CCCHH/ansible-infra
CCCHH/ansible-infra
2
2
Fork 1
Code Issues 6 Pull requests 9 Wiki Activity Actions

Vendor Galaxy Roles and Collections
Some checks failed
/ Ansible Lint (push) Failing after 5m45s
Details
/ Ansible Lint (pull_request) Failing after 4m59s
Details

Browse source
This commit is contained in:
Stefan Bethke 2026-02-06 22:07:16 +01:00
commit 2aed20393f
3553 changed files with 387444 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

19
ansible_collections/debops/debops/roles/apt_cacher_ng/COPYRIGHT Normal file
View file

@ -0,0 +1,19 @@
debops.apt_cacher_ng - Install and manage the caching HTTP proxy Apt-Cacher NG
Copyright (C) 2016-2017,2021 Robin Schneider <ypid@riseup.net>
Copyright (C) 2016-2017,2021 DebOps <https://debops.org/>
SPDX-License-Identifier: GPL-3.0-only
This Ansible role is part of DebOps.
DebOps is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License version 3, as
published by the Free Software Foundation.
DebOps is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with DebOps. If not, see https://www.gnu.org/licenses/.

591
ansible_collections/debops/debops/roles/apt_cacher_ng/defaults/main.yml Normal file
View file

@ -0,0 +1,591 @@
---
# .. vim: foldmarker=[[[,]]]:foldmethod=marker
# .. Copyright (C) 2016-2017 Robin Schneider <ypid@riseup.net>
# .. Copyright (C) 2016-2017 DebOps <https://debops.org/>
# .. SPDX-License-Identifier: GPL-3.0-only
# .. _apt_cacher_ng__ref_defaults:
# debops.apt_cacher_ng default variables [[[
# ==========================================
# .. contents:: Sections
# :local:
#
# .. include:: ../../../../includes/global.rst
# Packages and installation [[[
# -----------------------------
# .. envvar:: apt_cacher_ng__base_packages [[[
#
# List of base packages to install.
apt_cacher_ng__base_packages:
- 'apt-cacher-ng'
# ]]]
# .. envvar:: apt_cacher_ng__enabled [[[
#
# Should the Apt-Cacher NG service be enabled?
apt_cacher_ng__enabled: True
# ]]]
# .. envvar:: apt_cacher_ng__deploy_state [[[
#
# What is the desired state which this role should achieve? Possible options:
#
# ``present``
# Default. Ensure that Apt-Cacher NG is installed and configured as requested.
#
# ``absent``
# Ensure that Apt-Cacher NG is uninstalled and it's configuration is removed.
#
# ``purge``
# Same as ``absent`` but additionally also ensures that the cache directories
# is removed.
#
apt_cacher_ng__deploy_state: 'present'
# ]]]
# .. envvar:: apt_cacher_ng__configuration_files [[[
#
# This variable allows you to change which configuration files this role is
# going to create and which permissions to use for them.
#
# ``path``
# String, required, defines the path to the configuration file on the host.
#
# ``src``
# String, optional, defines the path to the template file. Defaults to
# ``path`` with any leading ``/`` removed.
#
# ``owner``
# String, optional, defaults to ``root``. Unix user which owns the
# configuration file.
#
# ``group``
# String, optional, defaults to ``root``. Unix group of the configuration file.
#
# ``mode``
# String, optional, defaults to ``0640``. Unix permissions of the
# configuration file.
#
# ``divert``
# Boolean, optional, defaults to ``True``. Should the original configuration file
# be diverted away before creating our version of the file?
#
apt_cacher_ng__configuration_files:
- path: '/etc/apt-cacher-ng/backends_debian'
mode: '0644'
- path: '/etc/apt-cacher-ng/backends_ubuntu'
mode: '0644'
- path: '/etc/apt-cacher-ng/backends_gentoo'
mode: '0644'
divert: False
- path: '/etc/apt-cacher-ng/acng.conf'
mode: '0644'
- path: '/etc/apt-cacher-ng/security.conf'
group: 'apt-cacher-ng'
mode: '0640'
- path: '/etc/apt-cacher-ng/userinfo.html'
mode: '0644'
divert: False
# ]]]
# ]]]
# Network related settings [[[
# ----------------------------
# .. envvar:: apt_cacher_ng__port [[[
#
# TCP server port for incoming http (or HTTP proxy) connections.
# Can be set to ``9999`` to emulate :program:`apt-proxy`.
apt_cacher_ng__port: 3142
# ]]]
# .. envvar:: apt_cacher_ng__bind_address [[[
#
# List of addresses or hostnames to listen on. Each entry must be an exact
# local address which is associated with a local interface. DNS resolution is
# performed using :manpage:`getaddrinfo(3)` for all available protocols (IPv4,
# IPv6, ...). Using a protocol specific format will create binding(s) only on
# protocol specific socket(s), e.g. ``0.0.0.0`` will listen only to IPv4.
#
# Examples:
#
# .. code-block:: yaml
# :linenos:
#
# apt_cacher_ng__bind_address:
# - 'localhost'
# - '192.168.7.254'
# - 'publicNameOnMainInterface'
#
# Defaults to listening on all interfaces and protocols.
apt_cacher_ng__bind_address: []
# ]]]
# .. envvar:: apt_cacher_ng__fqdn [[[
#
# The FQDN subdomain of the Apt-Cacher NG proxy which will be used by
# :program:`nginx` webserver.
apt_cacher_ng__fqdn: 'software-cache.{{ ansible_domain }}'
# ]]]
# .. envvar:: apt_cacher_ng__proxy [[[
#
# The specification of another HTTP proxy which shall be used for downloads.
# It can include user name and password but see the manual for limitations.
#
# Examples:
#
# .. code-block:: yaml
# :linenos:
#
# apt_cacher_ng__proxy: 'https://username:proxypassword@proxy.example.net:3129'
#
# Defaults to using a direct connection.
apt_cacher_ng__proxy: ''
# ]]]
# .. envvar:: apt_cacher_ng__connect_protocol [[[
#
# Specifies the IP protocol families to use for remote connections. Order does
# matter, first specified are considered first.
#
# Examples:
#
# .. code-block:: yaml
# :linenos:
#
# apt_cacher_ng__connect_protocol:
# - 'v4'
# # - 'v6'
#
# Only use IPv4 connections for connecting to upstream mirrors.
#
# Defaults to using native order of the system's TCP/IP stack, influenced by
# the :envvar:`apt_cacher_ng__bind_address` value.
apt_cacher_ng__connect_protocol: []
# ]]]
# .. envvar:: apt_cacher_ng__offline_mode [[[
#
# Forbid outgoing connections and work without an internet connection or
# respond with 503 error where it's not possible.
apt_cacher_ng__offline_mode: False
# ]]]
# .. envvar:: apt_cacher_ng__network_timeout [[[
#
# Network timeout for outgoing connections, in seconds.
apt_cacher_ng__network_timeout: 60
# ]]]
# .. envvar:: apt_cacher_ng__max_download_speed_kib [[[
#
# It's possible to limit the processing speed of download agents to set an
# overall download speed limit. Unit: KiB/s, Default: unlimited.
apt_cacher_ng__max_download_speed_kib: ''
# ]]]
# ]]]
# Upstream mirrors [[[
# --------------------
# .. envvar:: apt_cacher_ng__upstream_mirror_debian [[[
#
# Which upstream mirror(s) should be used for Debian repositories?
# One mirror per line.
# Set to an empty string to let the package scripts from Apt-Cacher NG decide
# which upstream mirror to use.
apt_cacher_ng__upstream_mirror_debian: '{{ ansible_local.apt.default_sources_map.Debian[0]
| d("http://deb.debian.org/debian") }}'
# ]]]
# .. envvar:: apt_cacher_ng__upstream_mirror_ubuntu [[[
#
# Which upstream mirror(s) should be used for Ubuntu repositories?
# One mirror per line.
# Set to an empty string to let the package scripts from Apt-Cacher NG decide
# which upstream mirror to use.
apt_cacher_ng__upstream_mirror_ubuntu: '{{ ansible_local.apt.default_sources_map.Ubuntu[0]
| d("http://archive.ubuntu.com/ubuntu") }}'
# ]]]
# .. envvar:: apt_cacher_ng__upstream_mirror_gentoo [[[
#
# Which upstream mirror(s) should be used for Gentoo repositories?
# One mirror per line.
# Set to an empty string to let the package scripts from Apt-Cacher NG decide
# which upstream mirror to use.
apt_cacher_ng__upstream_mirror_gentoo: '{{ ansible_local.apt.default_sources_map.Gentoo[0] | d("") }}'
# ]]]
# ]]]
# Cache directory [[[
# -------------------
# .. envvar:: apt_cacher_ng__cache_dir [[[
#
# Storage directory for downloaded data and related maintenance activity.
apt_cacher_ng__cache_dir: '/var/cache/apt-cacher-ng'
# ]]]
# .. envvar:: apt_cacher_ng__cache_dir_owner [[[
#
# Unix user which owns the cache directory and it's contents.
apt_cacher_ng__cache_dir_owner: 'apt-cacher-ng'
# ]]]
# .. envvar:: apt_cacher_ng__cache_dir_group [[[
#
# Unix group of the cache directory and it's contents..
apt_cacher_ng__cache_dir_group: 'apt-cacher-ng'
# ]]]
# .. envvar:: apt_cacher_ng__dir_perms [[[
#
# Default permission set of freshly created files and directories, as octal
# numbers (see :manpage:`chmod(1)` for details).
# Can by limited by the umask value (see :manpage:`umask(2)` for details) if it's set in
# the environment of the starting shell, e.g. in apt-cacher-ng init script or
# in its configuration file.
apt_cacher_ng__dir_perms: '02755'
# ]]]
# .. envvar:: apt_cacher_ng__file_perms [[[
#
# Default permission set of freshly created files and directories, as octal
# numbers (see :manpage:`chmod(1)` for details).
# Can by limited by the umask value (see :manpage:`umask(2)` for details) if it's set in
# the environment of the starting shell, e.g. in apt-cacher-ng init script or
# in its configuration file.
apt_cacher_ng__file_perms: '00644'
# ]]]
# .. envvar:: apt_cacher_ng__cache_dir_enforce_permissions [[[
#
# Should the permissions of the cache directory and it's content be enforced
# (changed to the specified owner, group and mode)?
#
# Options:
#
# ``strict``
# Go thought all files and directories and enforce the permissions on each Ansible run.
#
# .. warning:: This can slow down the role execution time even
# when the changes have already been applied. The main factor is
# the number of files/directories in your cache directory.
#
# ``lazy``
# Check the :file:`_expending_damaged` file in the root of
# :envvar:`apt_cacher_ng__cache_dir` and only enforce permissions on all other
# files if this one file needed to be changed.
#
# ``disabled``
# Don't enforce permissions.
#
apt_cacher_ng__cache_dir_enforce_permissions: 'lazy'
# ]]]
# ]]]
# Management credentials [[[
# --------------------------
# .. envvar:: apt_cacher_ng__user [[[
#
# Username for basic authentication required to visit pages with administrative
# functionality.
apt_cacher_ng__user: 'admin'
# ]]]
# .. envvar:: apt_cacher_ng__password [[[
#
# Password for basic authentication required to visit pages with administrative
# functionality.
apt_cacher_ng__password: '{{ lookup("password", secret + "/credentials/" +
inventory_hostname + "/apt_cacher_ng/" +
apt_cacher_ng__user + "/password length=24") }}'
# ]]]
# ]]]
# Tuning, debugging and further options [[[
# -----------------------------------------
# .. envvar:: apt_cacher_ng__log_dir [[[
#
# Log file directory, can be set empty to disable logging.
apt_cacher_ng__log_dir: '/var/log/apt-cacher-ng'
# ]]]
# .. envvar:: apt_cacher_ng__support_dir [[[
#
# A place to look for additional configuration and resource files if they are not
# found in the configuration directory.
apt_cacher_ng__support_dir: '/usr/lib/apt-cacher-ng'
# ]]]
# .. envvar:: apt_cacher_ng__debug [[[
#
# A bitmask type value declaring the logging verbosity and behavior of the error
# log writing. Non-zero value triggers at least faster log file flushing.
#
# Some higher bits only working with a special debug build of apt-cacher-ng,
# see the manual for details. The setting has an alias named ``UnbufferLogs``.
# Setting ``apt_cacher_ng__debug: 1`` will result in unbuffer log writes.
#
# .. warning:: This can write significant amount of data into the
# :file:`apt-cacher.err` logfile.
#
# 0. No debug printing.
#
# 1. Log file buffers are flushed faster.
#
# 2. Some additional information appears within usual transfer/error logs.
#
# 4. Extra debug information is written to apt-cacher.err (also enables lots of additional trace
# points when apt-cacher-ng binary is built with debug configuration, see section 9.6 for
# details).
#
apt_cacher_ng__debug: 0
# ]]]
# .. envvar:: apt_cacher_ng__verbose_log [[[
#
# Enables extended client information in log entries. When set to ``True``,
# only activity type, time and transfer sizes are logged.
apt_cacher_ng__verbose_log: True
# ]]]
# .. envvar:: apt_cacher_ng__force_managed [[[
#
# Forbid downloads from locations that are directly specified in the user
# request, i.e. all downloads must be processed by the preconfigured remapping
# backends.
# Set to ``False`` by default to allow to download other repositories via the proxy like
# `download.owncloud.org <https://download.owncloud.org/download/repositories/>`_.
apt_cacher_ng__force_managed: False
# ]]]
# .. envvar:: apt_cacher_ng__expiration_threshold [[[
#
# Days before considering an unreferenced file expired (to be deleted).
#
# .. warning:: If the value is set too low and particular index files are not
# available for some days (mirror downtime) then there is a risk of removal of
# still useful package files.
#
apt_cacher_ng__expiration_threshold: 4
# ]]]
# .. envvar:: apt_cacher_ng__expiration_abort_on_problems [[[
#
# Stop expiration when a critical problem appears, issue like a failed update
# of an index file in the preparation step.
#
# .. warning:: Don't set this option to zero or empty without considering possible
# consequences like a sudden and complete cache data loss.
#
apt_cacher_ng__expiration_abort_on_problems: 'default'
# ]]]
# .. envvar:: apt_cacher_ng__dns_cache_seconds [[[
#
# There is a small in-memory cache for DNS resolution data, expired by
# this timeout (in seconds). Internal caching is disabled if set to a value
# less than zero.
apt_cacher_ng__dns_cache_seconds: 1800
# ]]]
# .. envvar:: apt_cacher_ng__log_submitted_origin [[[
#
# Trust the downstream HTTP proxy and log the X-Forwarded-For header as the
# client IP address.
apt_cacher_ng__log_submitted_origin: True
# ]]]
# .. envvar:: apt_cacher_ng__user_agent [[[
#
# The version string reported to the peer, to be displayed as HTTP client (and
# version) in the logs of the mirror.
#
# .. warning:: Expect side effects! Some archives use this header to guess
# capabilities of the client (i.e. allow redirection and/or https links) and
# change their behaviour accordingly but ACNG might not support the expected
# features.
#
# Default is the compiled in UserAgent: Yet Another HTTP Client/1.2.3p4
apt_cacher_ng__user_agent: 'default'
# ]]]
# .. envvar:: apt_cacher_ng__recompress_bz2 [[[
#
# In some cases the Import and Expiration tasks might create fresh volatile
# data for internal use by reconstructing them using patch files. This
# by-product might be recompressed with bzip2 and with some luck the resulting
# file becomes identical to the ``*.bz2`` file on the server which can be used by
# APT when requesting a complete version of this file.
# The downside of this feature is higher CPU load on the server during
# the maintenance tasks, and the outcome might have not much value in a LAN
# where all clients update their data often and regularly and therefore usually
# don't need the full version of the index file.
apt_cacher_ng__recompress_bz2: False
# ]]]
# .. envvar:: apt_cacher_ng__custom [[[
#
# Configuration block for Apt-Cacher NG for additional configuration for
# example custom remap settings.
apt_cacher_ng__custom: ''
# ]]]
# ]]]
# Network accessibility [[[
# -------------------------
# .. envvar:: apt_cacher_ng__allow [[[
#
# Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks.
# If not specified, allows access from all networks.
apt_cacher_ng__allow: []
# ]]]
# .. envvar:: apt_cacher_ng__group_allow [[[
#
# Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks.
# If not specified, allows access from all networks.
apt_cacher_ng__group_allow: []
# ]]]
# .. envvar:: apt_cacher_ng__host_allow [[[
#
# Allow access to Apt-Cacher NG from specified IP addresses or CIDR networks.
# If not specified, allows access from all networks.
apt_cacher_ng__host_allow: []
# ]]]
# .. envvar:: apt_cacher_ng__interfaces [[[
#
# List of network interfaces from which to allow access to Apt-Cacher NG.
# If not specified, allows access from all interfaces.
apt_cacher_ng__interfaces: []
# ]]]
# ]]]
# Role-dependent configuration [[[
# --------------------------------
# .. envvar:: apt_cacher_ng__etc_services__dependent_list [[[
#
# Configuration for the :ref:`debops.etc_services` role which registers port
# numbers for Apt-Cacher NG.
apt_cacher_ng__etc_services__dependent_list:
- name: 'acng'
port: '{{ apt_cacher_ng__port }}'
comment: 'Apt-Cacher NG caching proxy server'
delete: '{{ apt_cacher_ng__deploy_state != "present" }}'
# ]]]
# .. envvar:: apt_cacher_ng__apt_preferences__dependent_list [[[
#
# Configuration for the :ref:`debops.apt_preferences` role.
apt_cacher_ng__apt_preferences__dependent_list: []
# ]]]
# .. envvar:: apt_cacher_ng__ferm__dependent_rules [[[
#
# Configuration for :command:`ferm` firewall. It should be added when
# :ref:`debops.ferm` role is used to configure Apt-Cacher NG firewall rules.
apt_cacher_ng__ferm__dependent_rules:
- type: 'accept'
dport: [ 'acng' ]
saddr: '{{ (apt_cacher_ng__allow | d([]) | list) +
(apt_cacher_ng__group_allow | d([]) | list) +
(apt_cacher_ng__host_allow | d([]) | list) }}'
accept_any: True
interface: '{{ apt_cacher_ng__interfaces }}'
weight: '40'
by_role: 'debops.apt_cacher_ng'
name: 'http_proxy'
rule_state: '{{ apt_cacher_ng__deploy_state }}'
# ]]]
# .. envvar:: apt_cacher_ng__apparmor__dependent_config [[[
#
# Configuration for the ``debops-contrib.apparmor`` role.
apt_cacher_ng__apparmor__dependent_config:
'usr.sbin.apt-cacher-ng':
## Seems this change is not possible thought the ``@{APT_CACHE_DIR}``
## variable without changing the profile file directly?
- comment: 'Allow Apt-Cacher-Ng access to the cache directory'
by_role: 'debops.apt_cacher_ng'
delete: '{{ apt_cacher_ng__deploy_state != "present" }}'
rules:
- '{{ apt_cacher_ng__cache_dir }}/ r'
- '{{ apt_cacher_ng__cache_dir }}/** rw'
# ]]]
# .. envvar:: apt_cacher_ng__upstream_servers [[[
#
# List of upstream :program:`nginx` proxy servers.
apt_cacher_ng__upstream_servers:
- 'localhost:{{ apt_cacher_ng__port }}'
# ]]]
# .. envvar:: apt_cacher_ng__nginx__upstream [[[
#
# The :program:`nginx` upstream configuration, managed by :ref:`debops.nginx` role.
apt_cacher_ng__nginx__upstream:
enabled: True
name: 'apt-cacher-ng'
server: '{{ apt_cacher_ng__upstream_servers }}'
# ]]]
# .. envvar:: apt_cacher_ng__nginx__servers [[[
#
# List of :program:`nginx` server configurations managed by the
# :ref:`debops.nginx` role.
# There is a separate configuration for HTTP and HTTPS
# connections to allow access for hosts without SSL support installed.
apt_cacher_ng__nginx__servers:
- by_role: 'debops.apt_cacher_ng'
name: [ '{{ apt_cacher_ng__fqdn }}' ]
filename: 'debops.apt_cacher_ng_http'
enabled: True
allow: '{{ apt_cacher_ng__allow + apt_cacher_ng__group_allow + apt_cacher_ng__host_allow }}'
ssl: False
webroot_create: False
type: 'proxy'
proxy_pass: 'http://apt-cacher-ng'
proxy_options: |
if ($request_uri !~ "^/.*(\.js|\.css|\.html|\.ico)(.*)?$") {
rewrite ^/(.*)$ /$host/$1 break;
}
proxy_redirect off;
proxy_buffering off;
options: |
location ~ /acng-report.html {
return 307 https://$host$request_uri;
}
- by_role: 'debops.apt_cacher_ng'
name: [ '{{ apt_cacher_ng__fqdn }}' ]
filename: 'debops.apt_cacher_ng_https'
enabled: True
allow: '{{ apt_cacher_ng__allow + apt_cacher_ng__group_allow + apt_cacher_ng__host_allow }}'
state: '{{ "present" if (ansible_local.pki | d()) else "absent" }}'
listen: False
webroot_create: False
type: 'proxy'
proxy_pass: 'http://apt-cacher-ng'
proxy_options: |
if ($request_uri !~ "^/.*(\.js|\.css|\.html|\.ico)(.*)?$") {
rewrite ^/(.*)$ /$host/$1 break;
}
proxy_redirect off;
proxy_buffering off;
# ]]]
# ]]]
# ]]]

33
ansible_collections/debops/debops/roles/apt_cacher_ng/meta/main.yml Normal file
View file

@ -0,0 +1,33 @@
---
# Copyright (C) 2016-2017,2021 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2016-2022 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# Ensure that custom Ansible plugins and modules included in the main DebOps
# collection are available to roles in other collections.
collections: [ 'debops.debops' ]
dependencies: []
galaxy_info:
author: 'Robin Schneider'
description: 'Install and manage the caching HTTP proxy Apt-Cacher NG'
company: 'DebOps'
license: 'GPL-3.0-only'
min_ansible_version: '2.0.0'
platforms:
- name: 'Ubuntu'
versions: [ 'all' ]
- name: 'Debian'
versions: [ 'all' ]
galaxy_tags:
- system
- proxy
- caching
- packages
- apt

106
ansible_collections/debops/debops/roles/apt_cacher_ng/tasks/main.yml Normal file
View file

@ -0,0 +1,106 @@
---
# Copyright (C) 2016-2017,2021 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2022 David Härdeman <david@hardeman.nu>
# Copyright (C) 2016-2022 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
- name: Import DebOps global handlers
ansible.builtin.import_role:
name: 'global_handlers'
- name: Import DebOps secret role
ansible.builtin.import_role:
name: 'secret'
- name: Disable autoconfiguration
ansible.builtin.debconf:
name: 'apt-cacher-ng'
question: 'apt-cacher-ng/gentargetmode'
vtype: 'select'
value: 'No automated setup'
when: apt_cacher_ng__deploy_state == 'present'
- name: Add/remove configuration file diversions
debops.debops.dpkg_divert:
path: '{{ item.path }}'
state: '{{ "present" if apt_cacher_ng__deploy_state == "present"
else "absent" }}'
delete: True
loop: '{{ apt_cacher_ng__configuration_files }}'
when: item.divert | d(True)
- name: Install/remove packages
ansible.builtin.package:
name: '{{ q("flattened", apt_cacher_ng__base_packages) }}'
state: '{{ "present" if apt_cacher_ng__deploy_state == "present"
else "absent" }}'
register: apt_cacher_ng__register_packages
until: apt_cacher_ng__register_packages is succeeded
- name: Generate configuration files
ansible.builtin.template:
src: '{{ item.src | d(item.path | regex_replace("^/", "")) }}.j2'
dest: '{{ item.path }}'
owner: '{{ item.owner | d("root") }}'
group: '{{ item.group | d("root") }}'
mode: '{{ item.mode | d("0640") }}'
loop: '{{ apt_cacher_ng__configuration_files }}'
notify: [ 'Restart apt-cacher-ng' ]
when: apt_cacher_ng__deploy_state == 'present'
- name: Create the cache directory
ansible.builtin.file:
state: 'directory'
path: '{{ apt_cacher_ng__cache_dir }}'
owner: '{{ apt_cacher_ng__cache_dir_owner }}'
group: '{{ apt_cacher_ng__cache_dir_group }}'
mode: '{{ apt_cacher_ng__dir_perms }}'
when: apt_cacher_ng__deploy_state == 'present'
- name: Lazy check cache directory permissions
ansible.builtin.file:
state: 'file'
path: '{{ apt_cacher_ng__cache_dir }}/_expending_damaged'
owner: '{{ apt_cacher_ng__cache_dir_owner }}'
group: '{{ apt_cacher_ng__cache_dir_group }}'
mode: '{{ apt_cacher_ng__file_perms }}'
failed_when: False
register: apt_cacher_ng__register_cache_perms
when: (apt_cacher_ng__deploy_state == 'present' and
apt_cacher_ng__cache_dir_enforce_permissions == 'lazy')
# Note: doing this using native Ansible tasks is too slow
- name: Change cache directory permissions # noqa no-free-form
ansible.builtin.shell: |
chown --recursive {{ apt_cacher_ng__cache_dir_owner }}:{{ apt_cacher_ng__cache_dir_group }} .
find . -type d -exec chmod {{ apt_cacher_ng__dir_perms }} {} \;
find . -type f -exec chmod {{ apt_cacher_ng__file_perms }} {} \;
args:
chdir: '{{ apt_cacher_ng__cache_dir }}'
register: apt_cacher_ng__register_chmod
changed_when: apt_cacher_ng__register_chmod.changed | bool
when: (apt_cacher_ng__deploy_state == 'present' and
(apt_cacher_ng__cache_dir_enforce_permissions == "strict" or
(apt_cacher_ng__cache_dir_enforce_permissions == "lazy" and
apt_cacher_ng__register_cache_perms is changed)))
- name: Enable/disable service
ansible.builtin.service:
name: 'apt-cacher-ng'
state: '{{ "started" if apt_cacher_ng__enabled | d(True) else "stopped" }}'
enabled: '{{ True if apt_cacher_ng__enabled | d(True) else False }}'
when: apt_cacher_ng__deploy_state == 'present'
- name: Remove configuration files
ansible.builtin.file:
path: '{{ item.path }}'
state: 'absent'
loop: '{{ apt_cacher_ng__configuration_files }}'
when: (apt_cacher_ng__deploy_state in ['absent', 'purge'] and
not item.divert | d(True))
- name: Remove the cache directory
ansible.builtin.file:
path: '{{ apt_cacher_ng__cache_dir }}'
state: 'absent'
when: apt_cacher_ng__deploy_state == 'purge'

590
ansible_collections/debops/debops/roles/apt_cacher_ng/templates/etc/apt-cacher-ng/acng.conf.j2 Normal file
View file

@ -0,0 +1,590 @@
{# Copyright (C) 2016-2017,2021 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2016-2017,2021 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
#
# IMPORTANT NOTE:
#
# THIS FILE IS MAYBE JUST ONE OF MANY CONFIGURATION FILES IN THIS DIRECTORY.
# SETTINGS MADE IN OTHER FILES CAN OVERRIDE VALUES THAT YOU CHANGE HERE. GO
# LOOK FOR OTHER CONFIGURATION FILES! CHECK THE MANUAL AND INSTALLATION NOTES
# (like README.Debian) FOR MORE DETAILS!
#
# This is a configuration file for apt-cacher-ng, a smart caching proxy for
# software package downloads. It's supposed to be in a directory specified by
# the -c option of apt-cacher-ng, see apt-cacher-ng(8) for details.
# RULES:
# - letter case in variable names does not matter
# - names and values are separated by colon or equals sign
# - for boolean variables, zero means false, non-zero means true
# - "default value" means built-in (!) defaults, i.e. something which the
# program uses if the option is not set here or in other config files.
# That value might be explicitly mentioned in the description. Where it is
# not, there is no reason to assume any of the examples to be the default
# value! In doubt, use acngtool to query the value of the particular variable.
# Storage directory for downloaded data and related maintenance activity.
#
# Note: When the value for CacheDir is changed, change the file
# /lib/systemd/system/apt-cacher-ng.service too
#
CacheDir: {{ apt_cacher_ng__cache_dir }}
# Log file directory, can be set empty to disable logging
#
LogDir: {{ apt_cacher_ng__log_dir }}
# A place to look for additional configuration and resource files if they are not
# found in the configuration directory
#
SupportDir: {{ apt_cacher_ng__support_dir }}
# TCP server port for incoming http (or HTTP proxy) connections.
# Can be set to 9999 to emulate apt-proxy. Value of 0 turns off TCP server
# (SocketPath must be set in this case).
#
Port:{{ apt_cacher_ng__port }}
# Addresses or hostnames to listen on. Multiple addresses must be separated by
# spaces. Each entry must be an exact local address which is associated with a
# local interface. DNS resolution is performed using getaddrinfo(3) for all
# available protocols (IPv4, IPv6, ...). Using a protocol specific format will
# create binding(s) only on protocol specific socket(s), e.g. 0.0.0.0 will
# listen only to IPv4. The endpoint can also be specified as host:port (or
# [ipv6-address]:port) which allows binding on non-standard ports (Port
# directive is ignored in this case).
#
# Default: listens on all interfaces and protocols
#
# BindAddress: localhost 192.168.7.254 publicNameOnMainInterface
{{ ("BindAddress: " + apt_cacher_ng__bind_address | join(" ")) if apt_cacher_ng__bind_address else "" }}
# The specification of another HTTP proxy which shall be used for downloads.
# It can include user name and password but see the manual for limitations.
#
# Default: uses direct connection
#
# Proxy: http://www-proxy.example.net:3128
# Proxy: https://username:proxypassword@proxy.example.net:3129
{{ ("Proxy: " + apt_cacher_ng__proxy) if apt_cacher_ng__proxy else "" }}
# Repository remapping. See manual for details.
# In this example, some backends files might be generated during package
# installation using information collected on the system.
# Examples:
Remap-debrep: file:deb_mirror*.gz /debian ; file:backends_debian # Debian Archives
Remap-uburep: file:ubuntu_mirrors /ubuntu ; file:backends_ubuntu # Ubuntu Archives
Remap-klxrep: file:kali_mirrors /kali ; file:backends_kali # Kali Linux Archives
Remap-cygwin: file:cygwin_mirrors /cygwin # ; file:backends_cygwin # incomplete, please create this file or specify preferred mirrors here
Remap-sfnet: file:sfnet_mirrors # ; file:backends_sfnet # incomplete, please create this file or specify preferred mirrors here
Remap-alxrep: file:archlx_mirrors /archlinux # ; file:backend_archlx # Arch Linux
Remap-fedora: file:fedora_mirrors # Fedora Linux
Remap-epel: file:epel_mirrors # Fedora EPEL
Remap-slrep: file:sl_mirrors # Scientific Linux
Remap-gentoo: file:gentoo_mirrors.gz /gentoo ; file:backends_gentoo # Gentoo Archives
Remap-secdeb: security.debian.org security.debian.org/debian-security deb.debian.org/debian-security /debian-security ; deb.debian.org/debian-security security.debian.org
# Virtual page accessible in a web browser to see statistics and status
# information, i.e. under http://localhost:3142/acng-report.html
# NOTE: This option must be configured to run maintenance jobs (even when used
# via acngtool in cron scripts). The AdminAuth option can be used to restrict
# access to sensitive areas on that page.
#
# Default: not set, should be set by the system administrator
#
ReportPage: acng-report.html
# Socket file for accessing through local UNIX socket instead of TCP/IP. Can be
# used with inetd (via bridge tool in.acng from apt-cacher-ng package), is also
# used internally for administrative purposes.
#
# Default: /run/apt-cacher-ng/socket
#
# SocketPath: /var/run/apt-cacher-ng/socket
# If set to 1, makes log files be written to disk on every new line. Default
# is 0, buffers are flushed after the client disconnects. Technically,
# it's a convenience alias for the Debug option, see below for details.
#
# UnbufferLogs: 0
# Enables extended client information in log entries. When set to 0, only
# activity type, time and transfer sizes are logged.
#
# VerboseLog: 1
VerboseLog: {{ "1" if apt_cacher_ng__verbose_log | bool else "0" }}
# Don't detach from the starting console.
#
# ForeGround: 0
# Store the pid of the daemon process in the specified text file.
# Default: disabled
#
# PidFile: /var/run/apt-cacher-ng/pid
# Forbid outgoing connections and work without an internet connection or
# respond with 503 error where it's not possible.
#
# Offlinemode: 0
Offlinemode: {{ "1" if apt_cacher_ng__offline_mode | bool else "0" }}
# Forbid downloads from locations that are directly specified in the user
# request, i.e. all downloads must be processed by the preconfigured remapping
# backends (see above).
#
# ForceManaged: 0
ForceManaged: {{ "1" if apt_cacher_ng__force_managed | bool else "0" }}
# Days before considering an unreferenced file expired (to be deleted).
# WARNING: if the value is set too low and particular index files are not
# available for some days (mirror downtime) then there is a risk of removal of
# still useful package files.
#
# ExThreshold: 4
{{ ("ExTreshold: " + apt_cacher_ng__expiration_threshold | string) if (apt_cacher_ng__expiration_threshold != "default") else "" }}
# If the expiration is run daily, it sometimes does not make much sense to do
# it because the expected changes (i.e. removal of expired files) don't justify
# the extra processing time or additional downloads for expiration operation
# itself. This discrepancy might be especially worse if the local client
# installations are small or are rarely updated but the daily changes of
# the remote archive metadata are heavy.
#
# The following option enables a possible trade-off: the expiration run is
# suppressed until a certain amount of data has been downloaded through
# apt-cacher-ng since the last expiration execution (which might indicate that
# packages were replaced with newer versions).
#
# The number can have a suffix (k,K,m,M for Kb,KiB,Mb,MiB)
#
# ExStartTradeOff: 500m
# Stop expiration when a critical problem appears, issue like a failed update
# of an index file in the preparation step.
#
# WARNING: don't set this option to zero or empty without considering possible
# consequences like a sudden and complete cache data loss.
#
# ExAbortOnProblems: 1
{{ ("ExAbortOnProblems: " + apt_cacher_ng__expiration_abort_on_problems | string) if (apt_cacher_ng__expiration_abort_on_problems != "default") else "" }}
# Number of failed nightly expiration runs which are considered acceptable and
# do not trigger an error notification to the admin (e.g. via daily cron job)
# before the (day) count is reached. Might be useful with whacky internet
# connections.
#
# Default: a guessed value, 1 if ExThreshold is 5 or more, 0 otherwise.
#
# ExSuppressAdminNotification: 1
# Modify file names to work around limitations of some file systems.
# WARNING: experimental feature, subject to change
#
# StupidFs: 0
# Experimental feature for apt-listbugs: pass-through SOAP requests and
# responses to/from bugs.debian.org.
# Default: guessed value, true unless ForceManaged is enabled
#
# ForwardBtsSoap: 1
# There is a small in-memory cache for DNS resolution data, expired by
# this timeout (in seconds). Internal caching is disabled if set to a value
# less than zero.
#
# DnsCacheSeconds: 1800
{{ ("DnsCacheSeconds: " + apt_cacher_ng__dns_cache_seconds | string) if (apt_cacher_ng__dns_cache_seconds != "default") else "" }}
###############################################################################
#
# WARNING: don't modify thread and file matching parameters without a clear
# idea of what is happening behind the scene!
#
# Max. count of connection threads kept ready (for faster response in the
# future). Should be a sane value between 0 and average number of connections,
# and depend on the amount of spare RAM.
# MaxStandbyConThreads: 8
#
# Hard limit of active thread count for incoming connections, i.e. operation
# is refused when this value is reached (below zero = unlimited).
# MaxConThreads: -1
#
# Timeout for a forced disconnect in cases where a client connection is about
# to be closed but remote refuses to confirm the disconnect request. Setting
# this to a lower value mitigates the effects of resource starvation in case of
# a DOS attack but increases the risk of failing to flush the remaining portion
# of data.
# DisconnectTimeout: 15
# By default, if a remote suddenly reconnects, ACNG tries at least two times to
# redownload from the same or different location (if known).
# DlMaxRetries: 2
# Pigeonholing files (like static vs. volatile contents) is done by (extended)
# regular expressions.
#
# The following patterns are available for the purposes detailed, where
# the latter takes precedence over the former:
# - «PFilePattern» for static data that doesn't change silently on the server.
# - «VFilePattern» for volatile data that may change like every hour. Files
# that match both PFilePattern and VfilePattern will be treated as volatile.
# - Static data with file names that match VFilePattern may be overridden being
# treated as volatile by making it match the special static data pattern,
# «SPfilePattern».
# - «SVfilePattern» or the "special volatile data" pattern is for the
# convenience of specifying any exceptions to matches with SPfilePattern,
# for cases where data must still be treated as volatile.
# - «WfilePattern» specifies a "whitelist pattern" for the regular expiration
# job, telling it to keep the files even if they are not referenced by
# others, like crypto signatures with which clients begin their downloads.
#
# There are two versions. The pattern variables mentioned above should not be
# set without good reason, because they would override the built-in defaults
# (that might impact updates to future versions of apt-cacher-ng). There are
# also versions of those patterns ending with Ex, which may be modified by the
# local administrator. They are evaluated in addition to the regular patterns
# at runtime.
#
# To see examples of the expected syntax, run: apt-cacher-ng -p debug=1
#
# PfilePatternEx:
# VfilePatternEx:
# SPfilePatternEx:
# SVfilePatternEx:
# WfilePatternEx:
#
###############################################################################
# A bitmask type value declaring the logging verbosity and behavior of the error
# log writing. Non-zero value triggers at least faster log file flushing.
#
# Some higher bits only working with a special debug build of apt-cacher-ng,
# see the manual for details.
#
# WARNING: this can write significant amount of data into apt-cacher.err logfile.
#
# Default: 0
#
# Debug:3
{{ ("Debug: " + apt_cacher_ng__debug | string) if (apt_cacher_ng__debug != "") else "" }}
# Usually, general purpose proxies like Squid expose the IP address of the
# client user to the remote server using the X-Forwarded-For HTTP header. This
# behaviour can be optionally turned on with the Expose-Origin option.
#
# ExposeOrigin: 0
# When logging the originating IP address, trust the information supplied by
# the client in the X-Forwarded-For header.
#
# LogSubmittedOrigin: 0
LogSubmittedOrigin: {{ "1" if apt_cacher_ng__log_submitted_origin | bool else "0" }}
# The version string reported to the peer, to be displayed as HTTP client (and
# version) in the logs of the mirror.
#
# WARNING: Expect side effects! Some archives use this header to guess
# capabilities of the client (i.e. allow redirection and/or https links) and
# change their behaviour accordingly but ACNG might not support the expected
# features.
#
# Default:
#
# UserAgent: Yet Another HTTP Client/1.2.3p4
{{ ("UserAgent: " + apt_cacher_ng__user_agent) if (apt_cacher_ng__user_agent != "default") else "" }}
# In some cases the Import and Expiration tasks might create fresh volatile
# data for internal use by reconstructing them using patch files. This
# by-product might be recompressed with bzip2 and with some luck the resulting
# file becomes identical to the *.bz2 file on the server which can be used by
# APT when requesting a complete version of this file.
# The downside of this feature is higher CPU load on the server during
# the maintenance tasks, and the outcome might have not much value in a LAN
# where all clients update their data often and regularly and therefore usually
# don't need the full version of the index file.
#
# RecompBz2: 0
RecompBz2: {{ "1" if apt_cacher_ng__recompress_bz2 else "0" }}
# Network timeout for outgoing connections, in seconds.
#
# NetworkTimeout: 40
{{ ("NetworkTimeout: " + apt_cacher_ng__network_timeout | string) if (apt_cacher_ng__network_timeout != "") else "" }}
# Fast fallback timeout, in seconds. This is the time to wait before
# alternative target addresses for a client connection are tried, which can be
# useful for quick fallback to IPv4 in case of whacky IPv6 configuration.
#
# FastTimeout = 4
# Sometimes it makes sense to not store the data in cache and just return the
# package data to client while it comes in. The following DontCache* parameters
# can enable this behaviour for certain URL types. The tokens are extended
# regular expressions which the URLs are evaluated against.
#
# DontCacheRequested is applied to the URL as it comes in from the client.
# Example: exclude packages built with kernel-package for x86
# DontCacheRequested: linux-.*_10\...\.Custo._i386
# Example usecase: exclude popular private IP ranges from caching
# DontCacheRequested: 192.168.0 ^10\..* 172.30
#
# DontCacheResolved is applied to URLs after mapping to the target server. If
# multiple backend servers are specified then it's only matched against the
# download link for the FIRST possible source (due to implementation limits).
#
# Example usecase: all Ubuntu stuff comes from a local mirror (specified as
# backend), don't cache it again:
# DontCacheResolved: ubuntumirror.local.net
#
# DontCache directive sets (overrides) both, DontCacheResolved and
# DontCacheRequested. Provided for convenience, see those directives for
# details.
#
# Example:
# DontCache: .*.local.university.int
# Default permission set of freshly created files and directories, as octal
# numbers (see chmod(1) for details).
# Can by limited by the umask value (see umask(2) for details) if it's set in
# the environment of the starting shell, e.g. in apt-cacher-ng init script or
# in its configuration file.
#
# DirPerms: 00755
{{ ("DirPerms: " + apt_cacher_ng__dir_perms) if (apt_cacher_ng__dir_perms != "") else "" }}
# FilePerms: 00664
{{ ("FilePerms: " + apt_cacher_ng__file_perms) if (apt_cacher_ng__file_perms != "") else "" }}
# It's possible to use use apt-cacher-ng as a regular web server with a limited
# feature set, i.e. directory browsing, downloads of any files, Content-Type
# based on /etc/mime.types, but without sorting, CGI execution, index page
# redirection and other funny things.
# To get this behavior, mappings between virtual directories and real
# directories on the server must be defined with the LocalDirs directive.
# Virtual and real directories are separated by spaces, multiple pairs are
# separated by semi-colons. Real directories must be absolute paths.
# NOTE: Since the names of that key directories share the same namespace as
# repository names (see Remap-...) it is administrator's job to avoid conflicts
# between them or explicitly create them.
#
# LocalDirs: woo /data/debarchive/woody ; hamm /data/debarchive/hamm
LocalDirs: acng-doc /usr/share/doc/apt-cacher-ng
# Precache a set of files referenced by specified index files. This can be used
# to create a partial mirror usable for offline work. There are certain limits
# and restrictions on the path specification, see manual and the cache control
# web site for details. A list of (maybe) relevant index files could be
# retrieved via "apt-get --print-uris update" on a client machine.
#
# Example:
# PrecacheFor: debrep/dists/unstable/*/source/Sources* debrep/dists/unstable/*/binary-amd64/Packages*
# Arbitrary set of data to append to request headers sent over the wire. Should
# be a well formatted HTTP headers part including newlines (DOS style) which
# can be entered as escape sequences (\r\n).
#
# RequestAppendix: X-Tracking-Choice: do-not-track\r\n
# Specifies the IP protocol families to use for remote connections. Order does
# matter, first specified are considered first. Possible combinations:
# v6 v4
# v4 v6
# v6
# v4
# Default: use native order of the system's TCP/IP stack, influenced by the
# BindAddress value.
#
# ConnectProto: v6 v4
{% if apt_cacher_ng__connect_protocol | length >= 1 %}
ConnectProto: {{ apt_cacher_ng__connect_protocol | join(" ") }}
{% endif %}
# Regular expiration algorithm finds package files which are no longer listed
# in any index file and removes them of them after a safety period.
# This option allows to keep more versions of a package in the cache after
# the safety period is over.
#
# KeepExtraVersions: 0
# Optionally uses TCP access control provided by libwrap, see hosts_access(5)
# for details. Daemon name is apt-cacher-ng.
#
# Default: guessed on startup by looking for explicit mention of apt-cacher-ng
# in /etc/hosts.allow or /etc/hosts.deny files.
#
# UseWrap: 0
# If many machines from the same local network attempt to update index files
# (apt-get update) at nearly the same time, the known state of these index file
# is temporarily frozen and multiple requests receive the cached response
# without contacting the remote server again. This parameter (in seconds)
# specifies the length of this period before these (volatile) files are
# considered outdated.
# Setting this value too low transfers more data and increases remote server
# load, setting this too high (more than a couple of minutes) increases the
# risk of delivering inconsistent responses to the clients.
#
# FreshIndexMaxAge: 27
# Usually the users are not allowed to specify custom TCP ports of remote
# mirrors in the requests, only the default HTTP port can be used (as
# workaround, proxy administrator can create Remap- rules with custom ports).
# This restriction can be disabled by specifying a list of allowed ports or 0
# for any port.
#
# AllowUserPorts: 80
# Normally the HTTP redirection responses are forwarded to the original caller
# (i.e. APT) which starts a new download attempt from the new URL. This
# solution is ok for client configurations with proxy mode but doesn't work
# well with configurations using URL prefixes in sources.list. To work around
# this the server can restart its own download with a redirection URL,
# configured with the following option. The downside is that this might be used
# to circumvent download source policies by malicious users.
# The RedirMax option specifies how many such redirects the server is allowed
# to follow per request, 0 disables the internal redirection.
# Default: guessed on startup, 0 if ForceManaged is used and 5 otherwise.
#
# RedirMax: 5
# There some broken HTTP servers and proxy servers in the wild which don't
# support the If-Range header correctly and return incorrect data when the
# contents of a (volatile) file changed. Setting VfileUseRangeOps to zero
# disables Range-based requests while retrieving volatile files, using
# If-Modified-Since and requesting the complete file instead. Setting it to
# a negative value removes even If-Modified-Since headers.
#
# VfileUseRangeOps: 1
# Allow data pass-through mode for certain hosts when requested by the client
# using a CONNECT request. This is particularly useful to allow access to SSL
# sites (https proxying). The string is a regular expression which should cover
# the server name with port and must be correctly formatted and terminated.
# Examples:
# PassThroughPattern: private-ppa\.launchpad\.net:443$
# PassThroughPattern: .* # this would allow CONNECT to everything
#
# Default: ^(bugs\.debian\.org|changelogs\.ubuntu\.com):443$
# PassThroughPattern: ^(bugs\.debian\.org|changelogs\.ubuntu\.com):443$
# It's possible that an evil client requests a volatile file but does not
# retrieve the response and keeps the connection effectively stuck over
# many hours, blocking the particular file for other download attempts (which
# leads to not reporting file changes on server side to other users). In such
# case the file descriptor can be moved aside although this might reduce cache
# efficiency.
#
# Default time is based on the value of FreshIndexMaxAge with a safety factor.
#
# ResponseFreezeDetectTime: 60
# Keep outgoing connections alive and reuse them for later downloads from
# the same server as long as possible.
#
# ReuseConnections: 1
# Maximum number of requests sent in a batch to remote servers before the first
# response is expected. Using higher values can greatly improve average
# throughput depending on network latency and the implementation of remote
# servers. Makes most sense when also enabled on the client side, see apt.conf
# documentation for details.
#
# Default: 10 if ReuseConnections is set, 1 otherwise
#
# PipelineDepth: 10
# Path to the system directory containing trusted CA certificates used for
# outgoing connections, see OpenSSL documentation for details.
#
# CApath: /etc/ssl/certs
#
# Path to a single trusted trusted CA certificate used for outgoing
# connections, see OpenSSL documentation for details.
#
# CAfile:
# There are different ways to detect that an upstream proxy is broken and turn
# off its use and connect directly. The first is through a custom command -
# when it returns successfully, the proxy is used, otherwise not and the
# command will be rerun only after a specified period.
# Another way is to try to connect to the proxy first and detect a connection
# timeout. The connection will then be made without HTTP proxy for the life
# time of the particular download stream and it may also affect other other
# parallel downloads.
# NOTE: this operation modes are still experimental and are subject to change!
# Unwanted side effects may occur with multiple simultaneous user connections
# or with specific per-repository proxy settings.
#
# Shell command, default: not set. Executed with the default shell and
# permissions of the apt-cacher-ng's process user. Examples:
# /bin/ip route | grep -q 192.168.117
# /usr/sbin/arp | grep -q 00:22:1f:51:8e:c1
#
# OptProxyCheckCommand: ...
#
# Check interval, in seconds.
#
# OptProxyCheckInterval: 99
#
# Connection timeout in seconds, default: negative, means disabled.
#
# OptProxyTimeout: -1
# It's possible to limit the processing speed of download agents to set an
# overall download speed limit. Unit: KiB/s, Default: unlimited.
#
# MaxDlSpeed: 500
{{ ("MaxDlSpeed: " + apt_cacher_ng__max_download_speed_kib | string) if (apt_cacher_ng__max_download_speed_kib != "") else "" }}
# In special corner cases, download clients attempt to download random chunks
# of a files headers, i.e. the first kilobytes. The "don't get client stuck"
# policy converts this usually to a 200 response starting the body from the
# beginning but that confuses some clients. When this option is set to a
# certain value, this modifies the behaviour and allows to start a file
# download where the distance between available data and the specified range
# lies within that bounds. This can look like random lag for the user but
# should be harmless apart from that.
#
# MaxInresponsiveDlSize: 64000
# In mobile environments having an adhoc connection with a redirection to some
# id verification side, this redirect might damage the cache since the data is
# involuntarily stored as package data. There is a mechanism which attempts to
# detect a such situation and mitigate the mentioned effects by not storing the
# data and also dropping the DNS cache. The trigger is the occurrence of a
# specific SUBSTRING in the content type field of the final download target
# (i.e. the auth web site) and at least one followed redirection.
#
# BadRedirDetectMime: text/html
# When a BUS signal is received (typically on IO errors), a shell command can be
# executed before the daemon is terminated.
# Example:
# BusAction: ls -l /proc/$PPID/ | mail -s SIGBUS! root
# Only set this value for debugging purposes. It disables SSL security checks
# like strict host verification. 0 means no, any other value can have
# different meaning in the future.
#
# NoSSLChecks: 0
# Setting this value means: on file downloads from/via cache, tag relevant
# files. And when acngtool runs the shrink command, it will look at the day
# when the file was retrieved from cache last time (and not when it was
# originally downloaded).
#
# TrackFileUse: 0
# Controls preallocation of file system space where this feature is supported.
# This might reduce disk fragmentation and therefore improve later read
# performance. However, write performance can be reduced which could be
# exploited by malicious users.
# The value defines a size limit of how much to report to the OS as expected
# file size (starting from the beginning of the file).
# Set to zero to disable this feature completely. Default: one megabyte
#
# ReserveSpace: 1048576
{{ apt_cacher_ng__custom }}

7
ansible_collections/debops/debops/roles/apt_cacher_ng/templates/etc/apt-cacher-ng/backends_debian.j2 Normal file
View file

@ -0,0 +1,7 @@
{# Copyright (C) 2016-2017 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2016-2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
{{ apt_cacher_ng__upstream_mirror_debian }}

7
ansible_collections/debops/debops/roles/apt_cacher_ng/templates/etc/apt-cacher-ng/backends_gentoo.j2 Normal file
View file

@ -0,0 +1,7 @@
{# Copyright (C) 2016-2017 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2016-2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
{{ apt_cacher_ng__upstream_mirror_gentoo }}

7
ansible_collections/debops/debops/roles/apt_cacher_ng/templates/etc/apt-cacher-ng/backends_ubuntu.j2 Normal file
View file

@ -0,0 +1,7 @@
{# Copyright (C) 2016-2017 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2016-2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
{{ apt_cacher_ng__upstream_mirror_ubuntu }}

16
ansible_collections/debops/debops/roles/apt_cacher_ng/templates/etc/apt-cacher-ng/security.conf.j2 Normal file
View file

@ -0,0 +1,16 @@
{# Copyright (C) 2016-2017 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2016-2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
# {{ ansible_managed }}
# This file contains confidential data and should be protected with file
# permissions from being read by untrusted users.
#
# NOTE: permissions are fixated with dpkg-statoverride on Debian systems.
# Read its manual page for details.
# Basic authentication with username and password, required to
# visit pages with administrative functionality. Format: username:password
AdminAuth: {{ apt_cacher_ng__user | default('admin') }}:{{ apt_cacher_ng__password | default('password') }}

71
ansible_collections/debops/debops/roles/apt_cacher_ng/templates/etc/apt-cacher-ng/userinfo.html.j2 Normal file
View file

@ -0,0 +1,71 @@
{# Copyright (C) 2016-2017 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2016-2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
#}
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=8" />
<meta name="MSSmartTagsPreventParsing" content="true" />
<title>Not Found or APT Reconfiguration required</title>
<link rel="stylesheet" type="text/css" href="/style.css" />
</head>
<body>
<table border=0 cellspacing=0 cellpadding=0 width=580 class="center">
<tr>
<td class="title" style="width:580px;">The requested page is not accessible.</td>
</tr>
<tr>
<td>
<div class="visarea" style="width:580px;text-align:left;"><br>
You attempted to browse the contents of a virtual HTTP repository.
However, the intended way of use is the configuration of APT and
related package management systems to retrieve the software packages
through this service.
<p>To configure APT for use of Apt-Cacher&nbsp;NG you need to...
<br>
<ul>
<li>
<b>EITHER:</b> Configure APT to use a HTTP proxy by specifying
it in apt.conf or related configuration files, see
apt.conf manual page for details. Server and Port need to match
the values used to visit this page. For example,
edit&nbsp;<i>/etc/apt/apt.conf</i> (or create a new file called like <i>/etc/apt/apt.conf.d/00aptproxy</i>) and add the line:
<p />
<div class="rawstyle">Acquire::http::Proxy "http://{{ apt_cacher_ng__fqdn }}";</div>
<p />
</li>
<li>
<b>OR:</b>
Edit the <i>/etc/apt/sources.list</i> file and edit the source lines
therein, replacing the mirror hostname with the hostname of this
server machine. For example:
<p /><div class="rawstyle" style="color:gray;">
deb http://ftp.debian.org/debian stable main contrib non-free<br>
deb-src http://ftp.debian.org/debian stable main contrib non-free<br>
deb https://get.docker.com/ubuntu docker main<br></div><p/>
becomes:<p/>
<div class="rawstyle">deb http://<span style="color:red">{{ apt_cacher_ng__fqdn }}/</span>ftp.debian.org/debian stable main contrib non-free<br/>
deb-src http://<span style="color:red">{{ apt_cacher_ng__fqdn }}/</span>ftp.debian.org/debian stable main contrib non-free<br/>
deb <span style="color:red">http://{{ apt_cacher_ng__fqdn }}//HTTPS///</span>get.docker.com/ubuntu docker main</div><p/>
Depending on the configuration, it might be possible to use a shortcut
for the base URLs without knowing the mirror, for example:<p/>
<div class="rawstyle">deb http://{{ apt_cacher_ng__fqdn }}/debian stable main contrib non-free</div><p/>
Ask your system administrator for details.
</li>
</ul>
<h3>Related links</h3>
<ul>
<li><a href="${cfg:ReportPage}">Statistics report and configuration page</a> for this Apt-Cacher NG installation</li>
<li><a href="https://www.unix-ag.uni-kl.de/~bloch/acng/">Project Homepage</a>
</ul>
${footer}
</div>
</td>
</tr>
</table>
</body>
</html>

16
ansible_collections/debops/debops/roles/apt_cacher_ng/vars/main.yml Normal file
View file

@ -0,0 +1,16 @@
---
# Copyright (C) 2016-2017 Robin Schneider <ypid@riseup.net>
# Copyright (C) 2016-2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only
# .. envvar:: apt_cacher_ng__apparmor__tunables_dependent
#
# Configuration for the ``debops-contrib.apparmor`` role.
#
# Example::
#
# apt_cacher_ng__apparmor__tunables_dependent: '@{APT_CACHE_DIR}+={{ apt_cacher_ng__cache_dir }}'
#
# Does not work. Error is: Variable was previously declared. Not sure if this is supposed to work?
# ``apt_cacher_ng__apparmor__dependent_config`` works without issues.
apt_cacher_ng__apparmor__tunables_dependent: ''