stuff

.gitignore

@@ -0,0 +1 @@
+vars.yaml

playbook.yml

@@ -1,5 +1,6 @@
 ---
 - hosts: all
+  vars_files: ./vars.yaml
   roles:
     - { role: packages, become: true, retries: 3, delay: 60}
     - { role: ssh, become: true}

roles/configs/files/50unattended-upgrades

@@ -0,0 +1,35 @@
+Unattended-Upgrade::Allowed-Origins {
+	"${distro_id}:${distro_codename}";
+	"${distro_id}:${distro_codename}-security";
+	"${distro_id}ESMApps:${distro_codename}-apps-security";
+	"${distro_id}ESM:${distro_codename}-infra-security";
+	"${distro_id}:${distro_codename}-updates";
+//	"${distro_id}:${distro_codename}-proposed";
+//	"${distro_id}:${distro_codename}-backports";
+};
+
+Unattended-Upgrade::Package-Blacklist {
+    // The following matches all packages starting with linux-
+
+    // Use $ to explicitely define the end of a package name. Without
+    // the $, "libc6" would match all of them.
+
+    // Special characters need escaping
+
+    // The following matches packages like xen-system-amd64, xen-utils-4.1,
+    // xenstore-utils and libxenstore3.0
+
+    // For more information about Python regular expressions, see
+    // https://docs.python.org/3/howto/regex.html
+};
+
+Unattended-Upgrade::DevRelease "auto";
+
+Unattended-Upgrade::AutoFixInterruptedDpkg "true";
+
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
+
+Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
+
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+

roles/configs/tasks/main.yml

@@ -3,18 +3,8 @@
   import_tasks: root.yml
   become: true
 
-- name: Check for OMB
+- name: bashrc
-  stat:
-    path: "{{ ansible_user_dir }}/.oh-my-bash"
-  register: omb_flag
-
-- debug:
-    msg: 'OMB is not installed, run: bash -c "$(curl -fsSL https://raw.githubusercontent.com/ohmybash/oh-my-bash/master/tools/install.sh)"'
-  when: not omb_flag.stat.exists 
-
-- name: Put simple bashrc config
   template:
     src: files/bashrc
     dest: "{{ ansible_user_dir }}/.bashrc"
-  when: not omb_flag.stat.exists
 

roles/configs/tasks/root.yml

@@ -76,4 +76,7 @@
   community.general.timezone:
     name: Europe/Moscow
 
-
+- name: Put unattended-upgrades config
+  template:
+    src: files/50unattended-upgrades
+    dest: /etc/apt/apt.conf.d/50unattended-upgrades

roles/packages/tasks/main.yml

@@ -13,7 +13,7 @@
     name: ['cloud-init', 'modemmanager', 'snapd', 'needrestart']
     state: absent
     lock_timeout: 300
-  when: ansible_facts['os_family'] == "Debian"
+  when: ansible_facts['os_family'] == "Debian" and ansible_facts['virtualization_role'] == "guest"
 
 - name: Remove orphans
   apt:
@@ -29,7 +29,7 @@
     replace: 'MODULES=dep'
   notify: 
   - Make initramfs
-  when: ansible_facts['os_family'] == "Debian"
+  when: ansible_facts['os_family'] == "Debian" and ansible_facts['virtualization_role'] == "guest"
   ignore_errors: true # TODO
 
 - name: Install CentOS epel

roles/ssh/files/auth_keys

@@ -1,2 +1,3 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3b/t76DskXtbMwVpyjpXoOKG/ezcLVGPM1l3OAU2mBon9qdt2WgLCiwSiFdbrEbWKLFP7+bEHkmcj5XWCBGpLlKQUn3GsnLqJu16ue+2qI3jHv4TTyNwN3AzERz5BQdPgat1qYTZ6UTkLdT208RDhVn7/sSx+zmdHbuX3kR9TgF43RjS2ijV5/9iaPbgnXIEL74eeJ2Fl8z+FaCWpe7Ja12R+rZKtpBGZQy4L37KlSPw8CC5vVkrmfvriSmV2J/OaaleosDqENFRVUHzzFTIt+CARMMkSKqLmFausb1I00vcL9iuh3islJIZvidfZKL20eRxauK3Q2dyH+cFu90yx knflkr@arch-llz
+{% for key in ssh_keys %}
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCkRVTyHkfuF2m061Pz0HK2hWf8ZySByDaLK23L0AJTM9xZ1tGktUOm/qtJ0vV5fgv+OPrdb3s+e2QXpSMlUcqaxyV8Q1rGx4cWnEBtmITSp6cMeKNPtAUC6HBt4rVT5grDR+N3ZmmjoiaYqFzvN6cGiSsgoRfi9BKfyz5vN/pi4EYPaQNE7UXja0NCHBSGVp6Cc+bs6XFcpCaUZ81DDcrNMKURW0nLKdHCSswvd+ep0jP1znGnvFF1uZLcFLmsWX8kpd5aUFWHk4JT8yZNhnCYhVOOTc2/O3mVKeAF+SR+2BOV03Iu6M4QHsRC8PAHRVIcnrDDr2/0rmEm8c58d8AZ7j/4P5ckZ5uBmDE6LNJ3C4JA6/tTSWNCuDgV6igCc15LVuuW/ZpSxk+/247q2boVdnumD1bXtx/lcSwb4+KEIqlXc1pIvX6hcN/aT3nuDpcWZPAZFCPUrxCVvJCET6XklycqRqJrVaCqraTWuJv9TmY8i19eZzL1Q8e9jfXDgZs= root@playground-clo
+{{key}}
+{% endfor %}