WIP: Various cleanups #83

Draft
jeltz wants to merge 9 commits from cleanup_no_ldap_for_servers into master
5 changed files with 13 additions and 14 deletions
Showing only changes of commit f596071f49 - Show all commits

View file

@ -1,11 +1,11 @@
#!/usr/bin/env ansible-playbook
---
# Put a common configuration on all servers
- hosts: all,!unifi
vars:
locales_default: en_US.UTF-8
locales_additional:
- fr_FR.UTF-8
apt_upgrade_email_address: monitoring.aurore@lists.crans.org
roles:
- debian_common
- apt_common
@ -13,3 +13,4 @@
- basesecurity
- logrotate
- update_motd
...

View file

@ -12,4 +12,8 @@
loop:
- 20auto-upgrades
- 50unattended-upgrades
- name: Install debsums
apt:
name: debsums
...

View file

@ -1,4 +1,4 @@
// {{ ansible_managed }}
{{ ansible_managed | comment("c") }}
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

View file

@ -1,4 +1,4 @@
// {{ ansible_managed }}
{{ ansible_managed | comment("c") }}
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
@ -9,8 +9,10 @@ Unattended-Upgrade::Package-Blacklist {};
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::InstallOnShutdown "false";
Unattended-Upgrade::Mail "{{ monitoring_mail }}";
// Unattended-Upgrade::MailOnlyOnError "false";
{% if apt_upgrade_email_address | default(False) %}
Unattended-Upgrade::Mail "{{ apt_upgrade_email_address }}";
Unattended-Upgrade::MailOnlyOnError "false";
{% endif %}
Unattended-Upgrade::Remove-Unused-Kernel-Packages "false";
Unattended-Upgrade::Remove-New-Unused-Dependencies "false";

View file

@ -23,12 +23,4 @@
- /bin/mount # Only root should mount
- /bin/umount # Only root should umount
ignore_errors: true # Sometimes file won't exist
# See altered packages and configurations with `debsums -ca`
- name: Install debsums
apt:
name: debsums
state: present
register: apt_result
retries: 3
until: apt_result is succeeded
...