progmaticltd · diffway · Apr 5, 2024 · Apr 6, 2024 · Apr 6, 2024 · Apr 8, 2024
diff --git a/config/defaults/version-large.yml b/config/defaults/version-large.yml
@@ -194,6 +194,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group

diff --git a/config/defaults/version-medium.yml b/config/defaults/version-medium.yml
@@ -189,6 +189,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group

diff --git a/config/defaults/version-mini.yml b/config/defaults/version-mini.yml
@@ -179,6 +179,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group

diff --git a/config/defaults/version-small.yml b/config/defaults/version-small.yml
@@ -189,6 +189,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group

diff --git a/config/samples/system-minimal.yml b/config/samples/system-minimal.yml
@@ -58,7 +58,8 @@ system:
   release: bookworm
   devel: false
   debug: false
-
+  apt:
+    mirror: deb.debian.org
 
 ###############################################################################
 # If you are using Gandi, you can enter an API key here

diff --git a/docs/30-define-your-config.md b/docs/30-define-your-config.md
@@ -68,7 +68,7 @@ If you are planning to work with multiple domains, jump to the next section dire
 Once you have chosen your flavour, you need to copy the configuration sample, to create yours:
 
 ```sh
-cp config/samples/minimal.yml config/system.yml
+cp config/samples/system-minimal.yml config/system.yml
 ```
 
 You also need to copy the inventory file for Ansible.
@@ -79,10 +79,10 @@ cp config/samples/hosts.yml config/hosts.yml
 
 ### Working with multiple domains
 
-To work with multiple domains, uses these commands instead, by adjusting `<domain-name>`:
+To work with multiple domains, use these commands instead, by adjusting `<domain-name>`:
 
 ```sh
-cp config/samples/minimal.yml config/system-<domain-name>.yml
+cp config/samples/system-minimal.yml config/system-<domain-name>.yml
 ```
 
 Same for the inventory file for Ansible:
@@ -91,7 +91,7 @@ Same for the inventory file for Ansible:
 cp config/samples/hosts.yml config/hosts-<domain-name>.yml
 ```
 
-The inventory should contains this:
+The inventory should contain this:
 
 ```yml
 all:
@@ -265,6 +265,8 @@ system:
   release: bookworm
   devel: false
   debug: false
+  apt:
+    mirror: deb.debian.org
 ```
 
 #### DNS provider

diff --git a/roles/bootstrap/tasks/check/apt.yml b/roles/bootstrap/tasks/check/apt.yml
@@ -1,5 +1,20 @@
 ---
 
+- name: Check apt mirror is valid for us
+  changed_when: false
+  failed_when: not system_apt_mirror_release_match.rc == 0
+  register: system_apt_mirror_release_match
+  ansible.builtin.shell: >-
+    wget --no-config -qO - --wait=3 --random-wait \
+      "http://{{ system.apt.mirror }}/debian/dists/{{ distribution_release }}/Release" \
+        |egrep -q "^Codename[:][[:blank:]]+{{ distribution_release }}"
+  loop:
+    - "{{ system.release }}"
+    - "{{ system.release }}-updates"
+    - "{{ system.release }}-backports"
+  loop_control:
+    loop_var: distribution_release
+
 - name: Check if we can run apt update without error
   ansible.builtin.apt:
     update_cache: true
diff --git a/roles/bootstrap/tasks/install/apt.yml b/roles/bootstrap/tasks/install/apt.yml
@@ -6,6 +6,22 @@
   ansible.builtin.set_fact:
     sections: '{{ system.apt.sections | join(" ") }}'
 
+
+- name: Check apt mirror is valid for us
+  changed_when: false
+  failed_when: not system_apt_mirror_release_match.rc == 0
+  register: system_apt_mirror_release_match
+  ansible.builtin.shell: >-
+    wget --no-config -qO - --wait=3 --random-wait \
+      "http://{{ system.apt.mirror }}/debian/dists/{{ distribution_release }}/Release" \
+        |egrep -q "^Codename[:][[:blank:]]+{{ distribution_release }}"
+  loop:
+    - "{{ system.release }}"
+    - "{{ system.release }}-updates"
+    - "{{ system.release }}-backports"
+  loop_control:
+    loop_var: distribution_release
+
 - name: Initialise default repositories
   register: repositories
   ansible.builtin.template:

diff --git a/roles/bootstrap/templates/sources.list b/roles/bootstrap/templates/sources.list
@@ -1,16 +1,16 @@
 # Main repository
-deb https://deb.debian.org/debian/ {{ system.release }} {{ sections }}
-deb-src https://deb.debian.org/debian/ {{ system.release }} {{ sections }}
+deb https://{{ system.apt.mirror }}/debian/ {{ system.release }} {{ sections }}
+deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }} {{ sections }}
 
 # Security updates
 deb https://security.debian.org/debian-security {{ system.release }}-security main contrib non-free
 deb-src https://security.debian.org/debian-security {{ system.release }}-security main contrib non-free
 
 # {{ system.release }}-updates, previously known as 'volatile'
-deb https://deb.debian.org/debian/ {{ system.release }}-updates {{ sections }}
-deb-src https://deb.debian.org/debian/ {{ system.release }}-updates {{ sections }}
+deb https://{{ system.apt.mirror }}/debian/ {{ system.release }}-updates {{ sections }}
+deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }}-updates {{ sections }}
 
 # Uncomment to activate backports
 # {{ system.release }}-backports, previously on backports.debian.org
-# deb https://deb.debian.org/debian/ {{ system.release }}-backports {{ sections }}
-# deb-src https://deb.debian.org/debian/ {{ system.release }}-backports {{ sections }}
+# deb https://{{ system.apt.mirror }}/debian/ {{ system.release }}-backports {{ sections }}
+# deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }}-backports {{ sections }}
diff --git a/roles/bootstrap/vars/main.yml b/roles/bootstrap/vars/main.yml
@@ -6,3 +6,4 @@ whitelisted_hosts:
   - deb.debian.org
   - letsencrypt.org
   - security.debian.org
+  - '{{ system.apt.mirror }}'