debops.etckeeper default variables¶
Sections
General configuration, installation¶
-
etckeeper__enabled
¶
Enable or disable support for etckeeper on a given host. Disabling this option does not remove existing etckeeper installation and committing changes via Ansible local facts will be disabled.
etckeeper__enabled: True
-
etckeeper__installed
¶
This variable keeps the install status of etckeeper to distinguish between new and existing installation.
etckeeper__installed: '{{ ansible_local.etckeeper.installed|d(False) }}'
-
etckeeper__base_packages
¶
List of default APT packages to install for etckeeper support.
etckeeper__base_packages:
- '{{ "mercurial" if (etckeeper__vcs == "hg") else etckeeper__vcs }}'
- 'etckeeper'
-
etckeeper__packages
¶
List of additional APT packages to install with etckeeper.
etckeeper__packages: []
Package management options¶
-
etckeeper__highlevel_package_manager
¶
The high-level package manager that's being used. (apt, pacman-g2, yum, dnf, zypper etc). This will only be used when your distribution was not able to predefine this.
etckeeper__highlevel_package_manager: '{{ ansible_local.etckeeper.highlevel_package_manager|d(ansible_pkg_mgr) }}'
-
etckeeper__lowlevel_package_manager
¶
The low-level package manager that's being used. (dpkg, rpm, pacman, pacman-g2, etc) This will only be used when your distribution was not able to predefine this.
etckeeper__lowlevel_package_manager: '{{ ansible_local.etckeeper.lowlevel_package_manager|d(etckeeper__high_low_pkg_map[etckeeper__highlevel_package_manager]) }}'
-
etckeeper__high_low_pkg_map
¶
A YAML dictionary that maps the high-level package manager to a low-level package manager.
etckeeper__high_low_pkg_map:
'apt': 'dpkg'
'yum': 'rpm'
'dnf': 'rpm'
'zypper': 'rpm'
'pacman': 'pacman'
Commit messages¶
-
etckeeper__commit_message_init
¶
Commit message for the initial commit created by the role.
etckeeper__commit_message_init: 'Initial commit by "debops.etckeeper" Ansible role'
-
etckeeper__commit_message_update
¶
Commit message for the subsequent commits created by the role.
etckeeper__commit_message_update: 'Committed by "debops.etckeeper" Ansible role'
-
etckeeper__commit_message_fact
¶
Commit message used by the Ansible local fact.
etckeeper__commit_message_fact: 'Committed by Ansible local facts'
Version control ignore list¶
These list variables define which paths in /etc
directory should be
ignored by etckeeper. They will be added in the
/etc/.gitignore
file. See etckeeper__gitignore for more
details.
-
etckeeper__block_marker
¶
The string that marks the beginning and end of the section in the
.gitignore
file managed by the debops.etckeeper
role. It shouldn't
be changed once deployed, the {mark}
string is required.
etckeeper__block_marker: '# {mark} section managed by debops.etckeeper Ansible role'
-
etckeeper__default_gitignore
¶
The default list of .gitignore
paths defined by the role.
etckeeper__default_gitignore:
- name: 'tor-keys'
comment: |
There is no benefit in tracking Tor keys and it is a potential security
vulnerability.
ignore: 'tor/keys/'
- name: 'ssh-host-keys'
comment: 'No need to track the SSH host keys'
ignore: 'ssh/ssh_host_*_key'
- name: 'mandos-seckey'
comment: |
There is no benefit in tracking Mandos keys and it is a potential security
vulnerability in case the /etc/ repository is pushed to an external remote.
ignore: 'keys/mandos/seckey.txt'
- name: 'borgmatic'
comment: |
The borgmatic configuration directory can contain sensitive credentials
allowing access to backups of the system and potentially other systems as
well. debops.borgbackup only stores credentials in
`/etc/borgmatic/${config_name}_passphrase.txt` so we only exclude the
passphrase files here.
ignore: |-
borgmatic/*passphrase*
borgmatic.d/*passphrase*
- name: 'xorg-conf-backup'
ignore: 'X11/xorg.conf.backup'
- name: 'apparmor-libvirt'
comment: |
Files are generated and managed by libvirt and it is believed that there
is very little benefit in tracking these files.
ignore: 'apparmor.d/libvirt/*.files'
- name: 'zfs-zpool-cache'
ignore: 'zfs/zpool.cache'
-
etckeeper__gitignore
¶
List of .gitignore
paths which should be ignored on all hosts in the
Ansible inventory.
etckeeper__gitignore: []
-
etckeeper__group_gitignore
¶
List of .gitignore
paths which should be ignored on hosts in
a specific Ansible inventory group.
etckeeper__group_gitignore: []
-
etckeeper__host_gitignore
¶
List of .gitignore
paths which should be ignored on specific hosts in
the Ansible inventory.
etckeeper__host_gitignore: []
-
etckeeper__combined_gitignore
¶
List which combines all of the .gitignore
entries together and is
used in the role tasks and templates.
etckeeper__combined_gitignore: '{{ etckeeper__default_gitignore
+ etckeeper__gitignore
+ etckeeper__group_gitignore
+ etckeeper__host_gitignore }}'
Version control options¶
-
etckeeper__vcs
¶
Which VCS to use to version /etc
directory. Supported commands:
- git (default)
- hg
- bzr
- darcs
Note that any other VCS than git has not really been tested. You might have to fix some bugs in this role when you want to use them.
etckeeper__vcs: '{{ ansible_local.etckeeper.vcs|d("git") }}'
-
etckeeper__vcs_user
¶
The committer name for etckeeper to use in commits if no interactive user was detected.
etckeeper__vcs_user: 'The /etc Keeper'
-
etckeeper__vcs_email
¶
Email address for etckeeper to use in commits if no interactive user was detected.
etckeeper__vcs_email: 'root@{{ ansible_fqdn }}'
-
etckeeper__git_commit_options
¶
Options passed to git commit when run by etckeeper.
etckeeper__git_commit_options: '{{ ansible_local.etckeeper.git_commit_options|d("") }}'
-
etckeeper__hg_commit_options
¶
Options passed to hg commit when run by etckeeper.
etckeeper__hg_commit_options: '{{ ansible_local.etckeeper.hg_commit_options|d("") }}'
-
etckeeper__bzr_commit_options
¶
Options passed to bzr commit when run by etckeeper.
etckeeper__bzr_commit_options: '{{ ansible_local.etckeeper.bzr_commit_options|d("") }}'
-
etckeeper__darcs_commit_options
¶
Options passed to darcs record when run by etckeeper.
etckeeper__darcs_commit_options: '{{ ansible_local.etckeeper.darcs_commit_options|d("-a") }}'
-
etckeeper__avoid_daily_autocommits
¶
Set this option to True
to avoid etckeeper committing existing
changes to /etc
automatically once per day.
etckeeper__avoid_daily_autocommits: '{{ True
if (ansible_local|d() and ansible_local.etckeeper|d() and
(ansible_local.etckeeper.avoid_daily_autocommits|d() == "1"))
else False }}'
-
etckeeper__avoid_special_file_warning
¶
Set this option to True
to avoid special file warning (the option is
enabled automatically by cronjob regardless).
etckeeper__avoid_special_file_warning: '{{ True
if (ansible_local|d() and ansible_local.etckeeper|d() and
(ansible_local.etckeeper.avoid_special_file_warning|d() == "1"))
else False }}'
-
etckeeper__avoid_commit_before_install
¶
Set this option to True
to avoid etckeeper committing existing
changes to /etc before installation. It will cancel the installation, so
you can commit the changes by hand.
etckeeper__avoid_commit_before_install: '{{ True
if (ansible_local|d() and ansible_local.etckeeper|d() and
(ansible_local.etckeeper.avoid_commit_before_install|d() == "1"))
else False }}'
-
etckeeper__push_remote
¶
To push each commit to a remote, put the name of the remote here (eg,
"origin" for git
). Space-separated lists of multiple remotes also work
(eg, "origin gitlab github" for git).
etckeeper__push_remote: '{{ ansible_local.etckeeper.push_remote|d("") }}'
-
etckeeper__email_on_commit_state
¶
Set this option to present
to allow etckeeper to send email on
every commit using a hook script. Setting it to absent
will remove the
email hook script.
etckeeper__email_on_commit_state: 'absent'
-
etckeeper__email_on_commit_email
¶
Email address for etckeeper to use in email send after commit.
etckeeper__email_on_commit_email: '{{ etckeeper__vcs_email }}'
-
etckeeper__gitattributes
¶
String to be appended to the /etc/.gitattributes
file.
etckeeper__gitattributes: ''
Configuration for other Ansible roles¶
-
etckeeper__apt_preferences__dependent_list
¶
Configuration for the debops.apt_preferences Ansible role.
etckeeper__apt_preferences__dependent_list:
- packages: [ 'etckeeper' ]
backports: [ 'buster' ]
reason: 'Support for Python 3'
by_role: 'debops.etckeeper'