debops.etckeeper default variables
Sections
General configuration, installation
- etckeeper__enabled
Enable or disable support for etckeeper on a given host. Disabling this option does not remove existing etckeeper installation and committing changes via Ansible local facts will be disabled.
etckeeper__enabled: True
- etckeeper__installed
This variable keeps the install status of etckeeper to distinguish between new and existing installation.
etckeeper__installed: '{{ ansible_local.etckeeper.installed | d(False) }}'
- etckeeper__base_packages
List of default APT packages to install for etckeeper support.
etckeeper__base_packages:
- '{{ "mercurial" if (etckeeper__vcs == "hg") else etckeeper__vcs }}'
- 'etckeeper'
- etckeeper__packages
List of additional APT packages to install with etckeeper.
etckeeper__packages: []
Package management options
- etckeeper__highlevel_package_manager
The high-level package manager that's being used. (apt, pacman-g2, yum, dnf, zypper etc). This will only be used when your distribution was not able to predefine this.
etckeeper__highlevel_package_manager: '{{ ansible_local.etckeeper.highlevel_package_manager | d(ansible_pkg_mgr) }}'
- etckeeper__lowlevel_package_manager
The low-level package manager that's being used. (dpkg, rpm, pacman, pacman-g2, etc) This will only be used when your distribution was not able to predefine this.
etckeeper__lowlevel_package_manager: '{{ ansible_local.etckeeper.lowlevel_package_manager | d(etckeeper__high_low_pkg_map[etckeeper__highlevel_package_manager]) }}'
- etckeeper__high_low_pkg_map
A YAML dictionary that maps the high-level package manager to a low-level package manager.
etckeeper__high_low_pkg_map:
'apt': 'dpkg'
'yum': 'rpm'
'dnf': 'rpm'
'zypper': 'rpm'
'pacman': 'pacman'
Commit messages
- etckeeper__commit_message_init
Commit message for the initial commit created by the role.
etckeeper__commit_message_init: 'Initial commit by "debops.etckeeper" Ansible role'
- etckeeper__commit_message_update
Commit message for the subsequent commits created by the role.
etckeeper__commit_message_update: 'Committed by "debops.etckeeper" Ansible role'
- etckeeper__commit_message_fact
Commit message used by the Ansible local fact.
etckeeper__commit_message_fact: 'Committed by Ansible local facts'
Version control ignore list
These list variables define which paths in /etc
directory should be
ignored by etckeeper. They will be added in the
/etc/.gitignore
file. See etckeeper__gitignore for more
details.
- etckeeper__block_marker
The string that marks the beginning and end of the section in the
.gitignore
file managed by the debops.etckeeper
role. It shouldn't
be changed once deployed, the {mark}
string is required.
etckeeper__block_marker: '# {mark} section managed by debops.etckeeper Ansible role'
- etckeeper__default_gitignore
The default list of .gitignore
paths defined by the role.
etckeeper__default_gitignore:
- name: 'tor-keys'
comment: |
There is no benefit in tracking Tor keys and it is a potential security
vulnerability.
ignore: 'tor/keys/'
- name: 'ssh-host-keys'
comment: 'No need to track the SSH host keys'
ignore: 'ssh/ssh_host_*_key'
- name: 'mandos-seckey'
comment: |
There is no benefit in tracking Mandos keys and it is a potential security
vulnerability in case the /etc/ repository is pushed to an external remote.
ignore: 'keys/mandos/seckey.txt'
- name: 'borgmatic'
comment: |
The borgmatic configuration directory can contain sensitive credentials
allowing access to backups of the system and potentially other systems as
well. debops.borgbackup only stores credentials in
`/etc/borgmatic/${config_name}_passphrase.txt` so we only exclude the
passphrase files here.
ignore: |-
borgmatic/*passphrase*
borgmatic.d/*passphrase*
- name: 'xorg-conf-backup'
ignore: 'X11/xorg.conf.backup'
- name: 'apparmor-libvirt'
comment: |
Files are generated and managed by libvirt and it is believed that there
is very little benefit in tracking these files.
ignore: 'apparmor.d/libvirt/*.files'
- name: 'zfs-zpool-cache'
ignore: 'zfs/zpool.cache'
- name: 'gitlab-omnibus-secrets'
comment: 'Ignore GitLab Omnibus secrets'
ignore: 'gitlab/gitlab-secrets.json'
- name: 'gitlab-runner-config'
comment: 'Do not commit GitLab runner private configuration'
ignore: 'gitlab-runner/config.toml'
- name: 'docker-key'
comment: 'Do not commit Docker private configuration'
ignore: 'docker/key.json'
- etckeeper__gitignore
List of .gitignore
paths which should be ignored on all hosts in the
Ansible inventory.
etckeeper__gitignore: []
- etckeeper__group_gitignore
List of .gitignore
paths which should be ignored on hosts in
a specific Ansible inventory group.
etckeeper__group_gitignore: []
- etckeeper__host_gitignore
List of .gitignore
paths which should be ignored on specific hosts in
the Ansible inventory.
etckeeper__host_gitignore: []
- etckeeper__combined_gitignore
List which combines all of the .gitignore
entries together and is
used in the role tasks and templates.
etckeeper__combined_gitignore: '{{ etckeeper__default_gitignore
+ etckeeper__gitignore
+ etckeeper__group_gitignore
+ etckeeper__host_gitignore }}'
Version control options
- etckeeper__vcs
Which VCS to use to version /etc
directory. Supported commands:
git (default)
hg
bzr
darcs
Note that any other VCS than git has not really been tested. You might have to fix some bugs in this role when you want to use them.
etckeeper__vcs: '{{ ansible_local.etckeeper.vcs | d("git") }}'
- etckeeper__vcs_user
The committer name for etckeeper to use in commits if no interactive user was detected.
etckeeper__vcs_user: 'The /etc Keeper'
- etckeeper__vcs_email
Email address for etckeeper to use in commits if no interactive user was detected.
etckeeper__vcs_email: 'root@{{ ansible_fqdn }}'
- etckeeper__git_commit_options
Options passed to git commit when run by etckeeper.
etckeeper__git_commit_options: '{{ ansible_local.etckeeper.git_commit_options | d("") }}'
- etckeeper__hg_commit_options
Options passed to hg commit when run by etckeeper.
etckeeper__hg_commit_options: '{{ ansible_local.etckeeper.hg_commit_options | d("") }}'
- etckeeper__bzr_commit_options
Options passed to bzr commit when run by etckeeper.
etckeeper__bzr_commit_options: '{{ ansible_local.etckeeper.bzr_commit_options | d("") }}'
- etckeeper__darcs_commit_options
Options passed to darcs record when run by etckeeper.
etckeeper__darcs_commit_options: '{{ ansible_local.etckeeper.darcs_commit_options | d("-a") }}'
- etckeeper__avoid_daily_autocommits
Set this option to True
to avoid etckeeper committing existing
changes to /etc
automatically once per day.
etckeeper__avoid_daily_autocommits: '{{ True
if (ansible_local | d() and ansible_local.etckeeper | d() and
(ansible_local.etckeeper.avoid_daily_autocommits | d() == "1"))
else False }}'
- etckeeper__avoid_special_file_warning
Set this option to True
to avoid special file warning (the option is
enabled automatically by cronjob regardless).
etckeeper__avoid_special_file_warning: '{{ True
if (ansible_local | d() and ansible_local.etckeeper | d() and
(ansible_local.etckeeper.avoid_special_file_warning | d() == "1"))
else False }}'
- etckeeper__avoid_commit_before_install
Set this option to True
to avoid etckeeper committing existing
changes to /etc before installation. It will cancel the installation, so
you can commit the changes by hand.
etckeeper__avoid_commit_before_install: '{{ True
if (ansible_local | d() and ansible_local.etckeeper | d() and
(ansible_local.etckeeper.avoid_commit_before_install | d() == "1"))
else False }}'
- etckeeper__push_remote
To push each commit to a remote, put the name of the remote here (eg,
"origin" for git
). Space-separated lists of multiple remotes also work
(eg, "origin gitlab github" for git).
etckeeper__push_remote: '{{ ansible_local.etckeeper.push_remote | d("") }}'
- etckeeper__email_on_commit_state
Set this option to present
to allow etckeeper to send email on
every commit using a hook script. Setting it to absent
will remove the
email hook script.
etckeeper__email_on_commit_state: 'absent'
- etckeeper__email_on_commit_email
Email address for etckeeper to use in email send after commit.
etckeeper__email_on_commit_email: '{{ etckeeper__vcs_email }}'
- etckeeper__gitattributes
String to be appended to the /etc/.gitattributes
file.
etckeeper__gitattributes: ''
Configuration for other Ansible roles
- etckeeper__apt_preferences__dependent_list
Configuration for the debops.apt_preferences Ansible role.
etckeeper__apt_preferences__dependent_list:
- packages: [ 'etckeeper' ]
backports: [ 'buster' ]
reason: 'Support for Python 3'
by_role: 'debops.etckeeper'