From bcf4d6d20c38ce53ba8a3b5d47744903f1bf006e Mon Sep 17 00:00:00 2001 From: L3D Date: Fri, 30 Jul 2021 15:41:00 +0200 Subject: [PATCH 1/3] Update sources --- tasks/sources.yml | 4 ++-- vars/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tasks/sources.yml b/tasks/sources.yml index d7eea06..28fbb13 100644 --- a/tasks/sources.yml +++ b/tasks/sources.yml @@ -29,7 +29,7 @@ - name: add eth zurich apt (main non-free) become: true ansible.builtin.apt_repository: - repo: "deb-src https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main non-free" + repo: "deb https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main non-free" state: present mode: 0644 when: @@ -39,7 +39,7 @@ - name: add eth zurich apt (main contrib non-free) become: true ansible.builtin.apt_repository: - repo: "deb-src https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main contrib non-free" + repo: "deb https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main contrib non-free" state: present mode: 0644 when: diff --git a/vars/main.yml b/vars/main.yml index bc76add..99ba197 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -61,5 +61,5 @@ base__linux_packages: - bzip2 - jq -playbook_version_number: 9012 +playbook_version_number: 9013 playbook_version_path: 'base-packages_roles-ansible_github.version' From 7be2fdcd475b8b2118c0b84ae4939f056577f1fb Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 2 Aug 2021 12:18:04 +0200 Subject: [PATCH 2/3] improve ETHZ package sources --- defaults/main.yml | 1 + handlers/main.yml | 8 +++++++ tasks/sources.yml | 35 +++++++--------------------- templates/apt.sources.list.j2 | 44 +++++++++++++++++++++++++++++++++++ 4 files changed, 62 insertions(+), 26 deletions(-) create mode 100644 handlers/main.yml create mode 100644 templates/apt.sources.list.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 7caf875..dd3dbab 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,6 +9,7 @@ base__add_ethz: "{{ add_ethz }}" # add nonfree/firmware packages? base__pkg_non_free_firmware: "{{ base_pkg_non_free_firmware }}" base__pkg_contrib: "{{ base_pkg_contrib }}" +base__pkg_security: true # optionaly print some OS vars base__print_os_vars: "{{ print_os_vars }}" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..14a521a --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: apt update + become: true + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + when: + - ansible_pkg_mgr == "apt" diff --git a/tasks/sources.yml b/tasks/sources.yml index 28fbb13..f261934 100644 --- a/tasks/sources.yml +++ b/tasks/sources.yml @@ -7,7 +7,7 @@ when: - ansible_pkg_mgr == "apt" -- name: Install requirements to add packages +- name: Install requirements to add packages via https become: true ansible.builtin.apt: package: @@ -18,30 +18,13 @@ - name: add eth zurich apt (main) become: true - ansible.builtin.apt_repository: - repo: "deb https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main" - state: present + ansible.builtin.template: + src: "templates/apt.sources.list.j2" + dest: '/etc/apt/sources.list.d/debian_ethz_ch_debian.list' mode: 0644 - when: - - not base__pkg_non_free_firmware | bool - - not base__pkg_contrib | bool + group: root + owner: root + notify: apt update -- name: add eth zurich apt (main non-free) - become: true - ansible.builtin.apt_repository: - repo: "deb https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main non-free" - state: present - mode: 0644 - when: - - base__pkg_non_free_firmware | bool - - not base__pkg_contrib | bool - -- name: add eth zurich apt (main contrib non-free) - become: true - ansible.builtin.apt_repository: - repo: "deb https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main contrib non-free" - state: present - mode: 0644 - when: - - base__pkg_non_free_firmware | bool - - base__pkg_contrib | bool +- name: force all notified handlers to run at this point, not waiting for normal sync points + ansible.builtin.meta: flush_handlers diff --git a/templates/apt.sources.list.j2 b/templates/apt.sources.list.j2 new file mode 100644 index 0000000..039af60 --- /dev/null +++ b/templates/apt.sources.list.j2 @@ -0,0 +1,44 @@ +# Debian mirror der ETH Zürich +# https://debian.ethz.ch/ + +# HTTPS mirror: +deb https://debian.ethz.ch/debian {{ ansible_distribution_release }} main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n' -}} +deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }} main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n\n' -}} + +{%- if base__pkg_security | bool -%} +# Inofficial Security Mirror +deb https://security.debian.ethz.ch/ {{ ansible_distribution_release }}/updates main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n' -}} +deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n\n' -}} +{%- endif -%} + +# Contact for proplems with the mirror: +# https://readme.phys.ethz.ch/services/contact/ +# Or #isgphys on irc.phys.ethz.ch From 0b87585d818ce0adac4287a3387f6491e9f93294 Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 2 Aug 2021 12:51:56 +0200 Subject: [PATCH 3/3] Improve docs and github action cronjob --- .github/workflows/ansible-debian-stable.yml | 2 -- .github/workflows/ansible-linting-check.yml | 2 -- .github/workflows/yamllint.yaml | 2 -- README.md | 1 + vars/main.yml | 2 +- 5 files changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ansible-debian-stable.yml b/.github/workflows/ansible-debian-stable.yml index 9630036..38a456d 100644 --- a/.github/workflows/ansible-debian-stable.yml +++ b/.github/workflows/ansible-debian-stable.yml @@ -7,8 +7,6 @@ on: branches: '*' pull_request: branches: '*' - schedule: - - cron: '23 6 * */1 *' jobs: build: diff --git a/.github/workflows/ansible-linting-check.yml b/.github/workflows/ansible-linting-check.yml index 7973217..ab63487 100644 --- a/.github/workflows/ansible-linting-check.yml +++ b/.github/workflows/ansible-linting-check.yml @@ -7,8 +7,6 @@ on: branches: '*' pull_request: branches: '*' - schedule: - - cron: '42 6 * */1 *' jobs: build: diff --git a/.github/workflows/yamllint.yaml b/.github/workflows/yamllint.yaml index ddb5b89..d4ad029 100644 --- a/.github/workflows/yamllint.yaml +++ b/.github/workflows/yamllint.yaml @@ -7,8 +7,6 @@ on: branches: '*' pull_request: branches: '*' - schedule: - - cron: '23 6 * */1 *' jobs: yamllint: diff --git a/README.md b/README.md index 09ee336..b148314 100644 --- a/README.md +++ b/README.md @@ -27,6 +27,7 @@ base__add_ethz: true # add nonfree/firmware packages? base__pkg_non_free_firmware: false base__pkg_contrib: false +base__pkg_security: true # optionaly print some OS vars base__print_os_vars: false diff --git a/vars/main.yml b/vars/main.yml index 99ba197..8a306d8 100644 --- a/vars/main.yml +++ b/vars/main.yml @@ -61,5 +61,5 @@ base__linux_packages: - bzip2 - jq -playbook_version_number: 9013 +playbook_version_number: 9014 playbook_version_path: 'base-packages_roles-ansible_github.version'