'Ensure that a Mail Transfer Agent is running with newest config' diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..eaa0b35 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,12 @@ +# SPDX-License-Identifier: MIT +galaxy_info: + author: 'hygienic-books' + description: 'Installs packages' + license: MIT + min_ansible_version: 2.18.1 + galaxy_tags: + - 'packages' + - 'applications' + - 'software' +dependencies: + - kewlfft.aur diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..e1a36ea --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,22 @@ +# SPDX-License-Identifier: MIT +- name: 'If OS is a Linux flavor install Linux-specific packages' + when: 'ansible_facts[''system''] | lower == ''linux''' + ansible.builtin.package: + name: '{{ packages_linux_common_all_families }}' + state: 'present' + +- name: 'If ''os_family'' is ''{{ ansible_facts[''os_family''] | lower }}'' install {{ ansible_facts[''os_family''] | lower }}-specific packages' + ansible.builtin.package: + name: '{{ vars[''packages_linux_common_'' + ansible_facts[''os_family''] | lower] }}' + state: 'present' + +- name: 'If Arch Linux install Arch User Repository (AUR) packages' + when: 'ansible_facts[''os_family''] | lower == ''archlinux''' + kewlfft.aur.aur: + name: '{{ packages_linux_paru_archlinux }}' + state: 'present' + become: 'yes' + become_user: 'build' + +- import_tasks: 'maintenance-unattended-upgrades.yml' + when: 'ansible_facts[''os_family''] | lower == ''debian''' diff --git a/tasks/maintenance-unattended-upgrades.yml b/tasks/maintenance-unattended-upgrades.yml new file mode 100644 index 0000000..11c7208 --- /dev/null +++ b/tasks/maintenance-unattended-upgrades.yml @@ -0,0 +1,32 @@ +# SPDX-License-Identifier: MIT +- name: 'If Debian configure unattended upgrades behavior' + loop_control: + loop_var: 'pve_maintenance_unattended_config' + label: 'Configure {{ pve_maintenance_unattended_config.human_readable_option }}' + loop: + - { insertafter: '^Unattended-Upgrade::Origins-Pattern ', line: ' "origin=*";', regexp: '^ "origin=\*";', human_readable_option: 'all packages as eligible for unattended upgrades' } + - { insertafter: '//Unattended-Upgrade::Mail ', line: 'Unattended-Upgrade::Mail "root@localhost";', regexp: '^Unattended-Upgrade::Mail [^;]+;', human_readable_option: 'e-mail address for upgrade warnings' } + - { insertafter: '//Unattended-Upgrade::MailReport ', line: 'Unattended-Upgrade::MailReport "on-change";', regexp: '^Unattended-Upgrade::MailReport [^;]+;', human_readable_option: 'conditions for e-mail upgrade notices' } + - { insertafter: '//Unattended-Upgrade::Remove-Unused-Dependencies ', line: 'Unattended-Upgrade::Remove-Unused-Dependencies "true";', regexp: '^Unattended-Upgrade::Remove-Unused-Dependencies [^;]+;', human_readable_option: 'auto-removal of unused dependencies' } + - { insertafter: '//Unattended-Upgrade::Automatic-Reboot ', line: 'Unattended-Upgrade::Automatic-Reboot "true";', regexp: '^Unattended-Upgrade::Automatic-Reboot [^;]+;', human_readable_option: 'automatic reboots' } + - { insertafter: '//Unattended-Upgrade::Automatic-Reboot-Time ', line: 'Unattended-Upgrade::Automatic-Reboot-Time "+1";', regexp: '^Unattended-Upgrade::Automatic-Reboot-Time [^;]+;', human_readable_option: 'reboots when needed, 1 minute delay' } + - { insertafter: '//Acquire::http::Dl-Limit ', line: 'Acquire::http::Dl-Limit "0";', regexp: '^Acquire::http::Dl-Limit [^;]+;', human_readable_option: 'unlimited download speed' } + ansible.builtin.lineinfile: + path: '/etc/apt/apt.conf.d/50unattended-upgrades' + insertafter: '{{ pve_maintenance_unattended_config.insertafter }}' + line: '{{ pve_maintenance_unattended_config.line }}' + regexp: '{{ pve_maintenance_unattended_config.regexp }}' + +- name: 'If Debian configure automatic apt-get update runs' + ansible.builtin.copy: + src: 'etc/apt/apt.conf.d/20auto-upgrades' + dest: '/etc/apt/apt.conf.d/20auto-upgrades' + +- name: 'If Debian add e-mail alias for user ''root''' + ansible.builtin.lineinfile: + path: '/etc/aliases' + insertafter: 'EOF' + regexp: '^root:.*' + line: 'root: {{ e_mail_notifications_addressee }}' + notify: + - 'Ensure that a Mail Transfer Agent is running with newest config'