From: nicoo <nicoo@realraum.at>
Date: Fri, 7 Feb 2020 12:25:19 +0000 (+0100)
Subject: base: Manage /etc/apt/sources.list
X-Git-Url: https://git.realraum.at/?p=noc.git;a=commitdiff_plain;h=cf01c15fd21cfa3c30a5059e620e75750154a279

base: Manage /etc/apt/sources.list
---

diff --git a/ansible/group_vars/all/main.yml b/ansible/group_vars/all/main.yml
index 2d6e172..43d9b42 100644
--- a/ansible/group_vars/all/main.yml
+++ b/ansible/group_vars/all/main.yml
@@ -12,3 +12,7 @@ root_password: "{{ vault_root_password }}"
 ## SSH keys for root, default to NOC's
 
 ssh_users_root: "{{ user_groups.noc }}"
+
+base_debian_mirrors:
+  - https://deb.realraum.at
+  - https://debian.ffgraz.net
diff --git a/ansible/host_vars/vex/main.yml b/ansible/host_vars/vex/main.yml
index d75df90..31b335a 100644
--- a/ansible/host_vars/vex/main.yml
+++ b/ansible/host_vars/vex/main.yml
@@ -4,3 +4,7 @@ sshd_allowusers_host:
   - www
   - www-data
   - acme
+
+base_debian_mirrors:
+  - https://debian.ffgraz.net
+  - https://deb.realraum.at
diff --git a/ansible/roles/base/tasks/02debian.yml b/ansible/roles/base/tasks/02debian.yml
index 7aef268..dbeefeb 100644
--- a/ansible/roles/base/tasks/02debian.yml
+++ b/ansible/roles/base/tasks/02debian.yml
@@ -5,6 +5,17 @@
     dest: /etc/apt/apt.conf.d/
     mode: 0644
 
+- name: Install apt-transport-https
+  apt:
+    name: apt-transport-https
+    state: present
+
+- name: Template sources.list
+  template:
+    dest: /etc/apt/sources.list
+    src: sources.list.j2
+    mode: 0644
+
 - name: install basic packages
   apt:
     name:
diff --git a/ansible/roles/base/templates/sources.list.j2 b/ansible/roles/base/templates/sources.list.j2
new file mode 100644
index 0000000..5c6b8cc
--- /dev/null
+++ b/ansible/roles/base/templates/sources.list.j2
@@ -0,0 +1,17 @@
+{% macro deb(path, suite) -%}
+{% for type in ['deb', 'deb-src'] %}
+{% for mirror in base_debian_mirrors %}
+{{ type }}	{{ mirror }}/{{ path }}	main
+{% endfor %}
+{% endfor %}
+{%- endmacro %}
+{{ ansible_managed | comment }}
+
+# Main Debian archive
+{{ deb('debian', ansible_distribution_release) }}
+
+# Security updates
+{{ deb('debian-security', ansible_distribution_release + '/updates') }}
+
+# {{ ansible_distribution_release }}-updates, previously known as 'volatile'
+{{ deb('debian', ansible_distribution_release + '-updates') }}