Skip to content

hetznercloud/ansible-role-aptly

BranchesTags

Repository files navigation

Ansible Role - Aptly

CI

Install and configure Aptly (The "Swiss army knife for Debian repository management") automatically via Ansible.

Requirements

  • A pre-generated GPG key for signing packages

Dependencies

  • jmespath (pip3 install jmespath)
  • community.general.json_query (for mirror state logic)

Role variables

aptly__repo: 'squeeze'

The repository has to be either squeeze or nightly.

aptly__user: 'aptly'
aptly__groups:
  - 'www-data'
aptly__user_home_directory: '/srv/aptly'
aptly__user_shell: '/bin/bash'

By default, the role will create a separate user using /srv/aptly as home directory for the whole aptly processing. The user must be a member of www-data if the data should be served via nginx or apache2. This can also be an empty list.

aptly__become_method: ansible.builtin.su

Ansible needs to run some tasks using the aptly user (e.g. adding gpg keys). By default, the role will use the su method. Depending on the host configuration, this may need to be changed to the proper become plugin. For more information, please see the Ansible docs.

aptly__gpg_private_key: |
  -----BEGIN PGP PRIVATE KEY BLOCK-----

  .....................................
  -----END PGP PRIVATE KEY BLOCK-----
aptly__gpg_public_key: |
  -----BEGIN PGP PUBLIC KEY BLOCK-----

  ....................................
  -----END PGP PUBLIC KEY BLOCK-----

aptly__api_enable: true
aptly__apt_listen_address: "127.0.0.1"
aptly__api_listen_port: 9091
aptly__api_extra_arguments:
  - "-no-lock"

By default, the API of the aptly server will be enabled and started locally. The API will be required for mirrors as the update script uses the asynchronous scheduling feature which is only available via API.

Example config

---
aptly__mirrors:
  - name: ddebs-ubuntu-jammy
    publish_prefix: ddebs
    no_block_mirror_task: true
    label: test
    origin: asdf.movie
    distribution: jammy # this needs to be set, no matter if childrens exist or not
    childrens: # Either set it with childrens or not
      - name: main
        distribution: jammy
        archive_url: "http://ddebs.ubuntu.com"
        state: present
        components:
          - main
        architectures:
          - amd64
          - arm64
        keys:
          - string: ""
          - file: ""
          - url: ""
        filter: "mysql-client (>= 3.6)"
        filter_with_deps: true
        ignore_signatures: false
        with_sources: true
        with_installer: false
        with_udebs: false
  - name: ceph-quincy-focal
    publish_prefix: ceph-quincy
    no_block_mirror_task: true
    distribution: focal
    archive_url: https://download.ceph.com
    label: test
    origin: asdf.movie
    state: present
    components:
      - main
    keys:
      - url: ""

aptly__repositories:
  - name: jammy
    distribution: jammy
    label: cloud_platform
    state: present
    components:
      - main
      - experimental
    architectures:
      - amd64
      - arm64

Example playbook

---
- hosts: all
  roles:
    - role: hetzner.aptly

License

GPL-3.0

About

Ansible Role - Install and configure Aptly

Topics

ansible ansible-role aptly-server aptly ansible-galaxy hetzner debian-packaging

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

5 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases 2

Patch Release 1.0.1 Latest
Dec 18, 2023
+ 1 release

Contributors 3

  •  
  •  
  •  

Languages