From 7be2fdcd475b8b2118c0b84ae4939f056577f1fb Mon Sep 17 00:00:00 2001 From: L3D Date: Mon, 2 Aug 2021 12:18:04 +0200 Subject: [PATCH] improve ETHZ package sources --- defaults/main.yml | 1 + handlers/main.yml | 8 +++++++ tasks/sources.yml | 35 +++++++--------------------- templates/apt.sources.list.j2 | 44 +++++++++++++++++++++++++++++++++++ 4 files changed, 62 insertions(+), 26 deletions(-) create mode 100644 handlers/main.yml create mode 100644 templates/apt.sources.list.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 7caf875..dd3dbab 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -9,6 +9,7 @@ base__add_ethz: "{{ add_ethz }}" # add nonfree/firmware packages? base__pkg_non_free_firmware: "{{ base_pkg_non_free_firmware }}" base__pkg_contrib: "{{ base_pkg_contrib }}" +base__pkg_security: true # optionaly print some OS vars base__print_os_vars: "{{ print_os_vars }}" diff --git a/handlers/main.yml b/handlers/main.yml new file mode 100644 index 0000000..14a521a --- /dev/null +++ b/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: apt update + become: true + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + when: + - ansible_pkg_mgr == "apt" diff --git a/tasks/sources.yml b/tasks/sources.yml index 28fbb13..f261934 100644 --- a/tasks/sources.yml +++ b/tasks/sources.yml @@ -7,7 +7,7 @@ when: - ansible_pkg_mgr == "apt" -- name: Install requirements to add packages +- name: Install requirements to add packages via https become: true ansible.builtin.apt: package: @@ -18,30 +18,13 @@ - name: add eth zurich apt (main) become: true - ansible.builtin.apt_repository: - repo: "deb https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main" - state: present + ansible.builtin.template: + src: "templates/apt.sources.list.j2" + dest: '/etc/apt/sources.list.d/debian_ethz_ch_debian.list' mode: 0644 - when: - - not base__pkg_non_free_firmware | bool - - not base__pkg_contrib | bool + group: root + owner: root + notify: apt update -- name: add eth zurich apt (main non-free) - become: true - ansible.builtin.apt_repository: - repo: "deb https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main non-free" - state: present - mode: 0644 - when: - - base__pkg_non_free_firmware | bool - - not base__pkg_contrib | bool - -- name: add eth zurich apt (main contrib non-free) - become: true - ansible.builtin.apt_repository: - repo: "deb https://debian.ethz.ch/debian/ {{ ansible_distribution_release }} main contrib non-free" - state: present - mode: 0644 - when: - - base__pkg_non_free_firmware | bool - - base__pkg_contrib | bool +- name: force all notified handlers to run at this point, not waiting for normal sync points + ansible.builtin.meta: flush_handlers diff --git a/templates/apt.sources.list.j2 b/templates/apt.sources.list.j2 new file mode 100644 index 0000000..039af60 --- /dev/null +++ b/templates/apt.sources.list.j2 @@ -0,0 +1,44 @@ +# Debian mirror der ETH Zürich +# https://debian.ethz.ch/ + +# HTTPS mirror: +deb https://debian.ethz.ch/debian {{ ansible_distribution_release }} main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n' -}} +deb-src https://debian.ethz.ch/debian {{ ansible_distribution_release }} main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n\n' -}} + +{%- if base__pkg_security | bool -%} +# Inofficial Security Mirror +deb https://security.debian.ethz.ch/ {{ ansible_distribution_release }}/updates main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n' -}} +deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main + {%- if base__pkg_contrib | bool -%} + {{- ' contrib' -}} + {%- endif -%} + {%- if base__pkg_non_free_firmware | bool -%} + {{- ' non-free' -}} + {%- endif -%} + {{- '\n\n' -}} +{%- endif -%} + +# Contact for proplems with the mirror: +# https://readme.phys.ethz.ch/services/contact/ +# Or #isgphys on irc.phys.ethz.ch