Merge branch 'progmaticltd:main' into allow-apt-mirrors

diffway · web-flow · commit 3dedbf2a2d06 · 2024-04-06T22:03:56.000+03:00
diff --git a/roles/bootstrap/defaults/main.yml b/roles/bootstrap/defaults/main.yml
@@ -25,3 +25,6 @@ base_packages:
   - systemd-timesyncd
   - unattended-upgrades
   - xkcdpass
+
+recommended_packages:
+  - colorize
diff --git a/roles/bootstrap/tasks/check/packages.yml b/roles/bootstrap/tasks/check/packages.yml
@@ -11,3 +11,11 @@
   loop_control:
     loop_var: pkg
   tags: apt
+
+- name: Check that all packages are installed
+  ansible.builtin.assert:
+    that: ansible_facts.packages[pkg] is defined
+  loop: '{{ recommended_packages }}'
+  loop_control:
+    loop_var: pkg
+  tags: apt
diff --git a/roles/bootstrap/tasks/install/network.yml b/roles/bootstrap/tasks/install/network.yml
@@ -2,7 +2,9 @@
 
 - name: Install unbound
   ansible.builtin.apt:
-    name: unbound
+    pkg:
+      - dns-root-data
+      - unbound
     state: present
   tags: network
 
diff --git a/roles/bootstrap/tasks/install/packages.yml b/roles/bootstrap/tasks/install/packages.yml
@@ -4,3 +4,8 @@
   ansible.builtin.apt:
     name: '{{ base_packages }}'
     state: present
+
+- name: Install the packages absolutely required
+  ansible.builtin.apt:
+    name: '{{ recommended_packages }}'
+    state: present
diff --git a/roles/certificates/tasks/install/pre-install-common.yml b/roles/certificates/tasks/install/pre-install-common.yml
@@ -35,7 +35,7 @@
 - name: Get the DNS api key
   no_log: '{{ hide_secrets }}'
   ansible.builtin.set_fact:
-    api_key: '{{ lookup(creds.store, creds.prefix + "dns/api-key") }}'
+    api_key: '{{ lookup(creds.store, creds.prefix + "/dns/api-key") }}'
   tags: preinstall
 
 # LetsEncrypt will need to be accessed once the DNS server is live.
diff --git a/roles/certificates/vars/main.yml b/roles/certificates/vars/main.yml
@@ -2,7 +2,6 @@
 
 cert_packages:
   - ca-certificates
-  - colorize
   - gnutls-bin
   - jq
   - lego
diff --git a/roles/dns-pdns/tasks/install/config.yml b/roles/dns-pdns/tasks/install/config.yml
@@ -42,7 +42,7 @@
   no_log: '{{ hide_secrets }}'
   ansible.builtin.set_fact:
     api_key: >-
-      {{ lookup(creds.store, creds.prefix + "dns/api-key" +
+      {{ lookup(creds.store, creds.prefix + "/dns/api-key" +
       creds.opts.create + creds.opts.system)
       }}
   tags: config
diff --git a/scripts/switch-domain.sh b/scripts/switch-domain.sh
@@ -26,7 +26,7 @@ cd "$SCRIPT_PATH/../config" || exit
 
 if [ ! -f "system-${domain}.yml" ]; then
     echo "Create the system-${domain}.yml file in config first."
-    echo "See system-example.yml for bare minimum and defaults.yml for all possible values"
+    echo "See system-minimal.yml for bare minimum and defaults.yml for all possible values"
     exit 2;
 fi
 
