debops.reprepro default variables
Sections
APT packages
- reprepro__base_packages
The list of default APT packages to install for repository management.
reprepro__base_packages: [ 'reprepro', 'dpkg-dev' ]
- reprepro__packages
List of additional APT packages to install with reprepro.
reprepro__packages: []
UNIX environment
- reprepro__user
UNIX system account which manages local APT repositories.
reprepro__user: 'reprepro'
- reprepro__group
UNIX system group which manages local APT repositories.
reprepro__group: 'reprepro'
- reprepro__additional_groups
List of additional UNIX groups which the reprepro account should be a member of.
reprepro__additional_groups:
# Allow direct SSH logins for administrators
- '{{ ansible_local.system_groups.local_prefix + "sshusers" }}'
- reprepro__home
Path where reprepro home directory is stored.
reprepro__home: '{{ (ansible_local.fhs.home | d("/var/local"))
+ "/" + reprepro__user }}'
- reprepro__comment
The GECOS field of the reprepro UNIX account.
reprepro__comment: 'Local APT repositories'
- reprepro__data_root
Path where reprepro data files are stored, separated by instances.
reprepro__data_root: '{{ reprepro__home + "/repositories" }}'
- reprepro__public_root
Path where public contents of the APT repositories are stored, separated by instances.
reprepro__public_root: '{{ (ansible_local.fhs.www | d("/srv/www"))
+ "/reprepro" }}'
- reprepro__spool_root
Path where uploads are stored for the incoming queue, separated by instances.
reprepro__spool_root: '{{ (ansible_local.fhs.spool | d("/var/spool"))
+ "/reprepro" }}'
- reprepro__admin_sshkeys
List of public SSH keys which allow access to the reprepro UNIX account via SSH. By default this role will add the SSH keys of the person currently executing the role to the account's SSH keyring.
reprepro__admin_sshkeys:
- '{{ lookup("pipe", "ssh-add -L | grep ^\\\(sk-\\\)\\\?ssh || cat ~/.ssh/*.pub || cat ~/.ssh/authorized_keys || true") }}' # noqa jinja[spacing]
Global reprepro configuration
- reprepro__fqdn
The default Fully Qualified Domain Name used in various parts of the configuration.
reprepro__fqdn: '{{ ansible_fqdn }}'
- reprepro__domain
The default DNS domain used in various parts of the configuration.
reprepro__domain: '{{ ansible_domain }}'
- reprepro__origin
The value of the "Origin:" field defined for all APT repositories managed by
reprepro. This variable needs to be referenced in the
conf/distributions
configuration to be effective.
reprepro__origin: '{{ ansible_local.machine.organization
| d(reprepro__domain.split(".")[0] | capitalize) }}'
- reprepro__mail_from
The default e-mail sender address for e-mails sent on each repository change.
reprepro__mail_from: '{{ reprepro__user + "@" + reprepro__fqdn }}'
- reprepro__mail_to
The default e-mail recipient for e-mails sent on each repository change.
reprepro__mail_to: '{{ "root@" + reprepro__domain }}'
- reprepro__max_body_size
Maximum size of a single upload to the incoming queue.
reprepro__max_body_size: '50M'
- reprepro__auth_realm
The default realm string used when access controls are enabled in a given APT repository.
reprepro__auth_realm: 'Access to this APT repository is restricted'
GnuPG environment
- reprepro__gpg_snapshot_name
Name of the snapshot file which contains reprepro GnuPG snapshot. It will be backed up on Ansible Controller.
reprepro__gpg_snapshot_name: 'gnupg.tar'
- reprepro__gpg_snapshot_path
Directory on Ansible Controller where reprepro GnuPG snapshot will be archived.
reprepro__gpg_snapshot_path: '{{ secret + "/reprepro/snapshots/" + inventory_hostname }}'
- reprepro__gpg_key_type
Settings for GPG key used to sign reprepro repositories.
reprepro__gpg_key_type: 'RSA'
- reprepro__gpg_key_length
Length of the GPG key used by reprepro.
reprepro__gpg_key_length: '4096'
- reprepro__gpg_name
String used as the name of the GPG key used to sign reprepro APT repositories.
reprepro__gpg_name: '{{ reprepro__origin + " Automatic Signing Key" }}'
- reprepro__gpg_email
E-mail address of the GPG key used to sign reprepro APT repositories.
reprepro__gpg_email: '{{ "apt-packages@" + reprepro__domain }}'
- reprepro__gpg_expire_days
Duration in days after which the GPG keys for the APT repositories will expire (default: 10 years).
reprepro__gpg_expire_days: '{{ (365 * 10) }}'
- reprepro__gpg_public_filename
Filename of the GPG public key published in the root of the APT repositories managed by debops.reprepro role.
reprepro__gpg_public_filename: '{{ reprepro__domain + ".asc" }}'
- reprepro__gpg_uploaders_keys
List of GPG fingerprints of people or services that are allowed to upload packages to APT repositories managed by reprepro. They will be added to the UNIX account by the debops.keyring role. See its documentation for more details.
reprepro__gpg_uploaders_keys: []
Local APT repository instances
The variables below define list of APT repository instances managed by debops.reprepro role. See reprepro__instances documentation for more details.
- reprepro__default_instances
List of default APT repository instances managed by debops.reprepro.
reprepro__default_instances:
- name: 'main'
fqdn: '{{ reprepro__fqdn }}'
incoming:
- name: 'incoming'
Allow:
- 'trixie'
- 'testing>trixie'
- 'bookworm'
- 'stable>bookworm'
- 'bullseye'
- 'oldstable>bullseye'
- 'buster'
- 'oldoldstable>buster'
Options:
- 'multiple_distributions'
Cleanup:
- 'on_deny'
- 'on_error'
distributions:
- name: 'trixie'
Description: 'Packages for Debian GNU/Linux 13 (Trixie)'
Origin: '{{ reprepro__origin }}'
Codename: 'trixie'
Suite: 'testing'
Architectures: [ 'source', 'amd64', 'arm64', 'armel', 'armhf', 'i386',
'mips64el', 'mipsel', 'ppc64el', 's390x' ]
Components: [ 'main', 'contrib', 'non-free', 'non-free-firmware' ]
Uploaders: 'uploaders/anybody'
SignWith: 'default'
DebIndices: [ 'Packages', 'Release', '.', '.gz', '.xz' ]
DscIndices: [ 'Sources', 'Release', '.gz', '.xz' ]
Log: |
packages.bookworm.log
--type=dsc email-changes.sh
state: 'present'
- name: 'bookworm'
Description: 'Packages for Debian GNU/Linux 12 (Bookworm)'
Origin: '{{ reprepro__origin }}'
Codename: 'bookworm'
Suite: 'stable'
Architectures: [ 'source', 'amd64', 'arm64', 'armel', 'armhf', 'i386',
'mips64el', 'mipsel', 'ppc64el', 's390x' ]
Components: [ 'main', 'contrib', 'non-free', 'non-free-firmware' ]
Uploaders: 'uploaders/anybody'
SignWith: 'default'
DebIndices: [ 'Packages', 'Release', '.', '.gz', '.xz' ]
DscIndices: [ 'Sources', 'Release', '.gz', '.xz' ]
Log: |
packages.bookworm.log
--type=dsc email-changes.sh
state: 'present'
- name: 'bullseye'
Description: 'Packages for Debian GNU/Linux 11 (Bullseye)'
Origin: '{{ reprepro__origin }}'
Codename: 'bullseye'
Suite: 'oldstable'
Architectures: [ 'source', 'amd64', 'arm64', 'armel', 'armhf', 'i386',
'mips64el', 'mipsel', 'ppc64el', 's390x' ]
Components: [ 'main', 'contrib', 'non-free' ]
Uploaders: 'uploaders/anybody'
SignWith: 'default'
DebIndices: [ 'Packages', 'Release', '.', '.gz', '.xz' ]
DscIndices: [ 'Sources', 'Release', '.gz', '.xz' ]
Log: |
packages.bullseye.log
--type=dsc email-changes.sh
state: 'present'
- name: 'buster'
Description: 'Packages for Debian GNU/Linux 10 (Buster)'
Origin: '{{ reprepro__origin }}'
Codename: 'buster'
Suite: 'oldoldstable'
Architectures: [ 'source', 'amd64', 'arm64', 'armel', 'armhf', 'i386',
'mips', 'mips64el', 'mipsel', 'ppc64el', 's390x' ]
Components: [ 'main', 'contrib', 'non-free' ]
Uploaders: 'uploaders/anybody'
SignWith: 'default'
DebIndices: [ 'Packages', 'Release', '.', '.gz', '.xz' ]
DscIndices: [ 'Sources', 'Release', '.gz', '.xz' ]
Log: |
packages.buster.log
--type=dsc email-changes.sh
state: 'present'
uploaders:
- name: 'anybody'
raw: |
allow * by any key
state: 'present'
- reprepro__instances
List of APT repository instances that should be created on all hosts in the Ansible inventory.
reprepro__instances: []
- reprepro__group_instances
List of APT repository instances that should be created on hosts in a specific Ansible inventory group.
reprepro__group_instances: []
- reprepro__host_instances
List of APT repository instances that should be created on specific hosts in the Ansible inventory.
reprepro__host_instances: []
- reprepro__combined_instances
Variable which combines all APT repository instances and is used in role tasks and templates.
reprepro__combined_instances: '{{ reprepro__default_instances
+ reprepro__instances
+ reprepro__group_instances
+ reprepro__host_instances }}'
Configuration for other Ansible roles
- reprepro__keyring__dependent_gpg_user
UNIX account which will contain GPG keys managed by the debops.keyring Ansible role.
reprepro__keyring__dependent_gpg_user: '{{ reprepro__user }}'
- reprepro__keyring__dependent_gpg_keys
List of GPG keys managed by the debops.keyring Ansible role.
reprepro__keyring__dependent_gpg_keys:
- user: '{{ reprepro__user }}'
group: '{{ reprepro__group }}'
home: '{{ reprepro__home }}'
- '{{ q("flattened", reprepro__gpg_uploaders_keys) }}'
- reprepro__nginx__dependent_servers
Server configuration for the debops.nginx Ansible role.
reprepro__nginx__dependent_servers: '{{ reprepro__env_nginx_servers }}'