debops.etckeeper default variables¶

Sections

General configuration, installation
Package management options
Commit messages
Version control ignore list
Version control options
Configuration for other Ansible roles

General configuration, installation ¶

etckeeper__enabled¶

Enable or disable support for etckeeper on a given host. Disabling this option does not remove existing etckeeper installation and committing changes via Ansible local facts will be disabled.

etckeeper__enabled: True

etckeeper__installed¶

This variable keeps the install status of etckeeper to distinguish between new and existing installation.

etckeeper__installed: '{{ ansible_local.etckeeper.installed|d(False) }}'

etckeeper__base_packages¶

List of default APT packages to install for etckeeper support.

etckeeper__base_packages:
  - '{{ "mercurial" if (etckeeper__vcs == "hg") else etckeeper__vcs }}'
  - 'etckeeper'

etckeeper__packages¶

List of additional APT packages to install with etckeeper.

etckeeper__packages: []

Package management options ¶

etckeeper__highlevel_package_manager¶

The high-level package manager that's being used. (apt, pacman-g2, yum, dnf, zypper etc). This will only be used when your distribution was not able to predefine this.

etckeeper__highlevel_package_manager: '{{ ansible_local.etckeeper.highlevel_package_manager|d(ansible_pkg_mgr) }}'

etckeeper__lowlevel_package_manager¶

The low-level package manager that's being used. (dpkg, rpm, pacman, pacman-g2, etc) This will only be used when your distribution was not able to predefine this.

etckeeper__lowlevel_package_manager: '{{ ansible_local.etckeeper.lowlevel_package_manager|d(etckeeper__high_low_pkg_map[etckeeper__highlevel_package_manager]) }}'

etckeeper__high_low_pkg_map¶

A YAML dictionary that maps the high-level package manager to a low-level package manager.

etckeeper__high_low_pkg_map:
  'apt':       'dpkg'
  'yum':       'rpm'
  'dnf':       'rpm'
  'zypper':    'rpm'
  'pacman':    'pacman'

Commit messages ¶

etckeeper__commit_message_init¶

Commit message for the initial commit created by the role.

etckeeper__commit_message_init: 'Initial commit by "debops.etckeeper" Ansible role'

etckeeper__commit_message_update¶

Commit message for the subsequent commits created by the role.

etckeeper__commit_message_update: 'Committed by "debops.etckeeper" Ansible role'

etckeeper__commit_message_fact¶

Commit message used by the Ansible local fact.

etckeeper__commit_message_fact: 'Committed by Ansible local facts'

Version control ignore list ¶

These list variables define which paths in /etc directory should be ignored by etckeeper. They will be added in the /etc/.gitignore file. See etckeeper__gitignore for more details.

etckeeper__block_marker¶

The string that marks the beginning and end of the section in the .gitignore file managed by the debops.etckeeper role. It shouldn't be changed once deployed, the {mark} string is required.

etckeeper__block_marker: '# {mark} section managed by debops.etckeeper Ansible role'

etckeeper__default_gitignore¶

The default list of .gitignore paths defined by the role.

etckeeper__default_gitignore:

  - name: 'tor-keys'
    comment: |
      There is no benefit in tracking Tor keys and it is a potential security
      vulnerability.
    ignore: 'tor/keys/'

  - name: 'ssh-host-keys'
    comment: 'No need to track the SSH host keys'
    ignore: 'ssh/ssh_host_*_key'

  - name: 'mandos-seckey'
    comment: |
      There is no benefit in tracking Mandos keys and it is a potential security
      vulnerability in case the /etc/ repository is pushed to an external remote.
    ignore: 'keys/mandos/seckey.txt'

  - name: 'borgmatic'
    comment: |
      The borgmatic configuration directory can contain sensitive credentials
      allowing access to backups of the system and potentially other systems as
      well. debops.borgbackup only stores credentials in
      `/etc/borgmatic/${config_name}_passphrase.txt` so we only exclude the
      passphrase files here.
    ignore: |-
      borgmatic/*passphrase*
      borgmatic.d/*passphrase*

  - name: 'xorg-conf-backup'
    ignore: 'X11/xorg.conf.backup'

  - name: 'apparmor-libvirt'
    comment: |
      Files are generated and managed by libvirt and it is believed that there
      is very little benefit in tracking these files.
    ignore: 'apparmor.d/libvirt/*.files'

  - name: 'zfs-zpool-cache'
    ignore: 'zfs/zpool.cache'

etckeeper__gitignore¶

List of .gitignore paths which should be ignored on all hosts in the Ansible inventory.

etckeeper__gitignore: []

etckeeper__group_gitignore¶

List of .gitignore paths which should be ignored on hosts in a specific Ansible inventory group.

etckeeper__group_gitignore: []

etckeeper__host_gitignore¶

List of .gitignore paths which should be ignored on specific hosts in the Ansible inventory.

etckeeper__host_gitignore: []

etckeeper__combined_gitignore¶

List which combines all of the .gitignore entries together and is used in the role tasks and templates.

etckeeper__combined_gitignore: '{{ etckeeper__default_gitignore
                                   + etckeeper__gitignore
                                   + etckeeper__group_gitignore
                                   + etckeeper__host_gitignore }}'

Version control options ¶

etckeeper__vcs¶

Which VCS to use to version /etc directory. Supported commands:

git (default)
hg
bzr
darcs

Note that any other VCS than git has not really been tested. You might have to fix some bugs in this role when you want to use them.

etckeeper__vcs: '{{ ansible_local.etckeeper.vcs|d("git") }}'

etckeeper__vcs_user¶

The committer name for etckeeper to use in commits if no interactive user was detected.

etckeeper__vcs_user: 'The /etc Keeper'

etckeeper__vcs_email¶

Email address for etckeeper to use in commits if no interactive user was detected.

etckeeper__vcs_email: 'root@{{ ansible_fqdn }}'

etckeeper__git_commit_options¶

Options passed to git commit when run by etckeeper.

etckeeper__git_commit_options: '{{ ansible_local.etckeeper.git_commit_options|d("") }}'

etckeeper__hg_commit_options¶

Options passed to hg commit when run by etckeeper.

etckeeper__hg_commit_options: '{{ ansible_local.etckeeper.hg_commit_options|d("") }}'

etckeeper__bzr_commit_options¶

Options passed to bzr commit when run by etckeeper.

etckeeper__bzr_commit_options: '{{ ansible_local.etckeeper.bzr_commit_options|d("") }}'

etckeeper__darcs_commit_options¶

Options passed to darcs record when run by etckeeper.

etckeeper__darcs_commit_options: '{{ ansible_local.etckeeper.darcs_commit_options|d("-a") }}'

etckeeper__avoid_daily_autocommits¶

Set this option to True to avoid etckeeper committing existing changes to /etc automatically once per day.

etckeeper__avoid_daily_autocommits: '{{ True
                                        if (ansible_local|d() and ansible_local.etckeeper|d() and
                                            (ansible_local.etckeeper.avoid_daily_autocommits|d() == "1"))
                                        else False }}'

etckeeper__avoid_special_file_warning¶

Set this option to True to avoid special file warning (the option is enabled automatically by cronjob regardless).

etckeeper__avoid_special_file_warning: '{{ True
                                           if (ansible_local|d() and ansible_local.etckeeper|d() and
                                               (ansible_local.etckeeper.avoid_special_file_warning|d() == "1"))
                                           else False }}'

etckeeper__avoid_commit_before_install¶

Set this option to True to avoid etckeeper committing existing changes to /etc before installation. It will cancel the installation, so you can commit the changes by hand.

etckeeper__avoid_commit_before_install: '{{ True
                                            if (ansible_local|d() and ansible_local.etckeeper|d() and
                                                (ansible_local.etckeeper.avoid_commit_before_install|d() == "1"))
                                            else False }}'

etckeeper__push_remote¶

To push each commit to a remote, put the name of the remote here (eg, "origin" for git). Space-separated lists of multiple remotes also work (eg, "origin gitlab github" for git).

etckeeper__push_remote: '{{ ansible_local.etckeeper.push_remote|d("") }}'

etckeeper__email_on_commit_state¶

Set this option to present to allow etckeeper to send email on every commit using a hook script. Setting it to absent will remove the email hook script.

etckeeper__email_on_commit_state: 'absent'

etckeeper__email_on_commit_email¶

Email address for etckeeper to use in email send after commit.

etckeeper__email_on_commit_email: '{{ etckeeper__vcs_email }}'

etckeeper__gitattributes¶

String to be appended to the /etc/.gitattributes file.

etckeeper__gitattributes: ''

Configuration for other Ansible roles ¶

etckeeper__apt_preferences__dependent_list¶

Configuration for the debops.apt_preferences Ansible role.

etckeeper__apt_preferences__dependent_list:

  - packages: [ 'etckeeper' ]
    backports: [ 'buster' ]
    reason: 'Support for Python 3'
    by_role: 'debops.etckeeper'

debops.etckeeper default variables¶

General configuration, installation¶

Package management options¶

Commit messages¶

Version control ignore list¶

Version control options¶

Configuration for other Ansible roles¶