Add a basic "sane Debias jessie system" role

6 files changed, 72 insertions, 0 deletions

diff --git a/roles/sane_jessie_system/README b/roles/sane_jessie_system/README
new file mode 100644
index 0000000..a0799a8
--- /dev/null
+++ b/roles/sane_jessie_system/README
@@ -0,0 +1,10 @@
+This role, sane_jessie_system, set up a Debian system to run jessie,
+and does some setup so the system meets minimal criteria for sanity.
+Specifically:
+
+- APT is configured with all the sources.list entries required by the
+  playbook
+- all packages are upgraded to current versions
+- hostname is set
+- the clock is kept accurate with NTP
+- locales are available
diff --git a/roles/sane_jessie_system/defaults/main.yml b/roles/sane_jessie_system/defaults/main.yml
new file mode 100644
index 0000000..2f2f3b2
--- /dev/null
+++ b/roles/sane_jessie_system/defaults/main.yml
@@ -0,0 +1,16 @@
+# These are the variables expected by this role.
+
+# The desired hostname. Default is empty, which means hostname won't
+# be set.
+hostname: ""
+
+
+# Default Debian mirror to use. Default should work everywhere, but if
+# needed, pick a faster mirror, perhaps a local one.
+debian_mirror: http.debian.net
+
+
+# A list of extra APT repositories to add. Each list entry should be a
+# dict with the key "repo", which is the sources.list line to add. If
+# list is empty (as it is by default), nothing extra is added.
+sources_lists: []
diff --git a/roles/sane_jessie_system/tasks/apt.yml b/roles/sane_jessie_system/tasks/apt.yml
new file mode 100644
index 0000000..4977683
--- /dev/null
+++ b/roles/sane_jessie_system/tasks/apt.yml
@@ -0,0 +1,22 @@
+# This is installed before updating sources lists, so that if they
+# happen to use https URLs the package lists can still be update.
+- name: install apt-transport-https
+  apt:
+    name: apt-transport-https
+
+- name: configure main sources.list
+  copy:
+    src: source.list
+    dest: /etc/apt/sources.list
+
+- name: additional sources.list.d/*
+  with_items: "{{ sources_lists }}"
+  apt_repository:
+    repo: "{{ item.repo }}"
+    update_cache: no
+
+- name: dist-upgrade so everything is up to date
+  apt:
+    upgrade: dist
+    update_cache: yes
+    cache_valid_time: 0
diff --git a/roles/sane_jessie_system/tasks/env.yml b/roles/sane_jessie_system/tasks/env.yml
new file mode 100644
index 0000000..d1e7cab
--- /dev/null
+++ b/roles/sane_jessie_system/tasks/env.yml
@@ -0,0 +1,19 @@
+- name: set /etc/hostname
+  copy:
+    content: "{{ hostname }}"
+    dest: /etc/hostname
+  when: hostname
+
+- name: add hostname to /etc/hosts
+  lineinfile:
+    dest: /etc/hosts
+    regexp: '^127\.0\.1\.1 '
+    line: "127.0.1.1 {{ hostname }}"
+  when: hostname
+
+- name: install environment packages
+  apt:
+    name: "{{ item }}"
+  with_items:
+    - locales-all
+    - ntp
diff --git a/roles/sane_jessie_system/tasks/main.yml b/roles/sane_jessie_system/tasks/main.yml
new file mode 100644
index 0000000..dcb3b60
--- /dev/null
+++ b/roles/sane_jessie_system/tasks/main.yml
@@ -0,0 +1,2 @@
+- include: apt.yml
+- include: env.yml
diff --git a/roles/sane_jessie_system/templates/sources.list.j2 b/roles/sane_jessie_system/templates/sources.list.j2
new file mode 100644
index 0000000..4701d19
--- /dev/null
+++ b/roles/sane_jessie_system/templates/sources.list.j2
@@ -0,0 +1,3 @@
+deb http://{{ debian_mirror }}/debian jessie main
+deb http://security.debian.org/ jessie/updates main
+deb {{ debian_mirror }} jessie-updates main