secure apt setup using HTTPS and Tor

parent e1137ad4
......@@ -3,12 +3,59 @@
become_method: su
tasks:
- name: "apt_repository: enable stretch-backports"
- name: "apt: install debian packages for secure apt setup"
apt:
name: "{{item}}"
state: latest
install_recommends: no
update_cache: yes
with_items:
- apt-transport-https
- apt-transport-tor
- debian-archive-keyring
- gnupg
- tor
- name: "apt_repository: sgvtcaew4bxjd7ln.onion as first repo"
apt_repository:
repo: 'deb http://deb.debian.org/debian stretch-backports main'
state: present
repo: 'deb tor+http://sgvtcaew4bxjd7ln.onion/debian-security stretch/updates main'
filename: 0.sgvtcaew4bxjd7ln.onion
update_cache: no
become: yes
- name: "apt_repository: debian.osuosl.org stretch"
apt_repository:
repo: |
deb https://debian.osuosl.org/debian/ stretch main
update_cache: no
- name: "apt_repository: debian.osuosl.org stretch-updates"
apt_repository:
repo: |
deb https://debian.osuosl.org/debian/ stretch-updates main
update_cache: no
- name: "apt_repository: debian.osuosl.org stretch-backports"
apt_repository:
repo: |
deb https://debian.osuosl.org/debian/ stretch-backports main
update_cache: no
- name: "apt_repository: deb.debian.org debian-security"
apt_repository:
repo: |
deb https://deb.debian.org/debian-security/ stretch/updates main
update_cache: no
- name: "apt_repository: security.debian.org"
apt_repository:
repo: 'deb http://security.debian.org/debian-security stretch/updates main'
update_cache: no
- name: "copy: clear /etc/apt/sources.list"
copy:
content: ""
dest: "/etc/apt/sources.list"
- name: "copy: apt pinning rule for backports packages"
copy:
content: |
......@@ -17,6 +64,12 @@
Pin-Priority: 500
dest: /etc/apt/preferences.d/debian-stretch-backports.pref
become: yes
- name: "apt: dist-upgrade"
apt:
update_cache: yes
upgrade: dist
- name: "apt: install debian packages"
apt:
name: "{{item}}"
......@@ -24,7 +77,6 @@
autoclean: yes
autoremove: yes
install_recommends: no
update_cache: yes
with_items:
# essential utilities
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment