ansible/aptrepo.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44

- hosts: aptrepo
  remote_user: debian
  become: yes
  roles:
    - role: sane_debian_system
    - role: sshd
    - role: unix_users
    - role: apt-repository
  vars:
    ansible_python_interpreter: python3

    sane_debian_system_version: 2
    sane_debian_system_hostname: "{{ inventory_hostname }}"
    sane_debian_system_codename: bookworm

    timezone: Europe/Helsinki

    unix_users_version: 2
    unix_users:
      - username: apt
        comment: Owner of APT repository
      - username: incoming
        comment: APT incoming packages
        authorized_keys: |
          {{ apt_uploader_ssh_pub_keys }}
      - username: liw
        comment: Lars Wirzenius
        sudo: yes

    sshd_version: 1

    apt_uploader_ssh_pub_keys: |
      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPQe6lsTapAxiwhhEeE/ixuK+5N8esCsMWoekQqjtxjP
    apt_admin_email: liw@liw.fi
    apt_domain: aptrepo
    apt_distributions:
      - codename: unstable
        description: Release packages for unstable
      - codename: unstable-ci
        description: CI builds for unstable
    apt_signing_key: "{{ lookup('pipe', 'pass show ick2/apt_key') }}"
    apt_signing_key_pub: "{{ lookup('pipe', 'pass show ick2/apt_key.pub') }}"
    apt_signing_key_fingerprint: |
      {{ lookup('pipe', 'pass show ick2/apt_key.pub | gpg --show-keys --with-colons | grep "^fpr:" | cut -d: -f10') }}