arillso.system.packages role – Package management with multi-entry-point support

Note

This role is part of the arillso.system collection (version 1.0.5).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install arillso.system.

To use it in a playbook, specify: arillso.system.packages.

Entry point `apt_config` – APT configuration entry point 

Synopsis 

Entry point for managing APT configuration files
Creates custom APT configuration files in /etc/apt/apt.conf.d/

Parameters 

Parameter	Comments
packages_apt_conf list / elements=dictionary / required	List of APT configuration files to create
name string / required	Configuration name
priority string	Configuration file priority (00-99) Default: `"90"`
settings list / elements=dictionary / required	List of APT configuration settings
key string / required	APT configuration key
value string / required	APT configuration value
packages_unattended_upgrades_allow_upgrades list / elements=string	Packages allowed to upgrade to new major versions (overrides pins) Default: `[]`
packages_unattended_upgrades_auto_clean integer	Days interval for autoclean (0 = disabled) Default: `7`
packages_unattended_upgrades_auto_reboot boolean	Automatically reboot if required Choices: `false` ← (default) `true`
packages_unattended_upgrades_auto_reboot_time string	Time for automatic reboot (HH:MM) Default: `"03:00"`
packages_unattended_upgrades_auto_reboot_with_users boolean	Reboot even if users are logged in Choices: `false` ← (default) `true`
packages_unattended_upgrades_auto_update boolean	Automatically update package lists Choices: `false` `true` ← (default)
packages_unattended_upgrades_auto_upgrade boolean	Automatically install security upgrades Choices: `false` `true` ← (default)
packages_unattended_upgrades_debug boolean	Enable debug logging Choices: `false` ← (default) `true`
packages_unattended_upgrades_download_limit integer	Download bandwidth limit in KB/s (0 = unlimited) Default: `0`
packages_unattended_upgrades_download_only boolean	Only download packages, don’t install Choices: `false` ← (default) `true`
packages_unattended_upgrades_fix_interrupted_dpkg boolean	Fix interrupted dpkg state Choices: `false` `true` ← (default)
packages_unattended_upgrades_install boolean	Install unattended-upgrades package Choices: `false` `true` ← (default)
packages_unattended_upgrades_install_on_shutdown boolean	Install upgrades on shutdown instead of background Choices: `false` ← (default) `true`
packages_unattended_upgrades_mail_enabled boolean	Enable email notifications Choices: `false` ← (default) `true`
packages_unattended_upgrades_mail_on_error_only boolean	Only send email on errors Choices: `false` `true` ← (default)
packages_unattended_upgrades_mail_to string	Email address for notifications Default: `"root"`
packages_unattended_upgrades_minimal_steps boolean	Split upgrades into smallest possible chunks Choices: `false` `true` ← (default)
packages_unattended_upgrades_origins list / elements=string	List of upgrade origins to allow Default: `["${distro_id}:${distro_codename}-security", "${distro_id}ESMApps:${distro_codename}-apps-security", "${distro_id}ESM:${distro_codename}-infra-security"]`
packages_unattended_upgrades_package_blacklist list / elements=string	Packages to never auto-update (supports wildcards) Default: `[]`
packages_unattended_upgrades_random_sleep integer	Random sleep time before running (seconds) Default: `0`
packages_unattended_upgrades_remove_new_unused_dependencies boolean	Remove dependencies that become unused after upgrade Choices: `false` `true` ← (default)
packages_unattended_upgrades_remove_unused_dependencies boolean	Automatically remove unused dependencies Choices: `false` `true` ← (default)
packages_unattended_upgrades_remove_unused_kernel_packages boolean	Automatically remove old kernel packages Choices: `false` `true` ← (default)
packages_unattended_upgrades_skip_updates_on_metered boolean	Skip updates on metered connections Choices: `false` `true` ← (default)
packages_unattended_upgrades_syslog_enable boolean	Enable syslog logging Choices: `false` `true` ← (default)
packages_unattended_upgrades_syslog_facility string	Syslog facility to use Default: `"daemon"`
packages_unattended_upgrades_timer_enabled boolean	Enable custom timer configuration Choices: `false` `true` ← (default)
packages_unattended_upgrades_timer_on_calendar string	Systemd OnCalendar timer expression (e.g., ‘daily’, ‘02:00’, ‘--* 04:00:00’) Default: `"daily"`
packages_unattended_upgrades_timer_persistent boolean	Run missed timers on boot if system was offline Choices: `false` `true` ← (default)
packages_unattended_upgrades_timer_randomized_delay string	Random delay before execution (e.g., ‘30m’, ‘1h’, ‘3600s’) Default: `"30m"`
packages_unattended_upgrades_verbose boolean	Enable verbose logging Choices: `false` ← (default) `true`
packages_unattended_upgrades_version_pins dictionary	Pin packages to major versions (block major upgrades, allow minor) Default: `{}`

Entry point `cache` – Package cache management entry point 

Synopsis 

Entry point for updating APT package cache
Used as dependency by other roles

Parameters 

Parameter	Comments
packages_cache_update_delay integer	Delay between cache update retries in seconds Default: `10`
packages_cache_update_retries integer	Number of retries for cache update Default: `3`
packages_cache_valid_time integer	Cache validity time in seconds Default: `3600`
packages_force_cache_update boolean	Force cache update regardless of age Choices: `false` ← (default) `true`
packages_update_cache boolean	Update APT cache Choices: `false` `true` ← (default)

Entry point `clean` – Package cleanup and configuration entry point 

Synopsis 

Entry point for cleaning package cache and configuring APT
Handles autoclean, autoremove, and APT configuration files

Parameters 

Parameter	Comments
packages_apt_conf list / elements=dictionary	List of APT configuration files to create Default: `[]`
name string / required	Configuration name
priority string	Configuration file priority (00-99) Default: `"90"`
settings list / elements=dictionary / required	List of APT configuration settings
key string / required	APT configuration key
value string / required	APT configuration value
packages_autoclean boolean	Clean package cache Choices: `false` ← (default) `true`
packages_autoremove boolean	Remove unused packages Choices: `false` ← (default) `true`

Entry point `hold` – Package hold entry point 

Synopsis 

Entry point for holding packages from unified list
Prevents packages from being upgraded

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	List of packages to hold
name string / required	Package name
state string	Package state (must be hold) Choices: `"hold"` ← (default)

Entry point `install` – Package installation entry point 

Synopsis 

Entry point for installing packages from unified list
Handles only installation operations (present, latest, build-dep states)

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	List of packages to install
force boolean	Force package operation Choices: `false` ← (default) `true`
install_recommends boolean	Install recommended packages Choices: `false` `true` ← (default)
name string / required	Package name
state string	Package state Choices: `"present"` ← (default) `"latest"` `"build-dep"`
packages_retry_count integer	Number of retries for failed operations Default: `3`
packages_retry_delay integer	Delay between retries in seconds Default: `10`

Entry point `keys` – APT key management entry point 

Synopsis 

Entry point for managing APT signing keys
Supports keys from URLs, keyservers, or direct data

Parameters 

Parameter	Comments
packages_gpg_keyservers list / elements=string	List of GPG keyservers to try Default: `["keyserver.ubuntu.com", "keys.openpgp.org", "pgp.mit.edu"]`
packages_keys list / elements=dictionary / required	List of APT signing keys to manage
data string	Key data directly
dearmor boolean	Convert ASCII-armored key to binary format using gpg --dearmor Choices: `false` ← (default) `true`
id string	Key ID for keyserver
keyring string	Path to keyring file for modern GPG key management
keyserver string	Keyserver to use
name string	Name for the key (used for default keyring filename)
state string	Key state Choices: `"present"` ← (default) `"absent"`
url string	URL to key file
packages_keys_force_update boolean	Force update of GPG keys even if they already exist Choices: `false` ← (default) `true`

Entry point `main` – Package management with multi-entry-point support 

Synopsis 

Manages APT packages including installation, removal, and configuration
Supports repositories, keys, and advanced APT configuration
Uses unified package list approach

Parameters 

Parameter	Comments
packages_apt_acquire_allow_downgrade_to_insecure boolean	Allow downgrade to insecure repositories Choices: `false` ← (default) `true`
packages_apt_acquire_allow_insecure boolean	Allow insecure repositories Choices: `false` ← (default) `true`
packages_apt_acquire_allow_weak boolean	Allow weak security repositories Choices: `false` ← (default) `true`
packages_apt_acquire_check_valid_until boolean	Check Release file validity Choices: `false` `true` ← (default)
packages_apt_acquire_http_pipeline_depth integer	HTTP pipeline depth for downloads Default: `10`
packages_apt_acquire_http_timeout integer	HTTP acquire timeout in seconds Default: `120`
packages_apt_acquire_languages string	Languages for APT translations Default: `"none"`
packages_apt_acquire_queue_mode string	Acquire queue mode Default: `"host"`
packages_apt_acquire_retries integer	Number of acquire retries Default: `3`
packages_apt_acquire_timeout integer	Acquire timeout in seconds Default: `120`
packages_apt_acquire_translation list / elements=string	Translation files to acquire Default: `[]`
packages_apt_cache_archives string	Path to APT archives cache Default: `"/var/cache/apt/archives"`
packages_apt_cache_limit integer	APT cache size limit in bytes (0=unlimited) Default: `0`
packages_apt_cache_pkgcache string	Path to package cache Default: `"/var/cache/apt/pkgcache.bin"`
packages_apt_cache_srcpkgcache string	Path to source package cache Default: `"/var/cache/apt/srcpkgcache.bin"`
packages_apt_clean_lists boolean	Clean APT lists directory Choices: `false` ← (default) `true`
packages_apt_conf list / elements=dictionary	List of APT configuration files (includes proxy settings) Default: `[]`
name string / required	Configuration name
priority string	Configuration file priority (00-99) Default: `"90"`
settings list / elements=dictionary / required	List of APT configuration settings
key string / required	APT configuration key
value string / required	APT configuration value
packages_apt_fix_broken boolean	Attempt to fix broken dependencies Choices: `false` `true` ← (default)
packages_apt_fix_missing boolean	Attempt to fix missing packages Choices: `false` `true` ← (default)
packages_apt_force_confask boolean	Ask about configuration file changes Choices: `false` ← (default) `true`
packages_apt_force_confdef boolean	Use default action for configuration files Choices: `false` ← (default) `true`
packages_apt_force_confnew boolean	Replace configuration files with new versions Choices: `false` ← (default) `true`
packages_apt_force_confold boolean	Keep old configuration files on upgrade Choices: `false` `true` ← (default)
packages_apt_get_allow_unauthenticated boolean	Allow unauthenticated packages Choices: `false` ← (default) `true`
packages_apt_get_assume_yes boolean	Assume yes for APT operations Choices: `false` `true` ← (default)
packages_apt_install_recommends boolean	Install recommended packages by default Choices: `false` `true` ← (default)
packages_apt_install_suggests boolean	Install suggested packages by default Choices: `false` ← (default) `true`
packages_apt_lists_dir string	Directory for APT package lists Default: `"/var/lib/apt/lists"`
packages_apt_mirror_components list / elements=string	APT mirror components Default: `["main", "restricted", "universe", "multiverse"]`
packages_apt_mirror_distribution string	APT mirror distribution. Defaults to ansible_distribution_release.
packages_apt_mirror_enabled boolean	Enable APT mirror configuration Choices: `false` ← (default) `true`
packages_apt_mirror_uri string	APT mirror URI Default: `""`
packages_apt_periodic_autoclean integer	Interval for periodic autoclean (days) Default: `7`
packages_apt_periodic_download integer	Interval for periodic download (days, 0=disabled) Default: `0`
packages_apt_periodic_enabled boolean	Enable APT periodic updates Choices: `false` ← (default) `true`
packages_apt_periodic_update integer	Interval for periodic update (days) Default: `1`
packages_apt_periodic_verbose integer	Verbosity level for periodic operations Default: `0`
packages_apt_preferences list / elements=dictionary	APT pinning preferences Default: `[]`
package string / required	Package name pattern (e.g., ‘*’, ‘nginx’)
pin string / required	Pin specification (e.g., ‘release o=Ubuntu’, ‘version 1.24.*’)
priority integer / required	Pin priority value (0-1000)
packages_apt_proxy_enabled boolean	Enable APT proxy configuration Choices: `false` ← (default) `true`
packages_apt_proxy_ftp string	FTP proxy URL for APT Default: `""`
packages_apt_proxy_http string	HTTP proxy URL for APT Default: `""`
packages_apt_proxy_https string	HTTPS proxy URL for APT Default: `""`
packages_apt_proxy_socks string	SOCKS proxy URL for APT Default: `""`
packages_apt_update_allow_releaseinfo_change boolean	Allow release info changes during update Choices: `false` `true` ← (default)
packages_apt_update_allow_releaseinfo_change_codename boolean	Allow codename changes in release info Choices: `false` ← (default) `true`
packages_apt_update_allow_releaseinfo_change_label boolean	Allow label changes in release info Choices: `false` `true` ← (default)
packages_apt_update_allow_releaseinfo_change_origin boolean	Allow origin changes in release info Choices: `false` `true` ← (default)
packages_apt_update_allow_releaseinfo_change_suite boolean	Allow suite changes in release info Choices: `false` ← (default) `true`
packages_apt_update_allow_releaseinfo_change_version boolean	Allow version changes in release info Choices: `false` `true` ← (default)
packages_apt_update_error_mode string	Error mode for APT update Default: `"any"`
packages_autoclean boolean	Clean package cache Choices: `false` ← (default) `true`
packages_autoremove boolean	Remove unused packages Choices: `false` ← (default) `true`
packages_cache_enabled boolean	Enable cache management entry point Choices: `false` `true` ← (default)
packages_cache_update_delay integer	Delay between cache update retries in seconds Default: `10`
packages_cache_update_retries integer	Number of retries for cache update Default: `3`
packages_cache_valid_time integer	Cache validity time in seconds Default: `3600`
packages_clean_enabled boolean	Enable cleanup entry point Choices: `false` ← (default) `true`
packages_force_cache_update boolean	Force cache update regardless of age Choices: `false` ← (default) `true`
packages_gpg_keyservers list / elements=string	List of GPG keyservers to try Default: `["keyserver.ubuntu.com", "keys.openpgp.org", "pgp.mit.edu"]`
packages_keys list / elements=dictionary	List of APT signing keys to add Default: `[]`
data string	Key data directly
id string	Key ID for keyserver
keyring string	Path to keyring file for modern GPG key management
keyserver string	Keyserver to use
name string	Name for the key (used for default keyring filename)
state string	Key state Choices: `"present"` ← (default) `"absent"`
url string	URL to key file
packages_keys_enabled boolean	Enable key management entry point Choices: `false` `true` ← (default)
packages_keys_force_update boolean	Force update of GPG keys even if they already exist Choices: `false` ← (default) `true`
packages_list list / elements=dictionary	Unified list of packages with their desired states Default: `[]`
force boolean	Force package operation Choices: `false` ← (default) `true`
install_recommends boolean	Install recommended packages Choices: `false` `true` ← (default)
name string / required	Package name
purge boolean	Purge package configuration (for absent state) Choices: `false` ← (default) `true`
state string	Package state Choices: `"present"` ← (default) `"latest"` `"absent"` `"build-dep"` `"hold"` `"unhold"`
packages_log_level string	Log level for package operations Default: `"info"`
packages_repositories list / elements=dictionary	List of APT repositories to add Default: `[]`
filename string	Custom filename for repository
repo string / required	Repository specification
state string	Repository state Choices: `"present"` ← (default) `"absent"`
packages_repositories_enabled boolean	Enable repository management entry point Choices: `false` `true` ← (default)
packages_retry_count integer	Number of retries for failed operations Default: `3`
packages_retry_delay integer	Delay between retries in seconds Default: `10`
packages_services_to_restart list / elements=string	List of services to restart after package changes Default: `[]`
packages_unattended_upgrades_allow_upgrades list / elements=string	Packages allowed to upgrade to new major versions Default: `[]`
packages_unattended_upgrades_auto_clean integer	Days interval for autoclean (0 = disabled) Default: `7`
packages_unattended_upgrades_auto_reboot boolean	Automatically reboot if required Choices: `false` ← (default) `true`
packages_unattended_upgrades_auto_reboot_time string	Time for automatic reboot (HH:MM) Default: `"03:00"`
packages_unattended_upgrades_auto_reboot_with_users boolean	Reboot even if users are logged in Choices: `false` ← (default) `true`
packages_unattended_upgrades_auto_update boolean	Automatically update package lists Choices: `false` `true` ← (default)
packages_unattended_upgrades_auto_upgrade boolean	Automatically install security upgrades Choices: `false` `true` ← (default)
packages_unattended_upgrades_debug boolean	Enable debug logging Choices: `false` ← (default) `true`
packages_unattended_upgrades_download_limit integer	Download bandwidth limit in KB/s (0 = unlimited) Default: `0`
packages_unattended_upgrades_download_only boolean	Only download packages, don’t install Choices: `false` ← (default) `true`
packages_unattended_upgrades_enabled boolean	Enable unattended-upgrades entry point Choices: `false` ← (default) `true`
packages_unattended_upgrades_fix_interrupted_dpkg boolean	Fix interrupted dpkg state Choices: `false` `true` ← (default)
packages_unattended_upgrades_install boolean	Install unattended-upgrades package Choices: `false` `true` ← (default)
packages_unattended_upgrades_install_on_shutdown boolean	Install upgrades on shutdown Choices: `false` ← (default) `true`
packages_unattended_upgrades_mail_enabled boolean	Enable email notifications Choices: `false` ← (default) `true`
packages_unattended_upgrades_mail_on_error_only boolean	Only send email on errors Choices: `false` `true` ← (default)
packages_unattended_upgrades_mail_to string	Email address for notifications Default: `"root"`
packages_unattended_upgrades_minimal_steps boolean	Split upgrades into smallest possible chunks Choices: `false` `true` ← (default)
packages_unattended_upgrades_origins list / elements=string	List of upgrade origins to allow Default: `["${distro_id}:${distro_codename}-security", "${distro_id}ESMApps:${distro_codename}-apps-security", "${distro_id}ESM:${distro_codename}-infra-security"]`
packages_unattended_upgrades_package_blacklist list / elements=string	Packages to never auto-update Default: `[]`
packages_unattended_upgrades_random_sleep integer	Random sleep time before running (seconds) Default: `0`
packages_unattended_upgrades_remove_new_unused_dependencies boolean	Remove dependencies that become unused after upgrade Choices: `false` `true` ← (default)
packages_unattended_upgrades_remove_unused_dependencies boolean	Automatically remove unused dependencies Choices: `false` `true` ← (default)
packages_unattended_upgrades_remove_unused_kernel_packages boolean	Automatically remove old kernel packages Choices: `false` `true` ← (default)
packages_unattended_upgrades_skip_updates_on_metered boolean	Skip updates on metered connections Choices: `false` `true` ← (default)
packages_unattended_upgrades_syslog_enable boolean	Enable syslog logging Choices: `false` `true` ← (default)
packages_unattended_upgrades_syslog_facility string	Syslog facility to use Default: `"daemon"`
packages_unattended_upgrades_timer_enabled boolean	Enable custom timer configuration Choices: `false` `true` ← (default)
packages_unattended_upgrades_timer_on_calendar string	Systemd OnCalendar timer expression Default: `"daily"`
packages_unattended_upgrades_timer_persistent boolean	Run missed timers on boot if system was offline Choices: `false` `true` ← (default)
packages_unattended_upgrades_timer_randomized_delay string	Random delay before execution Default: `"30m"`
packages_unattended_upgrades_verbose boolean	Enable verbose logging Choices: `false` ← (default) `true`
packages_unattended_upgrades_version_pins dictionary	Pin packages to major versions Default: `{}`
packages_update_cache boolean	Update APT cache before operations Choices: `false` `true` ← (default)
packages_upgrade string	Upgrade packages (false, yes, safe, full, dist) Choices: `"false"` `"yes"` `"safe"` `"full"` `"dist"` Default: `"False"`
packages_upgrade_enabled boolean	Enable package upgrade entry point Choices: `false` ← (default) `true`

Entry point `packages` – Package processing entry point 

Synopsis 

Entry point for processing packages from unified list
Handles package installation, removal, hold/unhold operations
Executes package operations in correct order: unhold → remove → install → hold

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	Unified list of packages with their desired states
allow_unauthenticated boolean	Allow unauthenticated packages Choices: `false` ← (default) `true`
autoclean boolean	Clean package cache (for absent state) Choices: `false` ← (default) `true`
autoremove boolean	Remove unused packages (for absent state) Choices: `false` ← (default) `true`
cache_valid_time integer	Cache validity time in seconds
default_release string	Default release to install from
force boolean	Force package operation Choices: `false` ← (default) `true`
install_recommends boolean	Install recommended packages Choices: `false` `true` ← (default)
name string / required	Package name
only_upgrade boolean	Only upgrade, do not install Choices: `false` ← (default) `true`
purge boolean	Purge package configuration (for absent state) Choices: `false` ← (default) `true`
state string	Package state Choices: `"present"` ← (default) `"latest"` `"absent"` `"build-dep"` `"hold"` `"unhold"`
packages_retry_count integer	Number of retries for failed operations Default: `3`
packages_retry_delay integer	Delay between retries in seconds Default: `10`
packages_services_to_restart list / elements=string	List of services to restart after package changes Default: `[]`

Entry point `remove` – Package removal entry point 

Synopsis 

Entry point for removing packages from unified list
Handles only removal operations (absent state)

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	List of packages to remove
autoremove boolean	Remove unused packages Choices: `false` ← (default) `true`
force boolean	Force package operation Choices: `false` ← (default) `true`
name string / required	Package name
purge boolean	Purge package configuration Choices: `false` ← (default) `true`
state string	Package state (must be absent) Choices: `"absent"` ← (default)
packages_retry_count integer	Number of retries for failed operations Default: `3`
packages_retry_delay integer	Delay between retries in seconds Default: `10`

Entry point `repositories` – Repository management entry point 

Synopsis 

Entry point for managing APT repositories and keys
Handles repository addition and GPG key management

Parameters 

Parameter	Comments
packages_gpg_keyservers list / elements=string	List of GPG keyservers to try Default: `["keyserver.ubuntu.com", "keys.openpgp.org", "pgp.mit.edu"]`
packages_keys list / elements=dictionary	List of APT signing keys to add Default: `[]`
data string	Key data directly
id string	Key ID for keyserver
keyring string	Path to keyring file for modern GPG key management
keyserver string	Keyserver to use
name string	Name for the key (used for default keyring filename)
state string	Key state Choices: `"present"` ← (default) `"absent"`
url string	URL to key file
packages_keys_force_update boolean	Force update of GPG keys even if they already exist Choices: `false` ← (default) `true`
packages_repositories list / elements=dictionary / required	List of APT repositories to add

Entry point `unhold` – Package unhold entry point 

Synopsis 

Entry point for unholding packages from unified list
Allows previously held packages to be upgraded

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	List of packages to unhold
name string / required	Package name
state string	Package state (must be unhold) Choices: `"unhold"` ← (default)

Entry point `upgrade` – Upgrade packages entry point 

Synopsis 

Entry point for upgrading system packages
Supports different upgrade strategies

Parameters 

Parameter	Comments
packages_upgrade string / required	Type of upgrade to perform Choices: `"yes"` `"safe"` `"full"` `"dist"`

arillso.system.packages role – Package management with multi-entry-point support

Collection links