From f3eb2a8b864cc0c546a16ecc3e1186933250879a Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Sun, 10 Jan 2021 16:58:43 +0100
Subject: [PATCH 1/4] [apt] Cleans the role

---
 group_vars/all/vars.yaml                      |  1 +
 group_vars/baie.yml                           |  4 ++
 group_vars/crans_server/vars.yml              |  7 ----
 group_vars/keepalived.yml                     | 27 +++++++-----
 group_vars/server/apt.yml                     | 18 ++++++++
 group_vars/virtu.yml                          |  3 ++
 host_vars/bigbluebutton.adm.crans.org.yml     | 15 +++++++
 host_vars/fluxx.adm.crans.org.yml             |  9 ++++
 host_vars/monitoring.adm.crans.org.yml        | 10 +++++
 host_vars/routeur-daniel.adm.crans.org.yml    |  3 ++
 host_vars/routeur-jack.adm.crans.org.yml      |  3 ++
 host_vars/routeur-sam.adm.crans.org.yml       |  3 ++
 host_vars/zamok.adm.crans.org.yml             |  9 ++++
 hosts                                         |  6 +--
 plays/root.yml                                | 42 +++++++------------
 roles/apt/tasks/main.yml                      | 17 ++++++++
 .../apt/sources.list.d/backports.list.j2      |  0
 .../apt/sources.list.d/pve-enterprise.list.j2 |  2 +
 roles/apt/templates/apt/sources.list.j2       |  7 ++++
 roles/debian-apt-sources/tasks/main.yml       |  5 ---
 .../templates/apt/sources.list.j2             | 30 -------------
 roles/proxmox-apt-sources/tasks/main.yml      |  5 ---
 .../apt/sources.list.d/pve-enterprise.list.j2 |  2 -
 roles/{baie => zfs}/tasks/main.yml            |  5 ---
 24 files changed, 139 insertions(+), 94 deletions(-)
 create mode 100644 group_vars/baie.yml
 create mode 100644 group_vars/server/apt.yml
 create mode 100644 group_vars/virtu.yml
 create mode 100644 host_vars/bigbluebutton.adm.crans.org.yml
 create mode 100644 host_vars/routeur-jack.adm.crans.org.yml
 create mode 100644 roles/apt/tasks/main.yml
 rename roles/{baie => apt}/templates/apt/sources.list.d/backports.list.j2 (100%)
 create mode 100644 roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2
 create mode 100644 roles/apt/templates/apt/sources.list.j2
 delete mode 100644 roles/debian-apt-sources/tasks/main.yml
 delete mode 100644 roles/debian-apt-sources/templates/apt/sources.list.j2
 delete mode 100644 roles/proxmox-apt-sources/tasks/main.yml
 delete mode 100644 roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2
 rename roles/{baie => zfs}/tasks/main.yml (71%)

diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml
index fcba6e46..4aa00d61 100644
--- a/group_vars/all/vars.yaml
+++ b/group_vars/all/vars.yaml
@@ -59,3 +59,4 @@ glob_ldap:
 
 home_nounous:
   ip: 172.16.10.1
+
diff --git a/group_vars/baie.yml b/group_vars/baie.yml
new file mode 100644
index 00000000..6c2f2161
--- /dev/null
+++ b/group_vars/baie.yml
@@ -0,0 +1,4 @@
+---
+
+glob_apt:
+  backports: yes
diff --git a/group_vars/crans_server/vars.yml b/group_vars/crans_server/vars.yml
index 876a0d40..8e6eb23b 100644
--- a/group_vars/crans_server/vars.yml
+++ b/group_vars/crans_server/vars.yml
@@ -3,13 +3,6 @@ ldap:
   servers: ["172.16.1.1"]
   base: "dc=crans,dc=org"
 
-
-# Parameters for debian and ubuntu mirror
-debian_mirror: http://mirror.adm.crans.org/debian
-ubuntu_mirror: http://mirror.adm.crans.org/ubuntu
-debian_components: main contrib non-free
-ubuntu_components: main restricted universe multiverse
-
 glob_borg:
   to_backup:
     - /etc
diff --git a/group_vars/keepalived.yml b/group_vars/keepalived.yml
index 2b4fbd40..9f2fc888 100644
--- a/group_vars/keepalived.yml
+++ b/group_vars/keepalived.yml
@@ -5,12 +5,28 @@ glob_keepalived:
   mail_destination: root@crans.org
   smtp_server: smtp.adm.crans.org
   pool:
-    dhcp:
+    all:
       password: "plopisverysecure"
       id: 60
       ipv6: yes
       notify: /usr/scripts/notify-dhcp
       zones:
+        - vlan: zayo
+          ipv4: 158.255.113.73/31
+          brd: false
+          ipv6: 2001:1b48:2:103::bb:2/126
+        - vlan: srv
+          ipv4: 185.230.79.62/26
+          brd: true
+          ipv6: 2a0c:700:2::ff:fe00:9902/64
+        - vlan: srv_nat
+          ipv4: 172.16.3.99/24
+          brd: true
+          ipv6: 2a0c:700:3::ff:fe00:9903/64
+        - vlan: infra
+          ipv4: 172.16.32.99/22
+          brd: true
+          ipv6: fd00::11:0:ff:fe00:9911/64
         - vlan: adh
           ipv4: 185.230.78.99/24
           brd: true
@@ -19,12 +35,3 @@ glob_keepalived:
           ipv4: 100.64.0.99/16
           brd: true
           ipv6: 2a0c:700:13::ff:fe00:9913/48
-    radius:
-      password: 'plopisverysecure'
-      id: 61
-      ipv6: yes
-      zones:
-        - vlan: infra
-          ipv4: 172.16.32.99/22
-          brd: true
-          ipv6: fd00::11:0:ff:fe00:9911/64
diff --git a/group_vars/server/apt.yml b/group_vars/server/apt.yml
new file mode 100644
index 00000000..b77e26b2
--- /dev/null
+++ b/group_vars/server/apt.yml
@@ -0,0 +1,18 @@
+---
+glob_apt:
+  backports: no
+  proxmox: no
+  protocol: http://
+  mirror: mirror.adm.crans.org
+  pool: debian
+  components: 'main contrib non-free'
+  debs:
+    - name: ''
+      path: ''
+      comment: 'Dépot classique'
+    - name: ''
+      path: '-updates'
+      comment: 'Mises à jour fréquentes (volatiles)'
+    - name: '-security'
+      path: '/updates'
+      comment: 'Mises à jour de sécurité'
diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml
new file mode 100644
index 00000000..b99e0a9c
--- /dev/null
+++ b/group_vars/virtu.yml
@@ -0,0 +1,3 @@
+---
+apt:
+  proxmox: yes
diff --git a/host_vars/bigbluebutton.adm.crans.org.yml b/host_vars/bigbluebutton.adm.crans.org.yml
new file mode 100644
index 00000000..8a36d6e2
--- /dev/null
+++ b/host_vars/bigbluebutton.adm.crans.org.yml
@@ -0,0 +1,15 @@
+---
+loc_apt:
+  components: 'main restricted universe multiverse'
+  pool: ubuntu
+  debs:
+    - name: ''
+      path: ''
+      comment: 'Dépot classique'
+    - name: ''
+      path: '-updates'
+      comment: 'Mises à jour fréquentes (volatiles)'
+    - name: ''
+      path: '-security'
+      comment: 'Mises à jour de sécurité'
+
diff --git a/host_vars/fluxx.adm.crans.org.yml b/host_vars/fluxx.adm.crans.org.yml
index 5cde2044..09f6563e 100644
--- a/host_vars/fluxx.adm.crans.org.yml
+++ b/host_vars/fluxx.adm.crans.org.yml
@@ -1,3 +1,12 @@
 ---
 interfaces:
   adm: eth0
+
+loc_apt:
+  debs:
+    - name: ''
+      path: ''
+      comment: 'Dépot classique'
+    - name: ''
+      path: '-updates'
+      comment: 'Mises à jour fréquentes (volatiles)'
diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml
index ab6e12d6..977556f8 100644
--- a/host_vars/monitoring.adm.crans.org.yml
+++ b/host_vars/monitoring.adm.crans.org.yml
@@ -2,3 +2,13 @@ interfaces:
   adm: eth0
   srv_nat: eth1
   infra: eth2
+
+loc_apt:
+  debs:
+    - name: ''
+      path: ''
+      comment: 'Dépot classique'
+    - name: ''
+      path: '-updates'
+      comment: 'Mises à jour fréquentes (volatiles)'
+
diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml
index c3d4db4a..13f00c1e 100644
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@@ -20,3 +20,6 @@ loc_keepalived:
       tag: VI_RAD
       state: BACKUP
       priority: 100
+
+loc_apt:
+  proxmox: yes
diff --git a/host_vars/routeur-jack.adm.crans.org.yml b/host_vars/routeur-jack.adm.crans.org.yml
new file mode 100644
index 00000000..247e0e5b
--- /dev/null
+++ b/host_vars/routeur-jack.adm.crans.org.yml
@@ -0,0 +1,3 @@
+---
+loc_apt:
+  proxmox: yes
diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml
index ea5639d5..1d2e1056 100644
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@@ -28,3 +28,6 @@ loc_re2o:
   version: master_freeradius_python3
   settings_local_owner: freerad
   settings_local_group: nounou
+
+loc_apt:
+  proxmox: yes
diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml
index bf60fd81..30fbb002 100644
--- a/host_vars/zamok.adm.crans.org.yml
+++ b/host_vars/zamok.adm.crans.org.yml
@@ -7,3 +7,12 @@ loc_borg:
       params:
         - "- name: all"
         - "  password: {{ vault_mysql_zamok_password }}"
+
+loc_apt:
+  debs:
+    - name: ''
+      path: ''
+      comment: 'Dépot classique'
+    - name: ''
+      path: '-updates'
+      comment: 'Mises à jour fréquentes (volatiles)'
diff --git a/hosts b/hosts
index 98de0fe4..454b90b1 100644
--- a/hosts
+++ b/hosts
@@ -60,9 +60,9 @@ routeurs_vm
 
 [ldap_server]
 tealc.adm.crans.org
-sam.adm.crans.org
-daniel.adm.crans.org
-jack.adm.crans.org
+
+[ldap_server:children]
+virtu
 
 [monitoring]
 monitoring.adm.crans.org
diff --git a/plays/root.yml b/plays/root.yml
index 2b3d83c3..395104fb 100755
--- a/plays/root.yml
+++ b/plays/root.yml
@@ -2,34 +2,11 @@
 ---
 # root is the first playbook to launch (as root) whe initiation a new server
 
-- hosts: server
-  tasks:
-    - name: Check if mirror.adm is defined in /etc/hosts
-      lineinfile:
-        state: absent
-        path: /etc/hosts
-        regexp: '^{{ glob_mirror.ip }}'
-      check_mode: True
-      changed_when: False
-      register: check_mirror
-
-    - name: Define mirror.adm.crans.org if it doesn't exist.
-      lineinfile:
-        path: /etc/hosts
-        line: '{{ glob_mirror.ip }} {{ glob_mirror.name }}'
-        insertafter: '127.0.0.1 localhost'
-      when: check_mirror.found == 0
-
-- hosts: baie
-  roles:
-    - baie
-
-- hosts: virtu
-  roles:
-    - proxmox-apt-sources
-
 - hosts: server
   vars:
+    play_apt:
+      mirror: 172.16.10.30
+    apt: '{{ glob_apt | combine(loc_apt | default({})) | combine(play_apt) }}'
     # # Will be in /usr/scripts/
     # crans_scripts_git: "http://gitlab.adm.crans.org/nounous/scripts.git"
 
@@ -38,13 +15,17 @@
       - charybde.adm.crans.org
     #   - silice.adm.crans.org
   roles:
-    - debian-apt-sources
+    - apt
     - common-tools
     - sudo
     - ntp-client
     # - crans-scripts
     - root-config
 
+- hosts: baie
+  roles:
+    - zfs
+
 - hosts: crans_vm
   roles:
     - qemu-guest-agent
@@ -84,5 +65,12 @@
       retries: 3
       until: apt_result is succeeded
 
+# Deploys back the apt configuration using the uri and not the ip
+- hosts: server
+  vars:
+    apt: '{{ glob_apt | combine(loc_apt | default({})) }}'
+  roles:
+    - apt
+
 - import_playbook: borgbackups_client.yml
 - import_playbook: monitoring.yml
diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml
new file mode 100644
index 00000000..eda9183f
--- /dev/null
+++ b/roles/apt/tasks/main.yml
@@ -0,0 +1,17 @@
+---
+- name: Configure Debian repositories
+  template:
+    src: apt/sources.list.j2
+    dest: /etc/apt/sources.list
+
+- name: Configure Debian backports repository
+  template:
+    src: apt/sources.list.d/backports.list.j2
+    dest: /etc/apt/sources.list.d/backports.list
+  when: apt.backports
+
+- name: Configure Proxmox repositories
+  template:
+    src: apt/sources.list.d/pve-enterprise.list.j2
+    dest: /etc/apt/sources.list.d/pve-enterprise.list
+  when: apt.proxmox
diff --git a/roles/baie/templates/apt/sources.list.d/backports.list.j2 b/roles/apt/templates/apt/sources.list.d/backports.list.j2
similarity index 100%
rename from roles/baie/templates/apt/sources.list.d/backports.list.j2
rename to roles/apt/templates/apt/sources.list.d/backports.list.j2
diff --git a/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2
new file mode 100644
index 00000000..b04bf9c5
--- /dev/null
+++ b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2
@@ -0,0 +1,2 @@
+{{ ansible_header | comment }}
+deb     {{ apt.protocol }}{{ apt.mirror }}/proxmox/debian/pve {{ ansible_lsb.codename }} pve-no-subscription
diff --git a/roles/apt/templates/apt/sources.list.j2 b/roles/apt/templates/apt/sources.list.j2
new file mode 100644
index 00000000..3fce6792
--- /dev/null
+++ b/roles/apt/templates/apt/sources.list.j2
@@ -0,0 +1,7 @@
+{{ ansible_header | comment }}
+
+{% for deb in apt.debs %}
+# {{ deb.comment }}
+def {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release}}{{ deb.path }} {{ apt.components }}
+
+{% endfor %}
diff --git a/roles/debian-apt-sources/tasks/main.yml b/roles/debian-apt-sources/tasks/main.yml
deleted file mode 100644
index 24c5fc4e..00000000
--- a/roles/debian-apt-sources/tasks/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Configure Debian repositories
-  template:
-    src: apt/sources.list.j2
-    dest: /etc/apt/sources.list
diff --git a/roles/debian-apt-sources/templates/apt/sources.list.j2 b/roles/debian-apt-sources/templates/apt/sources.list.j2
deleted file mode 100644
index 87b2cab2..00000000
--- a/roles/debian-apt-sources/templates/apt/sources.list.j2
+++ /dev/null
@@ -1,30 +0,0 @@
-{{ ansible_header | comment }}
-
-{% if ansible_distribution == "Debian" %}
-{% if ansible_distribution_release != "bullseye" %}
-{# Debian security does not exist yet for bullseye #}
-# Mises à jour de sécurité
-deb     {{ debian_mirror }}-security {{ ansible_distribution_release }}/updates {{ debian_components }}
-
-{% endif %}
-# Dépôt classique
-deb     {{ debian_mirror }} {{ ansible_distribution_release }} {{ debian_components }}
-
-# Dépôt pour mises à jour fréquentes (volatile)
-deb     {{ debian_mirror }} {{ ansible_distribution_release }}-updates {{ debian_components }}
-
-{% if backports | default(false) %}
-# Backports
-deb     {{ debian_mirror }} {{ ansible_distribution_release }}-backports {{ debian_components }}
-{% endif %}
-
-{% elif ansible_distribution == "Ubuntu" %}
-# Mises à jour de sécurité
-deb     {{ ubuntu_mirror }} {{ ansible_distribution_release }}-security {{ ubuntu_components }}
-
-# Dépôt classique
-deb     {{ ubuntu_mirror }} {{ ansible_distribution_release }} {{ ubuntu_components }}
-
-# Dépôt pour mises à jour fréquentes (volatile)
-deb     {{ ubuntu_mirror }} {{ ansible_distribution_release }}-updates {{ ubuntu_components }}
-{% endif %}
diff --git a/roles/proxmox-apt-sources/tasks/main.yml b/roles/proxmox-apt-sources/tasks/main.yml
deleted file mode 100644
index 1774927c..00000000
--- a/roles/proxmox-apt-sources/tasks/main.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: Configure Proxmox repositories
-  template:
-    src: apt/sources.list.d/pve-enterprise.list.j2
-    dest: /etc/apt/sources.list.d/pve-enterprise.list
diff --git a/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2
deleted file mode 100644
index 739806d3..00000000
--- a/roles/proxmox-apt-sources/templates/apt/sources.list.d/pve-enterprise.list.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-{{ ansible_header | comment }}
-deb     http://mirror.adm.crans.org/proxmox/debian/pve {{ ansible_lsb.codename }} pve-no-subscription
diff --git a/roles/baie/tasks/main.yml b/roles/zfs/tasks/main.yml
similarity index 71%
rename from roles/baie/tasks/main.yml
rename to roles/zfs/tasks/main.yml
index 1ab5cece..0b546d9b 100644
--- a/roles/baie/tasks/main.yml
+++ b/roles/zfs/tasks/main.yml
@@ -1,9 +1,4 @@
 ---
-- name: Configure Debian backports repository
-  template:
-    src: apt/sources.list.d/backports.list.j2
-    dest: /etc/apt/sources.list.d/backports.list
-
 - name: Install ZFS
   apt:
     update_cache: true
-- 
GitLab


From f3223eb51517998196df28399fa3cb834ccf4b86 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Sun, 17 Jan 2021 18:25:14 +0100
Subject: [PATCH 2/4] [apt] go and get squashed

---
 group_vars/all/vars.yaml                                      | 1 -
 group_vars/baie.yml                                           | 3 +--
 group_vars/virtu.yml                                          | 2 +-
 host_vars/fluxx.adm.crans.org.yml                             | 1 +
 host_vars/monitoring.adm.crans.org.yml                        | 1 +
 host_vars/zamok.adm.crans.org.yml                             | 1 +
 roles/apt/templates/apt/sources.list.d/backports.list.j2      | 2 +-
 roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 | 2 +-
 roles/apt/templates/apt/sources.list.j2                       | 2 +-
 9 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml
index 4aa00d61..fcba6e46 100644
--- a/group_vars/all/vars.yaml
+++ b/group_vars/all/vars.yaml
@@ -59,4 +59,3 @@ glob_ldap:
 
 home_nounous:
   ip: 172.16.10.1
-
diff --git a/group_vars/baie.yml b/group_vars/baie.yml
index 6c2f2161..dc6d4275 100644
--- a/group_vars/baie.yml
+++ b/group_vars/baie.yml
@@ -1,4 +1,3 @@
 ---
-
-glob_apt:
+loc_apt:
   backports: yes
diff --git a/group_vars/virtu.yml b/group_vars/virtu.yml
index b99e0a9c..247e0e5b 100644
--- a/group_vars/virtu.yml
+++ b/group_vars/virtu.yml
@@ -1,3 +1,3 @@
 ---
-apt:
+loc_apt:
   proxmox: yes
diff --git a/host_vars/fluxx.adm.crans.org.yml b/host_vars/fluxx.adm.crans.org.yml
index 09f6563e..4823fd31 100644
--- a/host_vars/fluxx.adm.crans.org.yml
+++ b/host_vars/fluxx.adm.crans.org.yml
@@ -3,6 +3,7 @@ interfaces:
   adm: eth0
 
 loc_apt:
+  components: 'main non-free'
   debs:
     - name: ''
       path: ''
diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml
index 977556f8..8101aa64 100644
--- a/host_vars/monitoring.adm.crans.org.yml
+++ b/host_vars/monitoring.adm.crans.org.yml
@@ -4,6 +4,7 @@ interfaces:
   infra: eth2
 
 loc_apt:
+  components: 'main non-free'
   debs:
     - name: ''
       path: ''
diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml
index 30fbb002..b1bdf33a 100644
--- a/host_vars/zamok.adm.crans.org.yml
+++ b/host_vars/zamok.adm.crans.org.yml
@@ -9,6 +9,7 @@ loc_borg:
         - "  password: {{ vault_mysql_zamok_password }}"
 
 loc_apt:
+  components: 'main non-free'
   debs:
     - name: ''
       path: ''
diff --git a/roles/apt/templates/apt/sources.list.d/backports.list.j2 b/roles/apt/templates/apt/sources.list.d/backports.list.j2
index 6326b3e4..9baaaee0 100644
--- a/roles/apt/templates/apt/sources.list.d/backports.list.j2
+++ b/roles/apt/templates/apt/sources.list.d/backports.list.j2
@@ -1 +1 @@
-deb     {{ debian_mirror }} {{ ansible_lsb.codename }}-backports main contrib non-free
+deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }} {{ ansible_distribution_release }}-backports {{ apt.components }}
diff --git a/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2 b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2
index b04bf9c5..83e0c080 100644
--- a/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2
+++ b/roles/apt/templates/apt/sources.list.d/pve-enterprise.list.j2
@@ -1,2 +1,2 @@
 {{ ansible_header | comment }}
-deb     {{ apt.protocol }}{{ apt.mirror }}/proxmox/debian/pve {{ ansible_lsb.codename }} pve-no-subscription
+deb     {{ apt.protocol }}{{ apt.mirror }}/proxmox/debian/pve {{ ansible_distribution_release }} pve-no-subscription
diff --git a/roles/apt/templates/apt/sources.list.j2 b/roles/apt/templates/apt/sources.list.j2
index 3fce6792..6aa3a9a7 100644
--- a/roles/apt/templates/apt/sources.list.j2
+++ b/roles/apt/templates/apt/sources.list.j2
@@ -2,6 +2,6 @@
 
 {% for deb in apt.debs %}
 # {{ deb.comment }}
-def {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release}}{{ deb.path }} {{ apt.components }}
+deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release }}{{ deb.path }} {{ apt.components }}
 
 {% endfor %}
-- 
GitLab


From acc5641de01459eaa9bd3baaa62a6c82bcc4efc4 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Mon, 18 Jan 2021 10:07:16 +0100
Subject: [PATCH 3/4] [apt] move components to debs

---
 group_vars/baie.yml                                      | 3 ++-
 group_vars/server/apt.yml                                | 6 +++---
 host_vars/bigbluebutton.adm.crans.org.yml                | 4 +++-
 host_vars/fluxx.adm.crans.org.yml                        | 3 ++-
 host_vars/monitoring.adm.crans.org.yml                   | 3 ++-
 host_vars/routeur-daniel.adm.crans.org.yml               | 3 ---
 host_vars/routeur-jack.adm.crans.org.yml                 | 2 --
 host_vars/routeur-sam.adm.crans.org.yml                  | 3 ---
 host_vars/zamok.adm.crans.org.yml                        | 3 ++-
 roles/apt/tasks/main.yml                                 | 4 ++--
 roles/apt/templates/apt/sources.list.d/backports.list.j2 | 2 +-
 roles/apt/templates/apt/sources.list.j2                  | 2 +-
 12 files changed, 18 insertions(+), 20 deletions(-)

diff --git a/group_vars/baie.yml b/group_vars/baie.yml
index dc6d4275..06fecd60 100644
--- a/group_vars/baie.yml
+++ b/group_vars/baie.yml
@@ -1,3 +1,4 @@
 ---
 loc_apt:
-  backports: yes
+  backports:
+    components: 'main contrib non-free'
diff --git a/group_vars/server/apt.yml b/group_vars/server/apt.yml
index b77e26b2..22b8c5e2 100644
--- a/group_vars/server/apt.yml
+++ b/group_vars/server/apt.yml
@@ -1,18 +1,18 @@
 ---
 glob_apt:
-  backports: no
-  proxmox: no
   protocol: http://
   mirror: mirror.adm.crans.org
   pool: debian
-  components: 'main contrib non-free'
   debs:
     - name: ''
       path: ''
+      components: 'main contrib non-free'
       comment: 'Dépot classique'
     - name: ''
       path: '-updates'
+      components: 'main contrib non-free'
       comment: 'Mises à jour fréquentes (volatiles)'
     - name: '-security'
       path: '/updates'
+      components: 'main contrib non-free'
       comment: 'Mises à jour de sécurité'
diff --git a/host_vars/bigbluebutton.adm.crans.org.yml b/host_vars/bigbluebutton.adm.crans.org.yml
index 8a36d6e2..f87095bb 100644
--- a/host_vars/bigbluebutton.adm.crans.org.yml
+++ b/host_vars/bigbluebutton.adm.crans.org.yml
@@ -1,15 +1,17 @@
 ---
 loc_apt:
-  components: 'main restricted universe multiverse'
   pool: ubuntu
   debs:
     - name: ''
       path: ''
+      components: 'main restricted universe multiverse'
       comment: 'Dépot classique'
     - name: ''
       path: '-updates'
+      components: 'main restricted universe multiverse'
       comment: 'Mises à jour fréquentes (volatiles)'
     - name: ''
       path: '-security'
+      components: 'main restricted universe multiverse'
       comment: 'Mises à jour de sécurité'
 
diff --git a/host_vars/fluxx.adm.crans.org.yml b/host_vars/fluxx.adm.crans.org.yml
index 4823fd31..e491027d 100644
--- a/host_vars/fluxx.adm.crans.org.yml
+++ b/host_vars/fluxx.adm.crans.org.yml
@@ -3,11 +3,12 @@ interfaces:
   adm: eth0
 
 loc_apt:
-  components: 'main non-free'
   debs:
     - name: ''
       path: ''
+      components: 'main non-free'
       comment: 'Dépot classique'
     - name: ''
       path: '-updates'
+      components: 'main non-free'
       comment: 'Mises à jour fréquentes (volatiles)'
diff --git a/host_vars/monitoring.adm.crans.org.yml b/host_vars/monitoring.adm.crans.org.yml
index 8101aa64..aa932be1 100644
--- a/host_vars/monitoring.adm.crans.org.yml
+++ b/host_vars/monitoring.adm.crans.org.yml
@@ -4,12 +4,13 @@ interfaces:
   infra: eth2
 
 loc_apt:
-  components: 'main non-free'
   debs:
     - name: ''
       path: ''
+      components: 'main non-free'
       comment: 'Dépot classique'
     - name: ''
       path: '-updates'
+      components: 'main non-free'
       comment: 'Mises à jour fréquentes (volatiles)'
 
diff --git a/host_vars/routeur-daniel.adm.crans.org.yml b/host_vars/routeur-daniel.adm.crans.org.yml
index 13f00c1e..c3d4db4a 100644
--- a/host_vars/routeur-daniel.adm.crans.org.yml
+++ b/host_vars/routeur-daniel.adm.crans.org.yml
@@ -20,6 +20,3 @@ loc_keepalived:
       tag: VI_RAD
       state: BACKUP
       priority: 100
-
-loc_apt:
-  proxmox: yes
diff --git a/host_vars/routeur-jack.adm.crans.org.yml b/host_vars/routeur-jack.adm.crans.org.yml
index 247e0e5b..ed97d539 100644
--- a/host_vars/routeur-jack.adm.crans.org.yml
+++ b/host_vars/routeur-jack.adm.crans.org.yml
@@ -1,3 +1 @@
 ---
-loc_apt:
-  proxmox: yes
diff --git a/host_vars/routeur-sam.adm.crans.org.yml b/host_vars/routeur-sam.adm.crans.org.yml
index 1d2e1056..ea5639d5 100644
--- a/host_vars/routeur-sam.adm.crans.org.yml
+++ b/host_vars/routeur-sam.adm.crans.org.yml
@@ -28,6 +28,3 @@ loc_re2o:
   version: master_freeradius_python3
   settings_local_owner: freerad
   settings_local_group: nounou
-
-loc_apt:
-  proxmox: yes
diff --git a/host_vars/zamok.adm.crans.org.yml b/host_vars/zamok.adm.crans.org.yml
index b1bdf33a..ee2cc31e 100644
--- a/host_vars/zamok.adm.crans.org.yml
+++ b/host_vars/zamok.adm.crans.org.yml
@@ -9,11 +9,12 @@ loc_borg:
         - "  password: {{ vault_mysql_zamok_password }}"
 
 loc_apt:
-  components: 'main non-free'
   debs:
     - name: ''
       path: ''
+      components: 'main non-free'
       comment: 'Dépot classique'
     - name: ''
       path: '-updates'
+      components: 'main non-free'
       comment: 'Mises à jour fréquentes (volatiles)'
diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml
index eda9183f..495d6dbd 100644
--- a/roles/apt/tasks/main.yml
+++ b/roles/apt/tasks/main.yml
@@ -8,10 +8,10 @@
   template:
     src: apt/sources.list.d/backports.list.j2
     dest: /etc/apt/sources.list.d/backports.list
-  when: apt.backports
+  when: apt.backports is defined
 
 - name: Configure Proxmox repositories
   template:
     src: apt/sources.list.d/pve-enterprise.list.j2
     dest: /etc/apt/sources.list.d/pve-enterprise.list
-  when: apt.proxmox
+  when: apt.proxmox is defined and apt.proxmox
diff --git a/roles/apt/templates/apt/sources.list.d/backports.list.j2 b/roles/apt/templates/apt/sources.list.d/backports.list.j2
index 9baaaee0..2d03ad52 100644
--- a/roles/apt/templates/apt/sources.list.d/backports.list.j2
+++ b/roles/apt/templates/apt/sources.list.d/backports.list.j2
@@ -1 +1 @@
-deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }} {{ ansible_distribution_release }}-backports {{ apt.components }}
+deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }} {{ ansible_distribution_release }}-backports {{ apt.backports.components }}
diff --git a/roles/apt/templates/apt/sources.list.j2 b/roles/apt/templates/apt/sources.list.j2
index 6aa3a9a7..9dd9a5e9 100644
--- a/roles/apt/templates/apt/sources.list.j2
+++ b/roles/apt/templates/apt/sources.list.j2
@@ -2,6 +2,6 @@
 
 {% for deb in apt.debs %}
 # {{ deb.comment }}
-deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release }}{{ deb.path }} {{ apt.components }}
+deb {{ apt.protocol }}{{ apt.mirror }}/{{ apt.pool }}{{ deb.name }} {{ ansible_distribution_release }}{{ deb.path }} {{ deb.components }}
 
 {% endfor %}
-- 
GitLab


From 776a5a3799060c5f7ed9f2cbc952af3308bf2c2b Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Mon, 18 Jan 2021 10:48:59 +0100
Subject: [PATCH 4/4] [apt] configure additional repositories

---
 host_vars/unifi.adm.crans.org.yml              | 10 ++++++++++
 hosts                                          |  2 +-
 roles/apt/tasks/main.yml                       | 18 ++++++++++++++++++
 .../additional-repository.list.j2              |  1 +
 4 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 host_vars/unifi.adm.crans.org.yml
 create mode 100644 roles/apt/templates/apt/sources.list.d/additional-repository.list.j2

diff --git a/host_vars/unifi.adm.crans.org.yml b/host_vars/unifi.adm.crans.org.yml
new file mode 100644
index 00000000..6824c2cb
--- /dev/null
+++ b/host_vars/unifi.adm.crans.org.yml
@@ -0,0 +1,10 @@
+---
+loc_apt:
+  additional_repository:
+    - name: 100-ubnt-unifi
+      uri: https://www.ui.com/downloads/unifi/debian
+      release: stable
+      components: ubiquiti
+      key:
+        id: 06E85760C0A52C50
+        server: keyserver.ubuntu.com
diff --git a/hosts b/hosts
index 454b90b1..4773a52e 100644
--- a/hosts
+++ b/hosts
@@ -156,7 +156,7 @@ roundcube.adm.crans.org
 titanic.adm.crans.org
 tracker.adm.crans.org
 voyager.adm.crans.org
-#unifi.adm.crans.org
+unifi.adm.crans.org
 
 [crans_vm:children]
 routeurs_vm
diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml
index 495d6dbd..4119d4e5 100644
--- a/roles/apt/tasks/main.yml
+++ b/roles/apt/tasks/main.yml
@@ -15,3 +15,21 @@
     src: apt/sources.list.d/pve-enterprise.list.j2
     dest: /etc/apt/sources.list.d/pve-enterprise.list
   when: apt.proxmox is defined and apt.proxmox
+
+- name: Configure apt additional keys
+  apt_key:
+    keyserver: '{{ item.key.server }}'
+    id: '{{ item.key.id }}'
+    state: present
+  register: apt_key_result
+  retries: 3
+  until: apt_key_result is succeeded
+  when: apt.additional_repository
+  loop: "{{ apt.additional_repository | selectattr('key', 'defined') }}"
+
+- name: Configure additional repositories
+  template:
+    src: apt/sources.list.d/additional-repository.list.j2
+    dest: /etc/apt/sources.list.d/{{ item.name }}.list
+  when: apt.additional_repository
+  loop: "{{ apt.additional_repository | list }}"
diff --git a/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2 b/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2
new file mode 100644
index 00000000..d6098ad3
--- /dev/null
+++ b/roles/apt/templates/apt/sources.list.d/additional-repository.list.j2
@@ -0,0 +1 @@
+deb {{ item.uri }} {{ item.release }} {{ item.components }}
-- 
GitLab