Stop support and use DebOps apt roles

01autoremove and 50unattended-upgrades are managed by the role but the
files provided by the package doesn't have ".conf" extension.

CHANGELOG.md

@@ -1,3 +1,23 @@
+This role is **NO LONGER SUPPORTED**, please take a look to [debops.apt][debops doc apt], [debops.apt_install][debops doc apt_install], [debops.apt_preferences][debops doc apt_preferences] and all others [DebOps apt_* roles][debops doc apt roles].
+
+## v1.1
+
+### Enhancements
+* Add Stretch-Security repository.
+* Update README.md with example.
+* Rename apt_old_* to apt_unwanted_* vars.
+* Fix tasks name.
+* Add possibility to define APT preferences for Proxmox reposity.
+
+## v1.0.2
+
+### Fix
+* Purge sources.list default file after setting up all new repositories…
+
+## v1.0.1
+
+### Fix
+* Ensure to update cache before install unattended-upgrades.
 
 ## v1.0
 

README.md

@@ -1,5 +1,7 @@
 # Apt
 
+This role is **NO LONGER SUPPORTED**, please take a look to [debops.apt][debops doc apt], [debops.apt_install][debops doc apt_install], [debops.apt_preferences][debops doc apt_preferences] and all others [DebOps apt_* roles][debops doc apt roles].
+
 1. [Overview](#overview)
 2. [Role Variables](#role-variables)
 3. [Example Playbook](#example-playbook)
@@ -31,9 +33,9 @@ Manage APT repos, preferences and configuration for IPR's servers.
 * **apt_tools_list** : The list of additionnals tools to install [default [see below](#tools)].
 * **apt_tools_state** : State of new tools [default : `installed`].
 * **apt_tools_manage** : If those tools should be managed by the role [default : `true`].
-* **apt_old_pkg_list** : The list of totally useless packages for a production server [default [see below](#tools)].
+* **apt_unwanted_pkg_list** : The list of totally useless packages for a production server [default [see below](#tools)].
-* **apt_old_pkg_state** : State of old packages [default : `absent`].
+* **apt_unwanted_pkg_state** : State of old packages [default : `absent`].
-* **apt_old_pkg_manage** : If those old packages should be managed by the role [default : `true`].
+* **apt_unwanted_pkg_manage** : If those old packages should be managed by the role [default : `true`].
 * **apt_unattended_upgrades** : If `unattended-upgrades` should be managed by the role [default : `yes`].
 * **apt_unattended_upgrades_blacklist** : List of packages to not update (regexp are supported) [default : `[]`].
 
@@ -47,6 +49,15 @@ Manage APT repos, preferences and configuration for IPR's servers.
     - role: ipr-cnrs.apt
 ```
 
+* For a system with an X session, you may let the old packages unmanaged :
+
+``` yml
+- hosts: serverXYZ
+  roles:
+    - role: ipr-cnrs.apt
+      apt_unwanted_pkg_manage: false
+```
+
 ## Configuration
 
 ### APT Configuration
@@ -59,8 +70,8 @@ Manage APT repos, preferences and configuration for IPR's servers.
 
 ### Sources List
 Manage Debian's sources.list :
+* Add Stretch repositories (main, security and backports).
 * Remove the default `/etc/apt/sources.list` file.
-* Add Stretch repositories.
 * Update Apt if any repositories modifications.
 
 ### Preferences
@@ -99,3 +110,7 @@ Jérémy Gardais
 [apt github]: https://github.com/ipr-cnrs/apt
 [wtfpl website]: http://www.wtfpl.net/about/
 [ipr website]: https://ipr.univ-rennes1.fr/
+[debops doc apt_install]: https://docs.debops.org/en/master/ansible/roles/debops.apt_install/index.html
+[debops doc apt]: https://docs.debops.org/en/master/ansible/roles/debops.apt/index.html
+[debops doc apt_preferences]: https://docs.debops.org/en/master/ansible/roles/debops.apt_preferences/index.html
+[debops doc apt roles]: https://docs.debops.org/en/master/search.html?q=debops.apt_&check_keywords=yes

defaults/main.yml

@@ -7,9 +7,11 @@ apt_conf_download_upgradeable_pkg: 1
 apt_conf_auto_clean_interval: 0
 apt_conf_purge_list:
   - 00trustcdrom
+  - 01autoremove
   - 15hobbit-plugins-update-stamp
   - 20auto-upgrades
   - 20listchanges
+  - 50unattended-upgrades
   - 70debconf
 apt_conf_purge_manage: true
 
@@ -28,12 +30,17 @@ apt_tools_list:
   - aptitude
 apt_tools_state: 'installed'
 apt_tools_manage: true
-apt_old_pkg_list:
+apt_unwanted_pkg_list:
   - laptop-detect
   - tasksel
-apt_old_pkg_state: 'absent'
+apt_unwanted_pkg_state: 'absent'
-apt_old_pkg_manage: true
+apt_unwanted_pkg_manage: true
 
 # unattended-upgrades
 apt_unattended_upgrades: yes
 apt_unattended_upgrades_blacklist: []
+
+# proxmox
+apt_proxmox_manage: false
+apt_proxmox_pref_path: '/etc/apt/preferences.d/proxmox.pref'
+apt_proxmox_pref_tpl: 'etc/apt/preferences.d/proxmox.pref.j2'

tasks/packages.yml

@@ -14,12 +14,13 @@
   apt:
     pkg: "unattended-upgrades"
     state: "{{ 'latest' if apt_unattended_upgrades else 'absent' }}"
+    update_cache: yes
   when: apt_unattended_upgrades
 
 - name: INSTALL purge useless packages
   apt:
     name: '{{ item }}'
-    state: '{{ apt_old_pkg_state }}'
+    state: '{{ apt_unwanted_pkg_state }}'
   with_items:
-    - '{{ apt_old_pkg_list }}'
+    - '{{ apt_unwanted_pkg_list }}'
-  when: apt_old_pkg_manage
+  when: apt_unwanted_pkg_manage

tasks/preferences.yml

@@ -2,7 +2,14 @@
 # task file for preferences
 
 # Default preferences file
-- name: CONFIG default preferences
+- name: PREF default preferences file
   template:
     src: '{{ apt_default_pref_tpl }}'
     dest: '{{ apt_default_pref_path }}'
+
+# Proxmox preferences file
+- name: PREF Proxmox preferences file
+  template:
+    src: '{{ apt_proxmox_pref_tpl }}'
+    dest: '{{ apt_proxmox_pref_path }}'
+  when: apt_proxmox_manage

tasks/repositories.yml

@@ -2,16 +2,8 @@
 # tasks file for repositories
 
 # Sources list
-## Purge sources.list file
-- name: CONFIG remove sources.list file
-  file:
-    path: /etc/apt/sources.list
-    state: absent
-  notify: aptitude update
-  when: apt_purge_src_list_file
-
 ## Stretch {{{
-- name: CONFIG stretch official sources.list
+- name: REPOS stretch official sources.list
   apt_repository:
     repo: "{{ item }} http://httpredir.debian.org/debian/ stretch main contrib non-free"
     filename: stretch
@@ -22,7 +14,18 @@
   notify: aptitude update
   when: apt_src_list_manage and apt_stretch_manage
 
-- name: CONFIG stretch backports sources.list
+- name: REPOS stretch security sources.list
+  apt_repository:
+    repo: "{{ item }} http://httpredir.debian.org/debian-security/ stretch/updates main contrib non-free"
+    filename: stretch.security
+    update_cache: no
+  with_items:
+    - deb
+    - deb-src
+  notify: aptitude update
+  when: apt_src_list_manage and apt_stretch_manage
+
+- name: REPOS stretch backports sources.list
   apt_repository:
     repo: "deb http://httpredir.debian.org/debian/ stretch-{{ item }} main contrib non-free"
     filename: stretch.bpo
@@ -32,3 +35,11 @@
   notify: aptitude update
   when: apt_src_list_manage and apt_stretch_manage
 # }}}
+
+## Purge sources.list file
+- name: REPOS remove sources.list file
+  file:
+    path: /etc/apt/sources.list
+    state: absent
+  notify: aptitude update
+  when: apt_purge_src_list_file

templates/etc/apt/preferences.d/default.pref.j2

@@ -1,12 +1,17 @@
 # {{ ansible_managed }}
 
 {% if apt_stretch_manage %}
+Explanation: Packages from Stretch Security (Stable)
+Package: *
+Pin: release o=Debian,a=stable,n=stretch,l=Debian-Security
+Pin-Priority: 520
+
 Explanation: Packages from Stretch (Stable)
 Package: *
 Pin: release o=Debian,a=stable,n=stretch,l=Debian
 Pin-Priority: 510
 
-Explanation: Packages from Stretch (Stable)
+Explanation: Packages from Stretch Backports (Stable)
 Package: *
 Pin: release o=Debian Backports,a=stretch-backports,n=stretch-backports,l=Debian Backports
 Pin-Priority: 500

templates/etc/apt/preferences.d/proxmox.pref.j2

@@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+Explanation: Packages from Proxmox VE
+Package: *
+Pin: release o=Proxmox,a=stable,n=stretch,l=Proxmox Debian repository
+Pin-Priority: 530
+