From 0c9068b0a531d9e812db8b8977caeded97dff7a5 Mon Sep 17 00:00:00 2001 From: L3D Date: Wed, 1 Sep 2021 00:12:03 +0200 Subject: [PATCH 1/2] Support debian bullseye and improve debian packages repo --- README.md | 9 ++++-- defaults/main.yml | 25 ++++++---------- tasks/sources.yml | 14 ++++++++- templates/apt.sources.list.j2 | 24 +++++++++++++-- templates/apt.sources.list_legacy.j2 | 44 ++++++++++++++++++++++++++++ vars/main.yml | 2 +- 6 files changed, 96 insertions(+), 22 deletions(-) create mode 100644 templates/apt.sources.list_legacy.j2 diff --git a/README.md b/README.md index b148314..f09655e 100644 --- a/README.md +++ b/README.md @@ -25,10 +25,15 @@ base__extra_packages: [] base__add_ethz: true # add nonfree/firmware packages? -base__pkg_non_free_firmware: false -base__pkg_contrib: false +base__pkg_non_free_firmware: true +base__pkg_contrib: true + +# add security repo base__pkg_security: true +# add Debian Volatile +base__pkg_updates: true + # optionaly print some OS vars base__print_os_vars: false diff --git a/defaults/main.yml b/defaults/main.yml index dd3dbab..f5183e5 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -5,12 +5,17 @@ base__extra_packages: [] # - bar # should we add additional package source? -base__add_ethz: "{{ add_ethz }}" +base__add_ethz: true # add nonfree/firmware packages? -base__pkg_non_free_firmware: "{{ base_pkg_non_free_firmware }}" -base__pkg_contrib: "{{ base_pkg_contrib }}" +base__pkg_non_free_firmware: true +base__pkg_contrib: true + +# add security repo base__pkg_security: true +# add Debian Volatile +base__pkg_updates: true + # optionaly print some OS vars base__print_os_vars: "{{ print_os_vars }}" @@ -25,7 +30,7 @@ base__upgrade_packages_to_latest_version: "{{ upgrade_packages_to_latest_version base__install_keychain: true # install vim as awesome command line editor -base__install_vim: "{{ editor_is_vim }}" +base__install_vim: true # directlink to keychain becaus RHEL do not provide it... _base__keychain_rpm: 'http://packages.psychotic.ninja/7/base/x86_64/RPMS//keychain-2.8.0-3.el7.psychotic.noarch.rpm' @@ -34,25 +39,13 @@ _base__keychain_rpm: 'http://packages.psychotic.ninja/7/base/x86_64/RPMS//keycha # LEGACY VARS # ++ WILL BE REMOVED SOON ++ # add eth zurich apt source -add_ethz: true - # do we want the latest package version or just upgrade manually? upgrade_packages_to_latest_version: false - -# we use vim! -editor_is_vim: true - # print os variables print_os_vars: false -# do we want non-free firmware from eth zuerich? -base_pkg_non_free_firmware: false - -# do we want contrib from eth zuerich? -base_pkg_contrib: false - # mailx for debian (recomended for unattended_upgrades role base__install_mailx: true diff --git a/tasks/sources.yml b/tasks/sources.yml index f261934..2845825 100644 --- a/tasks/sources.yml +++ b/tasks/sources.yml @@ -16,7 +16,7 @@ - apt-transport-https state: present -- name: add eth zurich apt (main) +- name: add eth zurich apt for Debian > 10 become: true ansible.builtin.template: src: "templates/apt.sources.list.j2" @@ -25,6 +25,18 @@ group: root owner: root notify: apt update + when: ansible_distribution_major_version < '11' + +- name: add eth zurich apt for Debian < 11 + become: true + ansible.builtin.template: + src: "templates/apt.sources.list_legacy.j2" + dest: '/etc/apt/sources.list.d/debian_ethz_ch_debian.list' + mode: 0644 + group: root + owner: root + notify: apt update + when: ansible_distribution_major_version < '11' - name: force all notified handlers to run at this point, not waiting for normal sync points ansible.builtin.meta: flush_handlers diff --git a/templates/apt.sources.list.j2 b/templates/apt.sources.list.j2 index 039af60..cf336b1 100644 --- a/templates/apt.sources.list.j2 +++ b/templates/apt.sources.list.j2 @@ -1,5 +1,6 @@ # Debian mirror der ETH Zürich # https://debian.ethz.ch/ +# https://wiki.debianforum.de/Sources.list # HTTPS mirror: deb https://debian.ethz.ch/debian {{ ansible_distribution_release }} main @@ -21,7 +22,7 @@ deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }} main {%- if base__pkg_security | bool -%} # Inofficial Security Mirror -deb https://security.debian.ethz.ch/ {{ ansible_distribution_release }}/updates main +deb https://security.debian.ethz.ch/ {{ ansible_distribution_release }}-security main {%- if base__pkg_contrib | bool -%} {{- ' contrib' -}} {%- endif -%} @@ -29,7 +30,26 @@ deb https://security.debian.ethz.ch/ {{ ansible_distribution_release }}/updates {{- ' non-free' -}} {%- endif -%} {{- '\n' -}} -deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main +deb-src https://security.debian.ethz.ch/ {{ ansible_distribution_release }}-security main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n\n' -}} +{%- endif -%} + +{%- if base__pkg_updates -%} +deb http://deb.debian.org/debian stable-updates main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n' -}} +deb-src http://deb.debian.org/debian {{ ansible_distribution_release }}-updates main {%- if base__pkg_contrib | bool -%} {{- ' contrib' -}} {%- endif -%} diff --git a/templates/apt.sources.list_legacy.j2 b/templates/apt.sources.list_legacy.j2 new file mode 100644 index 0000000..039af60 --- /dev/null +++ b/templates/apt.sources.list_legacy.j2 @@ -0,0 +1,44 @@ +# Debian mirror der ETH Zürich +# https://debian.ethz.ch/ + +# HTTPS mirror: +deb https://debian.ethz.ch/debian {{ ansible_distribution_release }} main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n' -}} +deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }} main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n\n' -}} + +{%- if base__pkg_security | bool -%} +# Inofficial Security Mirror +deb https://security.debian.ethz.ch/ {{ ansible_distribution_release }}/updates main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n' -}} +deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n\n' -}} +{%- endif -%} + +# Contact for proplems with the mirror: +# https://readme.phys.ethz.ch/services/contact/ +# Or #isgphys on irc.phys.ethz.ch diff --git a/vars/main.yml b/vars/main.yml index 8a306d8..29bf3a3 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -61,5 +61,5 @@ base__linux_packages: - bzip2 - jq -playbook_version_number: 9014 +playbook_version_number: 9015 playbook_version_path: 'base-packages_roles-ansible_github.version' From e1e343faedfbeefef519a912d6de037b9a0273a0 Mon Sep 17 00:00:00 2001 From: L3D Date: Wed, 1 Sep 2021 02:50:17 +0200 Subject: [PATCH 2/2] improve bullseye integration --- tasks/editor.yml | 4 ++-- tasks/sources.yml | 2 +- templates/apt.sources.list.j2 | 4 ++-- templates/apt.sources.list_legacy.j2 | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tasks/editor.yml b/tasks/editor.yml index f62c3e6..d0e6eb7 100644 --- a/tasks/editor.yml +++ b/tasks/editor.yml @@ -5,7 +5,7 @@ name: editor path: /usr/bin/vim.basic when: - - editor_is_vim | bool + - base__install_vim | bool - ansible_distribution != 'CentOS' - ansible_distribution != 'RedHat' - ansible_distribution != 'Archlinux' @@ -17,7 +17,7 @@ name: editor path: /usr/bin/vim when: - - editor_is_vim | bool + - base__install_vim | bool - ansible_distribution == 'CentOS' - ansible_distribution == 'RedHat' - ansible_distribution == 'Archlinux' diff --git a/tasks/sources.yml b/tasks/sources.yml index 2845825..65a05f5 100644 --- a/tasks/sources.yml +++ b/tasks/sources.yml @@ -25,7 +25,7 @@ group: root owner: root notify: apt update - when: ansible_distribution_major_version < '11' + when: ansible_distribution_major_version > '10' - name: add eth zurich apt for Debian < 11 become: true diff --git a/templates/apt.sources.list.j2 b/templates/apt.sources.list.j2 index cf336b1..68f2ba9 100644 --- a/templates/apt.sources.list.j2 +++ b/templates/apt.sources.list.j2 @@ -41,7 +41,7 @@ deb-src https://security.debian.ethz.ch/ {{ ansible_distribution_release }}-secu {%- endif -%} {%- if base__pkg_updates -%} -deb http://deb.debian.org/debian stable-updates main +deb https://debian.ethz.ch/debian stable-updates main {%- if base__pkg_contrib | bool -%} {{- ' contrib' -}} {%- endif -%} @@ -49,7 +49,7 @@ deb http://deb.debian.org/debian stable-updates main {{- ' non-free' -}} {%- endif -%} {{- '\n' -}} -deb-src http://deb.debian.org/debian {{ ansible_distribution_release }}-updates main +deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }}-updates main {%- if base__pkg_contrib | bool -%} {{- ' contrib' -}} {%- endif -%} diff --git a/templates/apt.sources.list_legacy.j2 b/templates/apt.sources.list_legacy.j2 index 039af60..a26f436 100644 --- a/templates/apt.sources.list_legacy.j2 +++ b/templates/apt.sources.list_legacy.j2 @@ -29,7 +29,7 @@ deb https://security.debian.ethz.ch/ {{ ansible_distribution_release }}/updates {{- ' non-free' -}} {%- endif -%} {{- '\n' -}} -deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main +deb-src https://security.debian.ethz.ch/ {{ ansible_distribution_release }}/updates main {%- if base__pkg_contrib | bool -%} {{- ' contrib' -}} {%- endif -%}