debops.reprepro default variables

APT packages

reprepro__base_packages

The list of default APT packages to install for repository management.

reprepro__base_packages: [ 'reprepro', 'dpkg-dev' ]

reprepro__packages

List of additional APT packages to install with reprepro.

reprepro__packages: []

UNIX environment

reprepro__user

UNIX system account which manages local APT repositories.

reprepro__user: 'reprepro'

reprepro__group

UNIX system group which manages local APT repositories.

reprepro__group: 'reprepro'

reprepro__additional_groups

List of additional UNIX groups which the reprepro account should be a member of.

reprepro__additional_groups:

  # Allow direct SSH logins for administrators
  - '{{ ansible_local.system_groups.local_prefix + "sshusers" }}'

reprepro__home

Path where reprepro home directory is stored.

reprepro__home: '{{ (ansible_local.fhs.home | d("/var/local"))
                    + "/" + reprepro__user }}'

reprepro__comment

The GECOS field of the reprepro UNIX account.

reprepro__comment: 'Local APT repositories'

reprepro__data_root

Path where reprepro data files are stored, separated by instances.

reprepro__data_root: '{{ reprepro__home + "/repositories" }}'

reprepro__public_root

Path where public contents of the APT repositories are stored, separated by instances.

reprepro__public_root: '{{ (ansible_local.fhs.www | d("/srv/www"))
                           + "/reprepro" }}'

reprepro__spool_root

Path where uploads are stored for the incoming queue, separated by instances.

reprepro__spool_root: '{{ (ansible_local.fhs.spool | d("/var/spool"))
                          + "/reprepro" }}'

reprepro__admin_sshkeys

List of public SSH keys which allow access to the reprepro UNIX account via SSH. By default this role will add the SSH keys of the person currently executing the role to the account's SSH keyring.

reprepro__admin_sshkeys:
  - '{{ lookup("pipe", "ssh-add -L | grep ^\\\(sk-\\\)\\\?ssh || cat ~/.ssh/*.pub || cat ~/.ssh/authorized_keys || true") }}'  # noqa jinja[spacing]

Global reprepro configuration

reprepro__fqdn

The default Fully Qualified Domain Name used in various parts of the configuration.

reprepro__fqdn: '{{ ansible_fqdn }}'

reprepro__domain

The default DNS domain used in various parts of the configuration.

reprepro__domain: '{{ ansible_domain }}'

reprepro__origin

The value of the "Origin:" field defined for all APT repositories managed by reprepro. This variable needs to be referenced in the conf/distributions configuration to be effective.

reprepro__origin: '{{ ansible_local.machine.organization
                      | d(reprepro__domain.split(".")[0] | capitalize) }}'

reprepro__mail_from

The default e-mail sender address for e-mails sent on each repository change.

reprepro__mail_from: '{{ reprepro__user + "@" + reprepro__fqdn }}'

reprepro__mail_to

The default e-mail recipient for e-mails sent on each repository change.

reprepro__mail_to: '{{ "root@" + reprepro__domain }}'

reprepro__max_body_size

Maximum size of a single upload to the incoming queue.

reprepro__max_body_size: '50M'

reprepro__auth_realm

The default realm string used when access controls are enabled in a given APT repository.

reprepro__auth_realm: 'Access to this APT repository is restricted'

GnuPG environment

reprepro__gpg_snapshot_name

Name of the snapshot file which contains reprepro GnuPG snapshot. It will be backed up on Ansible Controller.

reprepro__gpg_snapshot_name: 'gnupg.tar'

reprepro__gpg_snapshot_path

Directory on Ansible Controller where reprepro GnuPG snapshot will be archived.

reprepro__gpg_snapshot_path: '{{ secret + "/reprepro/snapshots/" + inventory_hostname }}'

reprepro__gpg_key_type

Settings for GPG key used to sign reprepro repositories.

reprepro__gpg_key_type: 'RSA'

reprepro__gpg_key_length

Length of the GPG key used by reprepro.

reprepro__gpg_key_length: '4096'

reprepro__gpg_name

String used as the name of the GPG key used to sign reprepro APT repositories.

reprepro__gpg_name: '{{ reprepro__origin + " Automatic Signing Key" }}'

reprepro__gpg_email

E-mail address of the GPG key used to sign reprepro APT repositories.

reprepro__gpg_email: '{{ "apt-packages@" + reprepro__domain }}'

reprepro__gpg_expire_days

Duration in days after which the GPG keys for the APT repositories will expire (default: 10 years).

reprepro__gpg_expire_days: '{{ (365 * 10) }}'

reprepro__gpg_public_filename

Filename of the GPG public key published in the root of the APT repositories managed by debops.reprepro role.

reprepro__gpg_public_filename: '{{ reprepro__domain + ".asc" }}'

reprepro__gpg_uploaders_keys

List of GPG fingerprints of people or services that are allowed to upload packages to APT repositories managed by reprepro. They will be added to the UNIX account by the debops.keyring role. See its documentation for more details.

reprepro__gpg_uploaders_keys: []

Local APT repository instances

The variables below define list of APT repository instances managed by debops.reprepro role. See reprepro__instances documentation for more details.

reprepro__default_instances

List of default APT repository instances managed by debops.reprepro.

reprepro__default_instances:

  - name: 'main'
    fqdn: '{{ reprepro__fqdn }}'

    incoming:

      - name: 'incoming'
        Allow:
          - 'trixie'
          - 'testing>trixie'
          - 'bookworm'
          - 'stable>bookworm'
          - 'bullseye'
          - 'oldstable>bullseye'
          - 'buster'
          - 'oldoldstable>buster'
        Options:
          - 'multiple_distributions'
        Cleanup:
          - 'on_deny'
          - 'on_error'

    distributions:

      - name: 'trixie'
        Description: 'Packages for Debian GNU/Linux 13 (Trixie)'
        Origin: '{{ reprepro__origin }}'
        Codename: 'trixie'
        Suite: 'testing'
        Architectures: [ 'source', 'amd64', 'arm64', 'armel', 'armhf', 'i386',
                         'mips64el', 'mipsel', 'ppc64el', 's390x' ]
        Components: [ 'main', 'contrib', 'non-free', 'non-free-firmware' ]
        Uploaders: 'uploaders/anybody'
        SignWith: 'default'
        DebIndices: [ 'Packages', 'Release', '.', '.gz', '.xz' ]
        DscIndices: [ 'Sources', 'Release', '.gz', '.xz' ]
        Log: |
          packages.bookworm.log
          --type=dsc email-changes.sh
        state: 'present'

      - name: 'bookworm'
        Description: 'Packages for Debian GNU/Linux 12 (Bookworm)'
        Origin: '{{ reprepro__origin }}'
        Codename: 'bookworm'
        Suite: 'stable'
        Architectures: [ 'source', 'amd64', 'arm64', 'armel', 'armhf', 'i386',
                         'mips64el', 'mipsel', 'ppc64el', 's390x' ]
        Components: [ 'main', 'contrib', 'non-free', 'non-free-firmware' ]
        Uploaders: 'uploaders/anybody'
        SignWith: 'default'
        DebIndices: [ 'Packages', 'Release', '.', '.gz', '.xz' ]
        DscIndices: [ 'Sources', 'Release', '.gz', '.xz' ]
        Log: |
          packages.bookworm.log
          --type=dsc email-changes.sh
        state: 'present'

      - name: 'bullseye'
        Description: 'Packages for Debian GNU/Linux 11 (Bullseye)'
        Origin: '{{ reprepro__origin }}'
        Codename: 'bullseye'
        Suite: 'oldstable'
        Architectures: [ 'source', 'amd64', 'arm64', 'armel', 'armhf', 'i386',
                         'mips64el', 'mipsel', 'ppc64el', 's390x' ]
        Components: [ 'main', 'contrib', 'non-free' ]
        Uploaders: 'uploaders/anybody'
        SignWith: 'default'
        DebIndices: [ 'Packages', 'Release', '.', '.gz', '.xz' ]
        DscIndices: [ 'Sources', 'Release', '.gz', '.xz' ]
        Log: |
          packages.bullseye.log
          --type=dsc email-changes.sh
        state: 'present'

      - name: 'buster'
        Description: 'Packages for Debian GNU/Linux 10 (Buster)'
        Origin: '{{ reprepro__origin }}'
        Codename: 'buster'
        Suite: 'oldoldstable'
        Architectures: [ 'source', 'amd64', 'arm64', 'armel', 'armhf', 'i386',
                         'mips', 'mips64el', 'mipsel', 'ppc64el', 's390x' ]
        Components: [ 'main', 'contrib', 'non-free' ]
        Uploaders: 'uploaders/anybody'
        SignWith: 'default'
        DebIndices: [ 'Packages', 'Release', '.', '.gz', '.xz' ]
        DscIndices: [ 'Sources', 'Release', '.gz', '.xz' ]
        Log: |
          packages.buster.log
          --type=dsc email-changes.sh
        state: 'present'

    uploaders:

      - name: 'anybody'
        raw: |
          allow * by any key
        state: 'present'

reprepro__instances

List of APT repository instances that should be created on all hosts in the Ansible inventory.

reprepro__instances: []

reprepro__group_instances

List of APT repository instances that should be created on hosts in a specific Ansible inventory group.

reprepro__group_instances: []

reprepro__host_instances

List of APT repository instances that should be created on specific hosts in the Ansible inventory.

reprepro__host_instances: []

reprepro__combined_instances

Variable which combines all APT repository instances and is used in role tasks and templates.

reprepro__combined_instances: '{{ reprepro__default_instances
                                     + reprepro__instances
                                     + reprepro__group_instances
                                     + reprepro__host_instances }}'

Configuration for other Ansible roles

reprepro__keyring__dependent_gpg_user

UNIX account which will contain GPG keys managed by the debops.keyring Ansible role.

reprepro__keyring__dependent_gpg_user: '{{ reprepro__user }}'

reprepro__keyring__dependent_gpg_keys

List of GPG keys managed by the debops.keyring Ansible role.

reprepro__keyring__dependent_gpg_keys:

  - user: '{{ reprepro__user }}'
    group: '{{ reprepro__group }}'
    home: '{{ reprepro__home }}'

  - '{{ q("flattened", reprepro__gpg_uploaders_keys) }}'

reprepro__nginx__dependent_servers

Server configuration for the debops.nginx Ansible role.

reprepro__nginx__dependent_servers: '{{ reprepro__env_nginx_servers }}'