chore: add base role
This commit is contained in:
26
roles/base/defaults/main.yml
Normal file
26
roles/base/defaults/main.yml
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
install_packages: # Add addition packages here
|
||||
- rsyslog
|
||||
- htop
|
||||
- vim-nox
|
||||
- git
|
||||
- zsh
|
||||
- curl
|
||||
- wget
|
||||
- apt-transport-https
|
||||
- ca-certificates
|
||||
- gnupg2
|
||||
- python3
|
||||
- python3-pip
|
||||
- nfs-common
|
||||
- cron
|
||||
- jq
|
||||
- sudo
|
||||
- logwatch
|
||||
- sendemail
|
||||
- libio-socket-ssl-perl
|
||||
- libnet-ssleay-perl
|
||||
- iptables-persistent
|
||||
- rclone
|
||||
- parted
|
||||
- open-iscsi
|
||||
26
roles/base/tasks/bookworm_to_trixie.yml
Normal file
26
roles/base/tasks/bookworm_to_trixie.yml
Normal file
@@ -0,0 +1,26 @@
|
||||
---
|
||||
- name: Replace sources.list entries for Trixie
|
||||
lineinfile:
|
||||
path: /etc/apt/sources.list
|
||||
regexp: "^deb "
|
||||
line: "deb https://deb.debian.org/debian trixie main"
|
||||
become: yes
|
||||
|
||||
- name: Update cache for Trixie
|
||||
apt:
|
||||
update_cache: yes
|
||||
force_apt_get: yes
|
||||
|
||||
- name: Dist-upgrade to Trixie
|
||||
apt:
|
||||
upgrade: dist
|
||||
force_apt_get: yes
|
||||
register: trixie_upgrade
|
||||
|
||||
- name: Reboot after Trixie upgrade
|
||||
reboot:
|
||||
reboot_timeout: 600
|
||||
test_command: whoami
|
||||
when:
|
||||
- ansible_virtualization_type != "lxc"
|
||||
- trixie_upgrade.changed
|
||||
17
roles/base/tasks/main.yml
Normal file
17
roles/base/tasks/main.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
# Gather initial facts
|
||||
- name: Gather facts
|
||||
ansible.builtin.setup:
|
||||
|
||||
# Update system and install packages
|
||||
- import_tasks: system_update.yml
|
||||
|
||||
# Upgrade Bookworm -> Trixie if applicable
|
||||
- import_tasks: bookworm_to_trixie.yml
|
||||
when: ansible_distribution_release == "bookworm"
|
||||
|
||||
# Move to Trixie sources.list.d layout
|
||||
- import_tasks: sources_list.yml
|
||||
|
||||
# Remove EXTERNALLY-MANAGED files
|
||||
- import_tasks: python_cleanup.yml
|
||||
17
roles/base/tasks/python_cleanup.yml
Normal file
17
roles/base/tasks/python_cleanup.yml
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: Find all EXTERNALLY-MANAGED files under /usr/lib/python*
|
||||
find:
|
||||
paths: /usr/lib
|
||||
patterns: "EXTERNALLY-MANAGED"
|
||||
file_type: file
|
||||
recurse: yes
|
||||
register: externally_managed_files
|
||||
become: yes
|
||||
|
||||
- name: Delete EXTERNALLY-MANAGED files
|
||||
file:
|
||||
path: "{{ item.path }}"
|
||||
state: absent
|
||||
loop: "{{ externally_managed_files.files }}"
|
||||
when: externally_managed_files.matched > 0
|
||||
become: yes
|
||||
42
roles/base/tasks/sources_list.yml
Normal file
42
roles/base/tasks/sources_list.yml
Normal file
@@ -0,0 +1,42 @@
|
||||
---
|
||||
- name: Remove old sources.list and sources.list.d
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- /etc/apt/sources.list
|
||||
- /etc/apt/sources.list.d
|
||||
become: yes
|
||||
|
||||
- name: Ensure sources.list.d directory exists
|
||||
file:
|
||||
path: /etc/apt/sources.list.d
|
||||
state: directory
|
||||
mode: 0755
|
||||
become: yes
|
||||
|
||||
- name: Create Trixie sources.list.d
|
||||
copy:
|
||||
dest: /etc/apt/sources.list.d/debian.sources
|
||||
content: |
|
||||
Types: deb deb-src
|
||||
URIs: https://deb.debian.org/debian
|
||||
Suites: trixie trixie-updates trixie-backports
|
||||
Components: main
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
|
||||
Types: deb deb-src
|
||||
URIs: https://deb.debian.org/debian-security
|
||||
Suites: trixie-security
|
||||
Components: main
|
||||
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
|
||||
owner: root
|
||||
group: root
|
||||
mode: 0644
|
||||
become: yes
|
||||
|
||||
- name: Update APT cache after sources.list.d
|
||||
apt:
|
||||
update_cache: yes
|
||||
force_apt_get: yes
|
||||
become: yes
|
||||
48
roles/base/tasks/system_update.yml
Normal file
48
roles/base/tasks/system_update.yml
Normal file
@@ -0,0 +1,48 @@
|
||||
---
|
||||
- name: Ensure debian-archive-keyring is installed
|
||||
apt:
|
||||
name: debian-archive-keyring
|
||||
state: present
|
||||
update_cache: yes
|
||||
become: yes
|
||||
|
||||
- name: Update APT cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
force_apt_get: yes
|
||||
when: ansible_distribution in ['Debian', 'Ubuntu']
|
||||
|
||||
- name: Upgrade all packages to latest
|
||||
apt:
|
||||
name: "*"
|
||||
state: latest
|
||||
force_apt_get: yes
|
||||
when: ansible_distribution in ['Debian', 'Ubuntu']
|
||||
register: upgrade_result
|
||||
|
||||
- name: Dist-upgrade packages
|
||||
apt:
|
||||
upgrade: dist
|
||||
force_apt_get: yes
|
||||
when: ansible_distribution in ['Debian', 'Ubuntu']
|
||||
register: dist_upgrade_result
|
||||
|
||||
- name: Install required packages
|
||||
apt:
|
||||
name: "{{ install_packages }}"
|
||||
state: present
|
||||
become: yes
|
||||
when: ansible_distribution in ['Debian', 'Ubuntu']
|
||||
register: install_result
|
||||
|
||||
- name: Reboot if required after updates
|
||||
reboot:
|
||||
reboot_timeout: 600
|
||||
test_command: whoami
|
||||
when:
|
||||
- upgrade_result.changed or dist_upgrade_result.changed or install_result.changed
|
||||
- ansible_virtualization_type != "lxc"
|
||||
become: yes
|
||||
|
||||
- name: Gather facts after reboot
|
||||
setup:
|
||||
Reference in New Issue
Block a user