netz39-infra-ansible/group-all.yml

---
# tasks for all hosts

- hosts: all
  become: true

  vars:
    ansible_python_interpreter: /usr/bin/python3

  roles:
    - role: ansible.timezone
      vars:
        ag_timezone: "{{ timezone }}"
    - role: users

  tasks:
    - name: Update and clean package cache
      apt:
        update_cache: true
        cache_valid_time: 3600
        autoclean: true
      changed_when: false

    - name: Ensure unattended-upgrades is installed and up to date
      apt:
        name: unattended-upgrades
        state: present

    - name: Setup unattended-upgrades
      include_role:
        name: hifis.unattended_upgrades
      vars:
        unattended_origins_patterns:
          - "origin=*"
        unattended_package_blacklist: [cowsay]
        unattended_mail: "root"
        unattended_mail_only_on_error: true
        unattended_syslog_enable: true

    - name: Install some common software packages
      ansible.builtin.apt:
        state: present
        name:
          - molly-guard
          - mc
          - bsd-mailx
Move tasks for all hosts to separate file When working on !54 it became obvious playbooks could be structured better in this project. Therefor we move the tasks supposed to be run for _all_ hosts to a separate file. The main.yml file should only import other playbooks from now on, should not define tasks anymore. 2022-07-23 22:15:39 +02:00			`---`
			`# tasks for all hosts`

			`- hosts: all`
			`become: true`

			`vars:`
			`ansible_python_interpreter: /usr/bin/python3`

			`roles:`
			`- role: ansible.timezone`
:hammer: Rename ag_timezone → timezone Move from role-dependent to generic name for this variable 2022-11-07 16:35:41 +01:00			`vars:`
			`ag_timezone: "{{ timezone }}"`
:art: Call users role from roles section There is no need (special arguments, ordering) to call the role from a task. 2022-11-14 16:09:57 +01:00			`- role: users`
Move tasks for all hosts to separate file When working on !54 it became obvious playbooks could be structured better in this project. Therefor we move the tasks supposed to be run for _all_ hosts to a separate file. The main.yml file should only import other playbooks from now on, should not define tasks anymore. 2022-07-23 22:15:39 +02:00
			`tasks:`
			`- name: Update and clean package cache`
			`apt:`
			`update_cache: true`
			`cache_valid_time: 3600`
			`autoclean: true`
			`changed_when: false`

			`- name: Ensure unattended-upgrades is installed and up to date`
			`apt:`
			`name: unattended-upgrades`
			`state: present`

			`- name: Setup unattended-upgrades`
			`include_role:`
:pencil2: adress issues from PR discussion - fix typo in role name - make origin patterns for unattended upgrades less release specific 2022-09-30 22:23:44 +02:00			`name: hifis.unattended_upgrades`
Move tasks for all hosts to separate file When working on !54 it became obvious playbooks could be structured better in this project. Therefor we move the tasks supposed to be run for _all_ hosts to a separate file. The main.yml file should only import other playbooks from now on, should not define tasks anymore. 2022-07-23 22:15:39 +02:00			`vars:`
			`unattended_origins_patterns:`
:bug: Fix origin for unattended-upgrades Set origin to all, this would do the same as a manual `apt safe-upgrade`. 2022-11-22 21:26:08 +01:00			`- "origin=*"`
Move tasks for all hosts to separate file When working on !54 it became obvious playbooks could be structured better in this project. Therefor we move the tasks supposed to be run for _all_ hosts to a separate file. The main.yml file should only import other playbooks from now on, should not define tasks anymore. 2022-07-23 22:15:39 +02:00			`unattended_package_blacklist: [cowsay]`
			`unattended_mail: "root"`
:wrench: Send unattended-upgrades mail only on error Otherwise an email will be sent on every upgrade 2022-11-16 18:12:08 +01:00			`unattended_mail_only_on_error: true`
:wrench: Write unattended-upgrade actions to syslog 2022-11-16 18:23:36 +01:00			`unattended_syslog_enable: true`
Move tasks for all hosts to separate file When working on !54 it became obvious playbooks could be structured better in this project. Therefor we move the tasks supposed to be run for _all_ hosts to a separate file. The main.yml file should only import other playbooks from now on, should not define tasks anymore. 2022-07-23 22:15:39 +02:00
:sparkles: Install some common packages on all hosts These packages are helpful for administrative tasks 2022-11-14 16:08:37 +01:00			`- name: Install some common software packages`
			`ansible.builtin.apt:`
			`state: present`
			`name:`
			`- molly-guard`
			`- mc`
:wrench: Install mailx 2022-11-16 21:28:04 +01:00			`- bsd-mailx`