debops.etckeeper default variables¶
Sections
General configuration, installation¶
-
etckeeper__enabled¶
Enable or disable support for etckeeper on a given host. Disabling this option does not remove existing etckeeper installation and committing changes via Ansible local facts will be disabled.
The etckeeper package will not be installed by default if Python 2.7 environment is not present on the host, to avoid creating it. See the role documentation for more details.
etckeeper__enabled: '{{ True
if (ansible_local|d() and ansible_local.python|d() and
(ansible_local.python.installed2|d())|bool)
else (ansible_local.etckeeper.installed
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.installed is defined)
else False) }}'
-
etckeeper__installed¶
This variable keeps the install status of etckeeper to distinguish between new and existing installation.
etckeeper__installed: '{{ ansible_local.etckeeper.installed
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.installed|d())
else False }}'
-
etckeeper__base_packages¶
List of default APT packages to install for etckeeper support.
etckeeper__base_packages:
- '{{ "mercurial" if (etckeeper__vcs == "hg") else etckeeper__vcs }}'
- 'etckeeper'
-
etckeeper__packages¶
List of additional APT packages to install with etckeeper.
etckeeper__packages: []
Package management options¶
-
etckeeper__highlevel_package_manager¶
The high-level package manager that's being used. (apt, pacman-g2, yum, dnf, zypper etc). This will only be used when your distribution was not able to predefine this.
etckeeper__highlevel_package_manager: '{{ ansible_local.etckeeper.highlevel_package_manager
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.highlevel_package_manager|d())
else ansible_pkg_mgr }}'
-
etckeeper__lowlevel_package_manager¶
The low-level package manager that's being used. (dpkg, rpm, pacman, pacman-g2, etc) This will only be used when your distribution was not able to predefine this.
etckeeper__lowlevel_package_manager: '{{ ansible_local.etckeeper.lowlevel_package_manager
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.lowlevel_package_manager|d())
else etckeeper__high_low_pkg_map[etckeeper__highlevel_package_manager] }}'
-
etckeeper__high_low_pkg_map¶
A YAML dictionary that maps the high-level package manager to a low-level package manager.
etckeeper__high_low_pkg_map:
'apt': 'dpkg'
'yum': 'rpm'
'dnf': 'rpm'
'zypper': 'rpm'
'pacman': 'pacman'
Commit messages¶
-
etckeeper__commit_message_init¶
Commit message for the initial commit created by the role.
etckeeper__commit_message_init: 'Initial commit by "debops.etckeeper" Ansible role'
-
etckeeper__commit_message_update¶
Commit message for the subsequent commits created by the role.
etckeeper__commit_message_update: 'Committed by "debops.etckeeper" Ansible role'
-
etckeeper__commit_message_fact¶
Commit message used by the Ansible local fact.
etckeeper__commit_message_fact: 'Committed by Ansible local facts'
Version control ignore list¶
These list variables define which paths in /etc directory should be
ignored by etckeeper. They will be added in the
/etc/.gitignore file. See etckeeper__gitignore for more
details.
-
etckeeper__block_marker¶
The string that marks the beginning and end of the section in the
.gitignore file managed by the debops.etckeeper role. It shouldn't
be changed once deployed, the {mark} string is required.
etckeeper__block_marker: '# {mark} section managed by debops.etckeeper Ansible role'
-
etckeeper__default_gitignore¶
The default list of .gitignore paths defined by the role.
etckeeper__default_gitignore:
- name: 'tor-keys'
comment: |
There is no benefit in tracking Tor keys and it is a potential security
vulnerability.
ignore: 'tor/keys/'
- name: 'ssh-host-keys'
comment: 'No need to track the SSH host keys'
ignore: 'ssh/ssh_host_*_key'
- name: 'mandos-seckey'
comment: |
There is no benefit in tracking Mandos keys and it is a potential security
vulnerability in case the /etc/ repository is pushed to an external remote.
ignore: 'keys/mandos/seckey.txt'
- name: 'borgmatic'
comment: |
The borgmatic configuration directory can contain sensitive credentials
allowing access to backups of the system and potentially other systems as
well. debops.borgbackup only stores credentials in
`/etc/borgmatic/${config_name}_passphrase.txt` so we only exclude the
passphrase files here.
ignore: |-
borgmatic/*passphrase*
borgmatic.d/*passphrase*
- name: 'xorg-conf-backup'
ignore: 'X11/xorg.conf.backup'
- name: 'apparmor-libvirt'
comment: |
Files are generated and managed by libvirt and it is believed that there
is very little benefit in tracking these files.
ignore: 'apparmor.d/libvirt/*.files'
- name: 'zfs-zpool-cache'
ignore: 'zfs/zpool.cache'
-
etckeeper__gitignore¶
List of .gitignore paths which should be ignored on all hosts in the
Ansible inventory.
etckeeper__gitignore: []
-
etckeeper__group_gitignore¶
List of .gitignore paths which should be ignored on hosts in
a specific Ansible inventory group.
etckeeper__group_gitignore: []
-
etckeeper__host_gitignore¶
List of .gitignore paths which should be ignored on specific hosts in
the Ansible inventory.
etckeeper__host_gitignore: []
-
etckeeper__combined_gitignore¶
List which combines all of the .gitignore entries together and is
used in the role tasks and templates.
etckeeper__combined_gitignore: '{{ etckeeper__default_gitignore
+ etckeeper__gitignore
+ etckeeper__group_gitignore
+ etckeeper__host_gitignore }}'
Version control options¶
-
etckeeper__vcs¶
Which VCS to use to version /etc directory. Supported commands:
- git (default)
- hg
- bzr
- darcs
Note that any other VCS than git has not really been tested. You might have to fix some bugs in this role when you want to use them.
etckeeper__vcs: '{{ ansible_local.etckeeper.vcs
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.vcs|d())
else "git" }}'
-
etckeeper__vcs_user¶
The committer name for etckeeper to use in commits if no interactive user was detected.
etckeeper__vcs_user: 'The /etc Keeper'
-
etckeeper__vcs_email¶
Email address for etckeeper to use in commits if no interactive user was detected.
etckeeper__vcs_email: 'root@{{ ansible_fqdn }}'
-
etckeeper__git_commit_options¶
Options passed to git commit when run by etckeeper.
etckeeper__git_commit_options: '{{ ansible_local.etckeeper.git_commit_options
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.git_commit_options|d())
else "" }}'
-
etckeeper__hg_commit_options¶
Options passed to hg commit when run by etckeeper.
etckeeper__hg_commit_options: '{{ ansible_local.etckeeper.hg_commit_options
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.hg_commit_options|d())
else "" }}'
-
etckeeper__bzr_commit_options¶
Options passed to bzr commit when run by etckeeper.
etckeeper__bzr_commit_options: '{{ ansible_local.etckeeper.bzr_commit_options
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.bzr_commit_options|d())
else "" }}'
-
etckeeper__darcs_commit_options¶
Options passed to darcs record when run by etckeeper.
etckeeper__darcs_commit_options: '{{ ansible_local.etckeeper.darcs_commit_options
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.darcs_commit_options|d())
else "-a" }}'
-
etckeeper__avoid_daily_autocommits¶
Set this option to True to avoid etckeeper committing existing
changes to /etc automatically once per day.
etckeeper__avoid_daily_autocommits: '{{ True
if (ansible_local|d() and ansible_local.etckeeper|d() and
(ansible_local.etckeeper.avoid_daily_autocommits|d() == "1"))
else False }}'
-
etckeeper__avoid_special_file_warning¶
Set this option to True to avoid special file warning (the option is
enabled automatically by cronjob regardless).
etckeeper__avoid_special_file_warning: '{{ True
if (ansible_local|d() and ansible_local.etckeeper|d() and
(ansible_local.etckeeper.avoid_special_file_warning|d() == "1"))
else False }}'
-
etckeeper__avoid_commit_before_install¶
Set this option to True to avoid etckeeper committing existing
changes to /etc before installation. It will cancel the installation, so
you can commit the changes by hand.
etckeeper__avoid_commit_before_install: '{{ True
if (ansible_local|d() and ansible_local.etckeeper|d() and
(ansible_local.etckeeper.avoid_commit_before_install|d() == "1"))
else False }}'
-
etckeeper__push_remote¶
To push each commit to a remote, put the name of the remote here (eg,
"origin" for git). Space-separated lists of multiple remotes also work
(eg, "origin gitlab github" for git).
etckeeper__push_remote: '{{ ansible_local.etckeeper.push_remote
if (ansible_local|d() and ansible_local.etckeeper|d() and
ansible_local.etckeeper.push_remote|d())
else "" }}'