Initial project import

2022-10-31 09:02:42 +13:00
commit 142c70337a
12 changed files with 171 additions and 0 deletions
--- a/.yamllint
+++ b/.yamllint
@@ -0,0 +1,33 @@
+---
+# Based on ansible-lint config
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  colons:
+    max-spaces-after: -1
+    level: error
+  commas:
+    max-spaces-after: -1
+    level: error
+  comments: disable
+  comments-indentation: disable
+  document-start: disable
+  empty-lines:
+    max: 3
+    level: error
+  hyphens:
+    level: error
+  indentation: disable
+  key-duplicates: enable
+  line-length: disable
+  new-line-at-end-of-file: disable
+  new-lines:
+    type: unix
+  trailing-spaces: disable
+  truthy: disable
--- a/README.md
+++ b/README.md
@@ -0,0 +1,29 @@
+# Cron-APT - Ansible Role
+
+Install and configure of the cron-apt package for Debian based machines.
+
+## Configuring
+
+The below configuration variables are available:
+
+```yaml
+cron_apt_mailto: monitoring@somedomain.net.nz # The email to receive notifications
+cron_apt_apply_security: false # If set to true, security updates will automatically be applied
+```
+
+## Example playbook
+
+```yaml
+---
+- hosts: all
+  become: true
+  roles:
+    - name: cron-apt
+      vars:
+        cron_apt_mailto: admin@somedomain.net.nz
+        cron_apt_apply_security: true
+```
+You can of course configure variables instead at group_vars/host_vars level.  This is just here as an example.
+
+
+
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
+---
+cron_apt_mailto: monitoring@hannover.freifunk.net\
+cron_apt_apply_security: false # If set to true, security updates will automatically be applied
+
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart cron
+  service:
+    name: cron
+    state: restarted
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -0,0 +1,10 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    cron_apt_apply_security: true
+  tasks:
+    - name: "Include cron-apt"
+      include_role:
+        name: "cron-apt"
+
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,15 @@
+---
+role_name_check: 1
+dependency:
+  name: galaxy
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: docker.io/guisea/docker-ubuntu22.04-ansible
+    command: /usr/bin/systemctl
+    pre_build_image: true
+provisioner:
+  name: ansible
+verifier:
+  name: ansible
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -0,0 +1,18 @@
+---
+# This is an example playbook to execute Ansible tests.
+
+- name: Verify
+  hosts: all
+  gather_facts: false
+  tasks:
+  - name: fetch /etc/apt/sources.list
+    command: cat /etc/apt/sources.list
+    register: sources
+
+  - name: Output info
+    debug:
+      var: sources
+      
+  - name: Example assertion
+    ansible.builtin.assert:
+      that: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- name: Ensure cron-apt is installed
+  apt: 
+    name: cron-apt 
+    update_cache: yes
+  notify:
+    - Restart cron
+
+- name: Deploy config file
+  template:
+    src: config.j2
+    dest: /etc/cron-apt/config
+
+- name: Apply security updates on download
+  template:
+    src: "{{ item.src }}"
+    dest: "{{ item.dest }}"
+  with_items:
+    - src: action.5-secupdates.j2
+      dest: /etc/cron-apt/action.d/5-security-updates
+    - src: config.5-secupdates.j2
+      dest: /etc/cron-apt/config.d/5-security-updates
+  when: cron_apt_apply_security
+
+- name: Create separate file for security updates
+  shell: |
+    cat /etc/apt/sources.list | grep security \
+    | grep -v '#' \
+    > /etc/apt/sources.list.d/security.list
+  args:
+    creates: /etc/apt/sources.list.d/security.list
+  when: cron_apt_apply_security
+
+- name: Comment out security lines in /etc/apt/sources.list
+  lineinfile:
+    dest: /etc/apt/sources.list
+    regexp: '^(deb.*security.*?main.*)'
+    line: '# \1'
+    backrefs: yes
+    state: present
+  when: cron_apt_apply_security
+
+
--- a/templates/action.5-secupdates.j2
+++ b/templates/action.5-secupdates.j2
@@ -0,0 +1 @@
+upgrade -y -o APT::Get::Show-Upgraded=true
--- a/templates/config.5-secupdates.j2
+++ b/templates/config.5-secupdates.j2
@@ -0,0 +1 @@
+OPTIONS="-q -o Dir::Etc::SourceList=/etc/apt/sources.list.d/security.list -o Dir::Etc::SourceParts=\"/dev/null\""
--- a/templates/config.j2
+++ b/templates/config.j2
@@ -0,0 +1,6 @@
+# Configuration for cron-apt. For further information about the possible
+# configuration settings see /usr/share/doc/cron-apt/README.gz.
+
+# AUTOGENERATED via Ansible - DO NOT EDIT
+MAILTO="{{ cron_apt_mailto }}"
+MAILON="error"
--- a/templates/security.list.j2
+++ b/templates/security.list.j2
@@ -0,0 +1,7 @@
+{% if ansible_distribution_release == "bullseye" -%}
+deb http://security.debian.org/debian-security bullseye-security main
+deb-src http://security.debian.org/debian-security bullseye-security main
+{% else %}
+deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main
+deb-src http://security.debian.org/ {{ ansible_distribution_release }}/updates main
+{% endif %}
				`@@ -0,0 +1 @@`
				`OPTIONS="-q -o Dir::Etc::SourceList=/etc/apt/sources.list.d/security.list -o Dir::Etc::SourceParts=\"/dev/null\""`