class nodo::subsystem::apt( $ensure = present, $auto_upgrade = present, $upgrade_handler = 'apt', $hour = 2, $minute = 0, $mirror = 'https://deb.debian.org', $contrib = 'enabled', $non_free = 'enabled', $non_free_firmware = $::lsbdistcodename ? { 'wheezy' => 'disabled', 'buster' => 'disabled', 'bullseye' => 'disabled', default => 'enabled', } ) { # This one is no longer necessary package { 'apt-transport-https': ensure => absent, } # See https://www.cyberciti.biz/faq/howto-use-apt-get-with-ipv6-or-ipv4-transport-on-ubuntu-debian/ # https://unix.stackexchange.com/questions/370750/wget-uses-ipv6-address-and-takes-too-long-to-complete file { '/etc/apt/apt.conf.d/1000-force-ipv4-transport': ensure => absent, owner => root, group => root, mode => '0644', content => "Acquire::ForceIPv4 \"true\";\n", } $contrib_component = $contrib ? { 'enabled' => ' contrib', default => '', } $non_free_component = $non_free ? { 'enabled' => ' non-free', default => '', } $non_free_firmware_component = $non_free_firmware ? { 'enabled' => ' non-free-firmware', default => '', } file { '/etc/apt/sources.list': ensure => present, owner => root, group => root, mode => '0644', notify => Exec['nodo-apt-auto-update'], require => [ File['/etc/apt/apt.conf.d/1000-force-ipv4-transport'], Package['apt-transport-https'] ], content => $ensure ? { 'present' => template("nodo/apt/${::operatingsystem}.sources.list.erb"), default => undef, }, } file { '/etc/apt/preferences': ensure => present, owner => root, group => root, mode => '0644', require => [ File['/etc/apt/apt.conf.d/1000-force-ipv4-transport'], Package['apt-transport-https'] ], content => $ensure ? { 'present' => template("nodo/apt/${::operatingsystem}.preferences.erb"), default => undef, }, } # We have /var/log/dpkg.log, so we do not need to rotate /var/log/upgrade.log $log = ">> /var/log/upgrade.log 2>&1" $apt = '/usr/bin/apt-get' if $upgrade_handler == 'apt' { $command = "${apt} update ${log} && ${apt} dist-upgrade -y ${log} && ${apt} autoremove -y ${log} && ${apt} clean ${log}" } elsif $upgrade_handler == 'hydra' { $command = "hydractl upgrade clean ${log}" } exec { 'nodo-apt-auto-update': command => "${apt} update ${log}", user => "root", refreshonly => true, } cron { 'nodo-apt-auto-upgrade': ensure => $auto_upgrade, command => $command, environment => [ 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', 'DEBIAN_FRONTEND=noninteractive' ], user => 'root', hour => $hour, minute => $minute, } }