Add debian common role

2023-05-05 15:47:27 -04:00
parent b387d68eda
commit bf6bfe2809
79 changed files with 3166 additions and 0 deletions
--- a/common-debian/templates/etc/apt/apt.conf.d/10norecommends.j2
+++ b/common-debian/templates/etc/apt/apt.conf.d/10norecommends.j2
@ -0,0 +1,5 @@
+# apt configuration: disable recommends
+# {{ ansible_managed }}
+
+APT::Install-Recommends "0";
+APT::Install-Suggests "0";
--- a/common-debian/templates/etc/apt/apt.conf.d/30aptcacher.j2
+++ b/common-debian/templates/etc/apt/apt.conf.d/30aptcacher.j2
@ -0,0 +1,5 @@
+# apt configuration: enable apt-cacher-ng proxy
+# {{ ansible_managed }}
+
+Acquire::http::Proxy::debian.mirror.rafal.ca "http://{{ blsedomains_admindomain }}:3142";
+Acquire::http::Proxy::security.debian.org "http://{{ blsedomains_admindomain }}:3142";
--- a/common-debian/templates/etc/apt/apt.conf.d/50unattended-upgrades.j2
+++ b/common-debian/templates/etc/apt/apt.conf.d/50unattended-upgrades.j2
@ -0,0 +1,30 @@
+# apt configuration: unattended upgrades
+# {{ ansible_managed }}
+
+Unattended-Upgrade::Origins-Pattern {
+        "origin=Debian,codename=${distro_codename},label=Debian";
+        "origin=Debian,codename=${distro_codename},label=Debian-Security";
+};
+
+Unattended-Upgrade::Package-Blacklist {
+    # "libc6$";
+    # "libc6-dev$";
+    # "libc6-i686$";
+};
+
+# General configurations
+Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+Unattended-Upgrade::MinimalSteps "true";
+Unattended-Upgrade::InstallOnShutdown "false";
+Unattended-Upgrade::Mail "";
+Unattended-Upgrade::MailOnlyOnError "true";
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+Unattended-Upgrade::SyslogEnable "true";
+Unattended-Upgrade::SyslogFacility "daemon";
+Unattended-Upgrade::Verbose "false";
+Unattended-Upgrade::Debug "false";
+
+# Reboot configurations - do not reboot automatically
+Unattended-Upgrade::Automatic-Reboot "false";
--- a/common-debian/templates/etc/apt/preferences.d/pins.j2
+++ b/common-debian/templates/etc/apt/preferences.d/pins.j2
@ -0,0 +1,11 @@
+# apt configuration: pinning preferences
+# {{ ansible_managed }}
+
+Package: *
+Pin: release a={{ moe_release.debian_codename }}
+Pin-Priority: 999
+
+# Ensure backports are not installed by default
+Package: *
+Pin: release a={{ moe_release.debian_codename }}-backports
+Pin-Priority: -1
--- a/common-debian/templates/etc/apt/sources.list.d/source.j2
+++ b/common-debian/templates/etc/apt/sources.list.d/source.j2
@ -0,0 +1,7 @@
+# {{ item.name }} sources.list entry
+# {{ ansible_managed }}
+
+deb {% if item.gpg_url is defined and item.gpg_url -%}[signed-by=/etc/apt/trusted.gpg.d/{{ item.name }}.gpg] {% endif -%} {{ item.url }} {{ item.distribution }} {{ item.components|join(' ') }}
+{% if item.has_src %}
+deb-src {% if item.gpg_url is defined and item.gpg_url -%}[signed-by=/etc/apt/trusted.gpg.d/{{ item.name }}.gpg] {% endif -%} {{ item.url }} {{ item.distribution }} {{ item.components|join(' ') }}
+{% endif %}