WIP: Various cleanups #83
5 changed files with 13 additions and 14 deletions
|
@ -1,11 +1,11 @@
|
||||||
#!/usr/bin/env ansible-playbook
|
#!/usr/bin/env ansible-playbook
|
||||||
---
|
---
|
||||||
# Put a common configuration on all servers
|
|
||||||
- hosts: all,!unifi
|
- hosts: all,!unifi
|
||||||
vars:
|
vars:
|
||||||
locales_default: en_US.UTF-8
|
locales_default: en_US.UTF-8
|
||||||
locales_additional:
|
locales_additional:
|
||||||
- fr_FR.UTF-8
|
- fr_FR.UTF-8
|
||||||
|
apt_upgrade_email_address: monitoring.aurore@lists.crans.org
|
||||||
roles:
|
roles:
|
||||||
- debian_common
|
- debian_common
|
||||||
- apt_common
|
- apt_common
|
||||||
|
@ -13,3 +13,4 @@
|
||||||
- basesecurity
|
- basesecurity
|
||||||
- logrotate
|
- logrotate
|
||||||
- update_motd
|
- update_motd
|
||||||
|
...
|
||||||
|
|
|
@ -12,4 +12,8 @@
|
||||||
loop:
|
loop:
|
||||||
- 20auto-upgrades
|
- 20auto-upgrades
|
||||||
- 50unattended-upgrades
|
- 50unattended-upgrades
|
||||||
|
|
||||||
|
- name: Install debsums
|
||||||
|
apt:
|
||||||
|
name: debsums
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
// {{ ansible_managed }}
|
{{ ansible_managed | comment("c") }}
|
||||||
|
|
||||||
APT::Periodic::Update-Package-Lists "1";
|
APT::Periodic::Update-Package-Lists "1";
|
||||||
APT::Periodic::Unattended-Upgrade "1";
|
APT::Periodic::Unattended-Upgrade "1";
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
// {{ ansible_managed }}
|
{{ ansible_managed | comment("c") }}
|
||||||
|
|
||||||
Unattended-Upgrade::Origins-Pattern {
|
Unattended-Upgrade::Origins-Pattern {
|
||||||
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
"origin=Debian,codename=${distro_codename},label=Debian-Security";
|
||||||
|
@ -9,8 +9,10 @@ Unattended-Upgrade::Package-Blacklist {};
|
||||||
Unattended-Upgrade::MinimalSteps "true";
|
Unattended-Upgrade::MinimalSteps "true";
|
||||||
Unattended-Upgrade::InstallOnShutdown "false";
|
Unattended-Upgrade::InstallOnShutdown "false";
|
||||||
|
|
||||||
Unattended-Upgrade::Mail "{{ monitoring_mail }}";
|
{% if apt_upgrade_email_address | default(False) %}
|
||||||
// Unattended-Upgrade::MailOnlyOnError "false";
|
Unattended-Upgrade::Mail "{{ apt_upgrade_email_address }}";
|
||||||
|
Unattended-Upgrade::MailOnlyOnError "false";
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
Unattended-Upgrade::Remove-Unused-Kernel-Packages "false";
|
Unattended-Upgrade::Remove-Unused-Kernel-Packages "false";
|
||||||
Unattended-Upgrade::Remove-New-Unused-Dependencies "false";
|
Unattended-Upgrade::Remove-New-Unused-Dependencies "false";
|
||||||
|
|
|
@ -23,12 +23,4 @@
|
||||||
- /bin/mount # Only root should mount
|
- /bin/mount # Only root should mount
|
||||||
- /bin/umount # Only root should umount
|
- /bin/umount # Only root should umount
|
||||||
ignore_errors: true # Sometimes file won't exist
|
ignore_errors: true # Sometimes file won't exist
|
||||||
|
...
|
||||||
# See altered packages and configurations with `debsums -ca`
|
|
||||||
- name: Install debsums
|
|
||||||
apt:
|
|
||||||
name: debsums
|
|
||||||
state: present
|
|
||||||
register: apt_result
|
|
||||||
retries: 3
|
|
||||||
until: apt_result is succeeded
|
|
||||||
|
|
Loading…
Reference in a new issue