From 1f151c00dff097dc8a2dadb96c3a071dcdc6647e Mon Sep 17 00:00:00 2001
From: lulzette <ivan@lulzette.ru>
Date: Thu, 4 Apr 2024 09:55:51 +0300
Subject: [PATCH] stuff

---
 .gitignore                                |  1 +
 playbook.yml                              |  1 +
 roles/configs/files/50unattended-upgrades | 35 +++++++++++++++++++++++
 roles/configs/tasks/main.yml              | 12 +-------
 roles/configs/tasks/root.yml              |  5 +++-
 roles/packages/tasks/main.yml             |  4 +--
 roles/ssh/files/auth_keys                 |  5 ++--
 7 files changed, 47 insertions(+), 16 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 roles/configs/files/50unattended-upgrades

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..dd4b182
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+vars.yaml
diff --git a/playbook.yml b/playbook.yml
index bc512ee..cd6785b 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -1,5 +1,6 @@
 ---
 - hosts: all
+  vars_files: ./vars.yaml
   roles:
     - { role: packages, become: true, retries: 3, delay: 60}
     - { role: ssh, become: true}
diff --git a/roles/configs/files/50unattended-upgrades b/roles/configs/files/50unattended-upgrades
new file mode 100644
index 0000000..8c2eb8c
--- /dev/null
+++ b/roles/configs/files/50unattended-upgrades
@@ -0,0 +1,35 @@
+Unattended-Upgrade::Allowed-Origins {
+	"${distro_id}:${distro_codename}";
+	"${distro_id}:${distro_codename}-security";
+	"${distro_id}ESMApps:${distro_codename}-apps-security";
+	"${distro_id}ESM:${distro_codename}-infra-security";
+	"${distro_id}:${distro_codename}-updates";
+//	"${distro_id}:${distro_codename}-proposed";
+//	"${distro_id}:${distro_codename}-backports";
+};
+
+Unattended-Upgrade::Package-Blacklist {
+    // The following matches all packages starting with linux-
+
+    // Use $ to explicitely define the end of a package name. Without
+    // the $, "libc6" would match all of them.
+
+    // Special characters need escaping
+
+    // The following matches packages like xen-system-amd64, xen-utils-4.1,
+    // xenstore-utils and libxenstore3.0
+
+    // For more information about Python regular expressions, see
+    // https://docs.python.org/3/howto/regex.html
+};
+
+Unattended-Upgrade::DevRelease "auto";
+
+Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+
diff --git a/roles/configs/tasks/main.yml b/roles/configs/tasks/main.yml
index 9294f69..ac20546 100644
--- a/roles/configs/tasks/main.yml
+++ b/roles/configs/tasks/main.yml
@@ -3,18 +3,8 @@
   import_tasks: root.yml
   become: true
 
-- name: Check for OMB
-  stat:
-    path: "{{ ansible_user_dir }}/.oh-my-bash"
-  register: omb_flag
-
-- debug:
-    msg: 'OMB is not installed, run: bash -c "$(curl -fsSL https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh)"'
-  when: not omb_flag.stat.exists 
-
-- name: Put simple bashrc config
+- name: bashrc
   template:
     src: files/bashrc
     dest: "{{ ansible_user_dir }}/.bashrc"
-  when: not omb_flag.stat.exists
 
diff --git a/roles/configs/tasks/root.yml b/roles/configs/tasks/root.yml
index 9b36a12..7781a88 100644
--- a/roles/configs/tasks/root.yml
+++ b/roles/configs/tasks/root.yml
@@ -76,4 +76,7 @@
   community.general.timezone:
     name: Europe/Moscow
 
-
+- name: Put unattended-upgrades config
+  template:
+    src: files/50unattended-upgrades
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades
diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml
index 3c27ed6..d9c4f98 100644
--- a/roles/packages/tasks/main.yml
+++ b/roles/packages/tasks/main.yml
@@ -13,7 +13,7 @@
     name: ['cloud-init', 'modemmanager', 'snapd', 'needrestart']
     state: absent
     lock_timeout: 300
-  when: ansible_facts['os_family'] == "Debian"
+  when: ansible_facts['os_family'] == "Debian" and ansible_facts['virtualization_role'] == "guest"
 
 - name: Remove orphans
   apt:
@@ -29,7 +29,7 @@
     replace: 'MODULES=dep'
   notify: 
   - Make initramfs
-  when: ansible_facts['os_family'] == "Debian"
+  when: ansible_facts['os_family'] == "Debian" and ansible_facts['virtualization_role'] == "guest"
   ignore_errors: true # TODO
 
 - name: Install CentOS epel
diff --git a/roles/ssh/files/auth_keys b/roles/ssh/files/auth_keys
index 901fc0c..d698bb3 100644
--- a/roles/ssh/files/auth_keys
+++ b/roles/ssh/files/auth_keys
@@ -1,2 +1,3 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3b/t76DskXtbMwVpyjpXoOKG/ezcLVGPM1l3OAU2mBon9qdt2WgLCiwSiFdbrEbWKLFP7+bEHkmcj5XWCBGpLlKQUn3GsnLqJu16ue+2qI3jHv4TTyNwN3AzERz5BQdPgat1qYTZ6UTkLdT208RDhVn7/sSx+zmdHbuX3kR9TgF43RjS2ijV5/9iaPbgnXIEL74eeJ2Fl8z+FaCWpe7Ja12R+rZKtpBGZQy4L37KlSPw8CC5vVkrmfvriSmV2J/OaaleosDqENFRVUHzzFTIt+CARMMkSKqLmFausb1I00vcL9iuh3islJIZvidfZKL20eRxauK3Q2dyH+cFu90yx knflkr@arch-llz
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkRVTyHkfuF2m061Pz0HK2hWf8ZySByDaLK23L0AJTM9xZ1tGktUOm/qtJ0vV5fgv+OPrdb3s+e2QXpSMlUcqaxyV8Q1rGx4cWnEBtmITSp6cMeKNPtAUC6HBt4rVT5grDR+N3ZmmjoiaYqFzvN6cGiSsgoRfi9BKfyz5vN/pi4EYPaQNE7UXja0NCHBSGVp6Cc+bs6XFcpCaUZ81DDcrNMKURW0nLKdHCSswvd+ep0jP1znGnvFF1uZLcFLmsWX8kpd5aUFWHk4JT8yZNhnCYhVOOTc2/O3mVKeAF+SR+2BOV03Iu6M4QHsRC8PAHRVIcnrDDr2/0rmEm8c58d8AZ7j/4P5ckZ5uBmDE6LNJ3C4JA6/tTSWNCuDgV6igCc15LVuuW/ZpSxk+/247q2boVdnumD1bXtx/lcSwb4+KEIqlXc1pIvX6hcN/aT3nuDpcWZPAZFCPUrxCVvJCET6XklycqRqJrVaCqraTWuJv9TmY8i19eZzL1Q8e9jfXDgZs= root@playground-clo
+{% for key in ssh_keys %}
+{{key}}
+{% endfor %}