]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/apt/recipes/default.rb
Use fail2ban to block bogus note searches
[chef.git] / cookbooks / apt / recipes / default.rb
index dea088bb66a8b48263fe19788da8b96a9c534121..4cd4b79262f14bd95adcaa6b3f3d6475285a00b5 100644 (file)
@@ -1,14 +1,14 @@
 #
-# Cookbook Name:: apt
+# Cookbook:: apt
 # Recipe:: default
 #
-# Copyright 2010, Tom Hughes
+# Copyright:: 2010, Tom Hughes
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
-#     http://www.apache.org/licenses/LICENSE-2.0
+#     https://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # limitations under the License.
 #
 
-package "apt"
-package "update-notifier-common"
+package %w[
+  apt
+  apt-transport-https
+  gnupg
+]
+
+package "update-notifier-common" if platform?("ubuntu")
 
 file "/etc/motd.tail" do
   action :delete
 end
 
-execute "apt-update" do
-  action :nothing
-  command "/usr/bin/apt-get update"
-end
-
-template "/etc/apt/sources.list" do
-  source "sources.list.erb"
-  owner "root"
-  group "root"
-  mode 0644
-  notifies :run, "execute[apt-update]"
-end
-
-apt_source "brightbox" do
-  url "http://apt.brightbox.net/"
-  key "0090DAAD"
-end
-
-apt_source "brightbox-ruby-ng" do
-  url "http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu"
-  key "C3173AA6"
-end
-
-apt_source "brightbox-ruby-ng-experimental" do
-  url "http://ppa.launchpad.net/brightbox/ruby-ng/ubuntu-experimental"
-  key "C3173AA6"
-end
-
-apt_source "pitti-postgresql" do
-  url "http://ppa.launchpad.net/pitti/postgresql/ubuntu"
-  key "8683D8A2"
+# FIXME: cleanup old package pin method for cciss-vol-status
+file "/etc/apt/preferences.d/99-chef" do
+  action :delete
 end
 
-apt_source "ubuntugis-stable" do
-  url "http://ppa.launchpad.net/ubuntugis/ppa/ubuntu"
-  key "314DF160"
+apt_preference "cciss-vol-status" do
+  pin          "origin *.ubuntu.com"
+  pin_priority "1100"
 end
 
-apt_source "ubuntugis-unstable" do
-  url "http://ppa.launchpad.net/ubuntugis/ubuntugis-unstable/ubuntu"
-  key "314DF160"
+apt_update "/etc/apt/sources.list" do
+  action :nothing
 end
 
-apt_source "brianmercer-php" do
-  url "http://ppa.launchpad.net/brianmercer/php/ubuntu"
-  key "8D0DC64F"
+if platform?("debian")
+  archive_host = "deb.debian.org"
+  archive_security_host = archive_host
+  archive_distro = "debian"
+  archive_security_distro = "debian-security"
+  archive_suites = %w[main updates security]
+  archive_components = %w[main contrib non-free non-free-firmware]
+elsif intel?
+  archive_host = if node[:country]
+                   "#{node[:country]}.archive.ubuntu.com"
+                 else
+                   "archive.ubuntu.com"
+                 end
+  archive_security_host = "security.ubuntu.com"
+  archive_distro = "ubuntu"
+  archive_security_distro = archive_distro
+  archive_suites = %w[main updates backports security]
+  archive_components = %w[main restricted universe multiverse]
+else
+  archive_host = "ports.ubuntu.com"
+  archive_security_host = archive_host
+  archive_distro = "ubuntu-ports"
+  archive_security_distro = archive_distro
+  archive_suites = %w[main updates backports security]
+  archive_components = %w[main restricted universe multiverse]
 end
 
-if node[:lsb][:release].to_f < 14.04
-  apt_source "openstreetmap" do
-    url "http://ppa.launchpad.net/osmadmins/ppa/ubuntu"
-    key "0AC4F2CB"
+template "/etc/apt/sources.list" do
+  source "sources.list.erb"
+  owner "root"
+  group "root"
+  mode "644"
+  variables :archive_host => archive_host,
+            :archive_security_host => archive_security_host,
+            :archive_distro => archive_distro,
+            :archive_security_distro => archive_security_distro,
+            :archive_suites => archive_suites,
+            :archive_components => archive_components,
+            :codename => node[:lsb][:codename]
+  notifies :update, "apt_update[/etc/apt/sources.list]", :immediately
+end
+
+apt_repository "openstreetmap" do
+  uri "ppa:osmadmins/ppa"
+  only_if { platform?("ubuntu") }
+end
+
+package "unattended-upgrades"
+
+if Dir.exist?("/usr/share/unattended-upgrades")
+  auto_upgrades = if node[:apt][:unattended_upgrades][:enable]
+                    IO.read("/usr/share/unattended-upgrades/20auto-upgrades")
+                  else
+                    IO.read("/usr/share/unattended-upgrades/20auto-upgrades-disabled")
+                  end
+
+  file "/etc/apt/apt.conf.d/20auto-upgrades" do
+    user "root"
+    group "root"
+    mode "644"
+    content auto_upgrades
   end
 end
 
-apt_source "proliant-support-pack" do
-  template "hp.list.erb"
-  url "http://downloads.linux.hp.com/SDR/downloads/ProLiantSupportPack"
-  key "2689B887"
-end
-
-apt_source "management-component-pack" do
-  template "hp.list.erb"
-  url "http://downloads.linux.hp.com/SDR/downloads/ManagementComponentPack"
-  key "2689B887"
-end
-
-apt_source "hwraid" do
-  template "hwraid.list.erb"
-  url "http://hwraid.le-vert.net/ubuntu"
-  key "23B3D3B4"
-end
-
-apt_source "mapnik-v210" do
-  url "http://ppa.launchpad.net/mapnik/v2.1.0/ubuntu"
-  key "5D50B6BA"
-end
-
-apt_source "nginx" do
-  template "nginx.list.erb"
-  url "http://nginx.org/packages/ubuntu"
-  key "7BD9BF62"
-end
-
-apt_source "elasticsearch" do
-  template "elasticsearch.list.erb"
-  url "http://packages.elasticsearch.org/elasticsearch/1.0/debian"
-  key "D88E42B4"
+template "/etc/apt/apt.conf.d/60chef" do
+  source "apt.conf.erb"
+  owner "root"
+  group "root"
+  mode "644"
 end