fix: Deploy repositories

This reverts commit 5b871f1c48.

README.md

@@ -1,3 +1,73 @@
-# role_modele
+# role_apt
 
-Modèle
+Rôle de configuration du gestionnaire de paquet *apt* et de déploiement/suppression de paquets.
+
+## Variables
+
+### apt_distribution_name
+
+Nom de la distribution utilisée.
+
+<span style="text-decoration: underline">Valeur par défaut:</span> `debian`
+
+### apt_distribution_release
+
+Nom de la version de la distribution utilisée.
+
+<span style="text-decoration: underline">Valeur par défaut:</span> `bullseye`
+
+### apt_distribution_sections
+
+Sections où seront chercher les paquets (exemple : `main contrib non-free`).
+
+<span style="text-decoration: underline">Valeur par défaut:</span> `main`
+
+### apt_remove
+
+Liste de paquets qui seront désinstallés.
+
+<span style="text-decoration: underline">Valeur par défaut:</span> aucune
+
+### apt_install
+
+Liste de paquets qui seront installés.
+
+<span style="text-decoration: underline">Valeur par défaut:</span> aucune
+
+## Exemple d'utilisation
+
+### inventory.yml
+
+
+```yaml
+---
+
+all:
+  hosts:
+    host1.ykn.local:
+```
+
+### group_vars/all.yml
+
+```yaml
+---
+
+apt_remove:
+  - cloud-guest-utils
+  - cloud-init
+
+apt_install:
+  - fail2ban
+  - nftables
+  - tmux
+```
+
+### playbook.yml
+
+```yaml
+---
+
+- hosts: 'all'
+  roles:
+    - name: apt
+```

defaults/main.yml

@@ -0,0 +1,25 @@
+---
+# defaults file for apt
+
+apt_distribution_name: debian
+apt_distribution_release: bookworm
+apt_distribution_sections: main
+
+apt_repositories: []
+# Exemple:
+#   - url: http://deb.debian.org/debian
+#     suites: sid
+#     components: main
+#     key_path: /usr/share/keyrings/debian-archive-keyring.gpg
+#   - url: https://pkgs.zabbly.com/incus/stable
+#     suites: bookworm
+#     components: main
+#     key_url: https://pkgs.zabbly.com/key.asc
+#     key_path: /etc/apt/keyrings/incus.asc
+
+apt_preferences: []
+
+apt_remove: []
+apt_install: []
+
+apt_full_upgrade: false

handlers/main.yml

@@ -0,0 +1,7 @@
+---
+# handlers file for apt
+
+- name: Mettre à jour le cache
+  ansible.builtin.apt:
+    update_cache: true
+  become: true

meta/main.yml

@@ -1,7 +1,7 @@
 galaxy_info:
   namespace: ykn
   author: pulsar89.5
-  description: Rôle modèle
+  description: Configurer apt et gérer les paquets communs
 
   license: GPL-3.0-or-later
 

tasks/configuration.yml

@@ -0,0 +1,35 @@
+---
+# tasks file for apt
+
+- name: Déployer la configuration du gestionnaire
+  ansible.builtin.template:
+    src: apt.conf.j2
+    dest: /etc/apt/apt.conf.d/99-custom
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  become: true
+  notify: Mettre à jour le cache
+
+- name: Nettoyer le fichier de base
+  ansible.builtin.file:
+    path: /etc/apt/sources.list
+    state: absent
+  become: true
+  notify: Mettre à jour le cache
+
+- name: Supprimer le mirroirs
+  ansible.builtin.file:
+    path: /etc/apt/mirrors
+    state: absent
+  become: true
+
+- name: Déployer la configuration des sources
+  ansible.builtin.template:
+    src: debian.sources.list.j2
+    dest: /etc/apt/sources.list.d/debian.sources
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  become: true
+  notify: Mettre à jour le cache

tasks/gestion.yml

@@ -0,0 +1,37 @@
+---
+# tasks file for apt
+
+- name: Construire la liste des paquets à désinstaller
+  ansible.builtin.set_fact:
+    apt_remove: "{{ apt_remove + specific }}"
+  when: specific | length > 0 
+  loop: "{{ lookup('ansible.builtin.varnames', '^apt_remove_.+', wantlist=True) }}"
+  vars:
+    specific: "{{ lookup('ansible.builtin.vars', item, default='') }}"
+
+- name: Désinstaller des paquets
+  ansible.builtin.apt:
+    state: absent
+    purge: true
+    autoremove: true
+    name: "{{ apt_remove }}"
+  become: true
+
+- name: Mettre à jour la distribution
+  become: true
+  ansible.builtin.apt:
+    upgrade: dist
+  when: apt_full_upgrade
+
+- name: Construire la liste des paquets à installer
+  ansible.builtin.set_fact:
+    apt_install: "{{ apt_install + specific }}"
+  when: specific | length > 0 
+  loop: "{{ lookup('ansible.builtin.varnames', '^apt_install_.+', wantlist=True) }}"
+  vars:
+    specific: "{{ lookup('ansible.builtin.vars', item, default='') }}"
+
+- name: Installer des paquets
+  ansible.builtin.apt:
+    name: "{{ apt_install }}"
+  become: true

tasks/main.yml

@@ -0,0 +1,22 @@
+---
+# tasks file for apt
+
+- name: Importer les tâches de configuration
+  ansible.builtin.import_tasks:
+    file: configuration.yml
+
+- name: Importer les tâches d'ajout de dépôts tiers
+  ansible.builtin.import_tasks:
+    file: repositories.yml
+
+- name: Importer les tâches d'ajout des préférences
+  ansible.builtin.import_tasks:
+    file: preferences.yml
+  when: apt_preferences | length > 0
+
+- name: Exécuter les handlers
+  meta: flush_handlers
+
+- name: Importer les tâches de gestion de paquets
+  ansible.builtin.import_tasks:
+    file: gestion.yml

tasks/preferences.yml

@@ -0,0 +1,24 @@
+---
+# tasks file for apt
+
+- name: Construire la liste des règles
+  ansible.builtin.set_fact:
+    nftables_rules: "{{ nftables_rules + specific }}"
+  when: specific | length > 0
+  loop: "{{ lookup('ansible.builtin.varnames', '^nftables_rules_.+', wantlist=True) }}"
+  vars:
+    specific: "{{ lookup('ansible.builtin.vars', item, default='') }}"
+
+- name: Ajouter le fichier de priorité
+  ansible.builtin.template:
+    src: preferences.j2
+    dest: /etc/apt/preferences.d/{{ item.name }}
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  when: apt_preferences | length > 0
+  loop: "{{ apt_preferences }}"
+  loop_control:
+    label: "{{ item.name }}"
+  become: true
+  notify: Mettre à jour le cache

tasks/repositories.yml

@@ -0,0 +1,35 @@
+---
+# tasks file for apt
+
+- name: Construire la liste des dépôts
+  ansible.builtin.set_fact:
+    apt_repositories: "{{ apt_repositories + specific }}"
+  when: specific | length > 0
+  loop: "{{ lookup('ansible.builtin.varnames', '^apt_repositories_.+', wantlist=True) }}"
+  vars:
+    specific: "{{ lookup('ansible.builtin.vars', item, default='') }}"
+
+- name: Télécharger la clef du dépôt
+  ansible.builtin.get_url:
+    url: "{{ item.key_url }}"
+    dest: "{{ item.key_path }}"
+    mode: u=rw,g=r,o=r
+  when: item.get('key_url', '') | length > 0
+  become: true
+  loop: "{{ apt_repositories }}"
+  loop_control:
+    label: "{{ item.name }}"
+  notify: Mettre à jour le cache
+
+- name: Ajouter le dépôt
+  ansible.builtin.template:
+    src: repository.sources.j2
+    dest: /etc/apt/sources.list.d/{{ item.name }}.sources
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  become: true
+  loop: "{{ apt_repositories }}"
+  loop_control:
+    label: "{{ item.name }}"
+  notify: Mettre à jour le cache

templates/apt.conf.j2

@@ -0,0 +1,8 @@
+# {{ ansible_managed }}
+
+APT::Install-Recommends "false";
+APT::Install-Suggests "false";
+APT::Get::Show-Versions "true";
+APT::Get::Show-Upgraded "true";
+APT::Get::Purge "true";
+APT::Get::List-Cleanup "true";

templates/debian.sources.list.j2

@@ -0,0 +1,21 @@
+# {{ ansible_managed }}
+
+{% if apt_distribution_release == "sid" %}
+Types: deb
+URIs: https://deb.debian.org/debian
+Suites: {{ apt_distribution_release }}
+Components: {{ apt_distribution_sections }}
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+{% else %}
+Types: deb
+URIs: https://deb.debian.org/debian
+Suites: {{ apt_distribution_release }} {{ apt_distribution_release }}-updates {{ apt_distribution_release }}-backports
+Components: {{ apt_distribution_sections }}
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+
+Types: deb
+URIs: http://security.debian.org/debian-security
+Suites: {{ apt_distribution_release }}-security
+Components: {{ apt_distribution_sections }}
+Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
+{% endif %}

templates/preferences.j2

@@ -0,0 +1,10 @@
+# {{ ansible_managed }}
+
+{% for item in apt_preferences %}
+Package: {{ item.package }}
+Pin: {{ item.pin }}
+Pin-Priority: {{ item.priority }}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}

templates/repository.sources.j2

@@ -0,0 +1,12 @@
+# {{ ansible_managed }}
+
+{% for item in apt_repositories %}
+Types: deb
+URIs: {{ item.url }}
+Suites: {{ item.suites }}
+Components: {{ item.components }}
+Signed-By: {{ item.key_path }}
+{% if not loop.last %}
+
+{% endif %}
+{% endfor %}