Initial project import

2022-10-31 09:02:42 +13:00
commit 142c70337a
12 changed files with 171 additions and 0 deletions
--- a/.yamllint
+++ b/.yamllint
@@ -0,0 +1,33 @@
 ---
 # Based on ansible-lint config
 extends: default
 rules:
  braces:
    max-spaces-inside: 1
    level: error
  brackets:
    max-spaces-inside: 1
    level: error
  colons:
    max-spaces-after: -1
    level: error
  commas:
    max-spaces-after: -1
    level: error
  comments: disable
  comments-indentation: disable
  document-start: disable
  empty-lines:
    max: 3
    level: error
  hyphens:
    level: error
  indentation: disable
  key-duplicates: enable
  line-length: disable
  new-line-at-end-of-file: disable
  new-lines:
    type: unix
  trailing-spaces: disable
  truthy: disable
--- a/README.md
+++ b/README.md
@@ -0,0 +1,29 @@
 # Cron-APT - Ansible Role
 Install and configure of the cron-apt package for Debian based machines.
 ## Configuring
 The below configuration variables are available:
 ```yaml
 cron_apt_mailto: monitoring@somedomain.net.nz # The email to receive notifications
 cron_apt_apply_security: false # If set to true, security updates will automatically be applied
 ```
 ## Example playbook
 ```yaml
 ---
 - hosts: all
  become: true
  roles:
    - name: cron-apt
      vars:
        cron_apt_mailto: admin@somedomain.net.nz
        cron_apt_apply_security: true
 ```
 You can of course configure variables instead at group_vars/host_vars level.  This is just here as an example.
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -0,0 +1,4 @@
 ---
 cron_apt_mailto: monitoring@hannover.freifunk.net\
 cron_apt_apply_security: false # If set to true, security updates will automatically be applied
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -0,0 +1,4 @@
 - name: Restart cron
  service:
    name: cron
    state: restarted
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -0,0 +1,10 @@
 ---
 - name: Converge
  hosts: all
  vars:
    cron_apt_apply_security: true
  tasks:
    - name: "Include cron-apt"
      include_role:
        name: "cron-apt"
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -0,0 +1,15 @@
 ---
 role_name_check: 1
 dependency:
  name: galaxy
 driver:
  name: docker
 platforms:
  - name: instance
    image: docker.io/guisea/docker-ubuntu22.04-ansible
    command: /usr/bin/systemctl
    pre_build_image: true
 provisioner:
  name: ansible
 verifier:
  name: ansible
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -0,0 +1,18 @@
 ---
 # This is an example playbook to execute Ansible tests.
 - name: Verify
  hosts: all
  gather_facts: false
  tasks:
  - name: fetch /etc/apt/sources.list
    command: cat /etc/apt/sources.list
    register: sources
  - name: Output info
    debug:
      var: sources
  - name: Example assertion
    ansible.builtin.assert:
      that: true
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -0,0 +1,43 @@
 ---
 - name: Ensure cron-apt is installed
  apt: 
    name: cron-apt 
    update_cache: yes
  notify:
    - Restart cron
 - name: Deploy config file
  template:
    src: config.j2
    dest: /etc/cron-apt/config
 - name: Apply security updates on download
  template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
  with_items:
    - src: action.5-secupdates.j2
      dest: /etc/cron-apt/action.d/5-security-updates
    - src: config.5-secupdates.j2
      dest: /etc/cron-apt/config.d/5-security-updates
  when: cron_apt_apply_security
 - name: Create separate file for security updates
  shell: |
    cat /etc/apt/sources.list | grep security \
    | grep -v '#' \
    > /etc/apt/sources.list.d/security.list
  args:
    creates: /etc/apt/sources.list.d/security.list
  when: cron_apt_apply_security
 - name: Comment out security lines in /etc/apt/sources.list
  lineinfile:
    dest: /etc/apt/sources.list
    regexp: '^(deb.*security.*?main.*)'
    line: '# \1'
    backrefs: yes
    state: present
  when: cron_apt_apply_security
--- a/templates/action.5-secupdates.j2
+++ b/templates/action.5-secupdates.j2
@@ -0,0 +1 @@
 upgrade -y -o APT::Get::Show-Upgraded=true
--- a/templates/config.5-secupdates.j2
+++ b/templates/config.5-secupdates.j2
@@ -0,0 +1 @@
 OPTIONS="-q -o Dir::Etc::SourceList=/etc/apt/sources.list.d/security.list -o Dir::Etc::SourceParts=\"/dev/null\""
--- a/templates/config.j2
+++ b/templates/config.j2
@@ -0,0 +1,6 @@
 # Configuration for cron-apt. For further information about the possible
 # configuration settings see /usr/share/doc/cron-apt/README.gz.
 # AUTOGENERATED via Ansible - DO NOT EDIT
 MAILTO="{{ cron_apt_mailto }}"
 MAILON="error"
--- a/templates/security.list.j2
+++ b/templates/security.list.j2
@@ -0,0 +1,7 @@
 {% if ansible_distribution_release == "bullseye" -%}
 deb http://security.debian.org/debian-security bullseye-security main
 deb-src http://security.debian.org/debian-security bullseye-security main
 {% else %}
 deb http://security.debian.org/ {{ ansible_distribution_release }}/updates main
 deb-src http://security.debian.org/ {{ ansible_distribution_release }}/updates main
 {% endif %}
		`@@ -0,0 +1 @@`
							`OPTIONS="-q -o Dir::Etc::SourceList=/etc/apt/sources.list.d/security.list -o Dir::Etc::SourceParts=\"/dev/null\""`