arillso.system.packages role – Package management with multi-entry-point support

Note

This role is part of the arillso.system collection (version 1.0.5).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it use: ansible-galaxy collection install arillso.system.

To use it in a playbook, specify: arillso.system.packages.

Entry point `apt_config` – APT configuration entry point 

Synopsis 

Entry point for managing APT configuration files
Creates custom APT configuration files in /etc/apt/apt.conf.d/

Parameters 

Parameter	Comments
packages_apt_conf list / elements=dictionary / required	List of APT configuration files to create
name string / required	Configuration name
priority string	Configuration file priority (00-99) Default: `"90"`
settings list / elements=dictionary / required	List of APT configuration settings
key string / required	APT configuration key
value string / required	APT configuration value
packages_unattended_upgrades_allow_upgrades list / elements=string	Packages allowed to upgrade to new major versions (overrides pins) Default: `[]`
packages_unattended_upgrades_auto_clean integer	Days interval for autoclean (0 = disabled) Default: `7`
packages_unattended_upgrades_auto_reboot boolean	Automatically reboot if required Choices: `false` ← (default) `true`
packages_unattended_upgrades_auto_reboot_time string	Time for automatic reboot (HH:MM) Default: `"03:00"`
packages_unattended_upgrades_auto_reboot_with_users boolean	Reboot even if users are logged in Choices: `false` ← (default) `true`
packages_unattended_upgrades_auto_update boolean	Automatically update package lists Choices: `false` `true` ← (default)
packages_unattended_upgrades_auto_upgrade boolean	Automatically install security upgrades Choices: `false` `true` ← (default)
packages_unattended_upgrades_debug boolean	Enable debug logging Choices: `false` ← (default) `true`
packages_unattended_upgrades_download_limit integer	Download bandwidth limit in KB/s (0 = unlimited) Default: `0`
packages_unattended_upgrades_download_only boolean	Only download packages, don’t install Choices: `false` ← (default) `true`
packages_unattended_upgrades_fix_interrupted_dpkg boolean	Fix interrupted dpkg state Choices: `false` `true` ← (default)
packages_unattended_upgrades_install boolean	Install unattended-upgrades package Choices: `false` `true` ← (default)
packages_unattended_upgrades_install_on_shutdown boolean	Install upgrades on shutdown instead of background Choices: `false` ← (default) `true`
packages_unattended_upgrades_mail_enabled boolean	Enable email notifications Choices: `false` ← (default) `true`
packages_unattended_upgrades_mail_on_error_only boolean	Only send email on errors Choices: `false` `true` ← (default)
packages_unattended_upgrades_mail_to string	Email address for notifications Default: `"root"`
packages_unattended_upgrades_minimal_steps boolean	Split upgrades into smallest possible chunks Choices: `false` `true` ← (default)
packages_unattended_upgrades_origins list / elements=string	List of upgrade origins to allow Default: `["${distro_id}:${distro_codename}-security", "${distro_id}ESMApps:${distro_codename}-apps-security", "${distro_id}ESM:${distro_codename}-infra-security"]`
packages_unattended_upgrades_package_blacklist list / elements=string	Packages to never auto-update (supports wildcards) Default: `[]`
packages_unattended_upgrades_random_sleep integer	Random sleep time before running (seconds) Default: `0`
packages_unattended_upgrades_remove_new_unused_dependencies boolean	Remove dependencies that become unused after upgrade Choices: `false` `true` ← (default)
packages_unattended_upgrades_remove_unused_dependencies boolean	Automatically remove unused dependencies Choices: `false` `true` ← (default)
packages_unattended_upgrades_remove_unused_kernel_packages boolean	Automatically remove old kernel packages Choices: `false` `true` ← (default)
packages_unattended_upgrades_skip_updates_on_metered boolean	Skip updates on metered connections Choices: `false` `true` ← (default)
packages_unattended_upgrades_syslog_enable boolean	Enable syslog logging Choices: `false` `true` ← (default)
packages_unattended_upgrades_syslog_facility string	Syslog facility to use Default: `"daemon"`
packages_unattended_upgrades_timer_enabled boolean	Enable custom timer configuration Choices: `false` `true` ← (default)
packages_unattended_upgrades_timer_on_calendar string	Systemd OnCalendar timer expression (e.g., ‘daily’, ‘02:00’, ‘--* 04:00:00’) Default: `"daily"`
packages_unattended_upgrades_timer_persistent boolean	Run missed timers on boot if system was offline Choices: `false` `true` ← (default)
packages_unattended_upgrades_timer_randomized_delay string	Random delay before execution (e.g., ‘30m’, ‘1h’, ‘3600s’) Default: `"30m"`
packages_unattended_upgrades_verbose boolean	Enable verbose logging Choices: `false` ← (default) `true`
packages_unattended_upgrades_version_pins dictionary	Pin packages to major versions (block major upgrades, allow minor) Default: `{}`

Entry point `cache` – Package cache management entry point 

Synopsis 

Entry point for updating APT package cache
Used as dependency by other roles

Parameters 

Parameter	Comments
packages_cache_valid_time integer	Cache validity time in seconds Default: `3600`
packages_force_cache_update boolean	Force cache update regardless of age Choices: `false` ← (default) `true`
packages_update_cache boolean	Update APT cache Choices: `false` `true` ← (default)

Entry point `clean` – Package cleanup and configuration entry point 

Synopsis 

Entry point for cleaning package cache and configuring APT
Handles autoclean, autoremove, and APT configuration files

Parameters 

Parameter	Comments
packages_apt_conf list / elements=dictionary	List of APT configuration files to create Default: `[]`
name string / required	Configuration name
priority string	Configuration file priority (00-99) Default: `"90"`
settings list / elements=dictionary / required	List of APT configuration settings
key string / required	APT configuration key
value string / required	APT configuration value
packages_autoclean boolean	Clean package cache Choices: `false` ← (default) `true`
packages_autoremove boolean	Remove unused packages Choices: `false` ← (default) `true`

Entry point `hold` – Package hold entry point 

Synopsis 

Entry point for holding packages from unified list
Prevents packages from being upgraded

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	List of packages to hold
name string / required	Package name
state string	Package state (must be hold) Choices: `"hold"` ← (default)

Entry point `install` – Package installation entry point 

Synopsis 

Entry point for installing packages from unified list
Handles only installation operations (present, latest, build-dep states)

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	List of packages to install
force boolean	Force package operation Choices: `false` ← (default) `true`
install_recommends boolean	Install recommended packages Choices: `false` `true` ← (default)
name string / required	Package name
state string	Package state Choices: `"present"` ← (default) `"latest"` `"build-dep"`
packages_retry_count integer	Number of retries for failed operations Default: `3`
packages_retry_delay integer	Delay between retries in seconds Default: `10`

Entry point `keys` – APT key management entry point 

Synopsis 

Entry point for managing APT signing keys
Supports keys from URLs, keyservers, or direct data

Parameters 

Parameter	Comments
packages_keys list / elements=dictionary / required	List of APT signing keys to manage
data string	Key data directly
dearmor boolean	Convert ASCII-armored key to binary format using gpg --dearmor Choices: `false` ← (default) `true`
id string	Key ID for keyserver
keyring string	Path to keyring file for modern GPG key management
keyserver string	Keyserver to use
name string	Name for the key (used for default keyring filename)
state string	Key state Choices: `"present"` ← (default) `"absent"`
url string	URL to key file

Entry point `main` – Package management with multi-entry-point support 

Synopsis 

Manages APT packages including installation, removal, and configuration
Supports repositories, keys, and advanced APT configuration
Uses unified package list approach

Parameters 

Parameter	Comments
packages_apt_conf list / elements=dictionary	List of APT configuration files (includes proxy settings) Default: `[]`
name string / required	Configuration name
priority string	Configuration file priority (00-99) Default: `"90"`
settings list / elements=dictionary / required	List of APT configuration settings
key string / required	APT configuration key
value string / required	APT configuration value
packages_autoclean boolean	Clean package cache Choices: `false` ← (default) `true`
packages_autoremove boolean	Remove unused packages Choices: `false` ← (default) `true`
packages_cache_enabled boolean	Enable cache management entry point Choices: `false` `true` ← (default)
packages_cache_valid_time integer	Cache validity time in seconds Default: `3600`
packages_clean_enabled boolean	Enable cleanup entry point Choices: `false` ← (default) `true`
packages_force_cache_update boolean	Force cache update regardless of age Choices: `false` ← (default) `true`
packages_keys list / elements=dictionary	List of APT signing keys to add Default: `[]`
data string	Key data directly
id string	Key ID for keyserver
keyring string	Path to keyring file for modern GPG key management
keyserver string	Keyserver to use
name string	Name for the key (used for default keyring filename)
state string	Key state Choices: `"present"` ← (default) `"absent"`
url string	URL to key file
packages_keys_enabled boolean	Enable key management entry point Choices: `false` `true` ← (default)
packages_list list / elements=dictionary	Unified list of packages with their desired states Default: `[]`
force boolean	Force package operation Choices: `false` ← (default) `true`
install_recommends boolean	Install recommended packages Choices: `false` `true` ← (default)
name string / required	Package name
purge boolean	Purge package configuration (for absent state) Choices: `false` ← (default) `true`
state string	Package state Choices: `"present"` ← (default) `"latest"` `"absent"` `"build-dep"` `"hold"` `"unhold"`
packages_repositories list / elements=dictionary	List of APT repositories to add Default: `[]`
filename string	Custom filename for repository
repo string / required	Repository specification
state string	Repository state Choices: `"present"` ← (default) `"absent"`
packages_repositories_enabled boolean	Enable repository management entry point Choices: `false` `true` ← (default)
packages_retry_count integer	Number of retries for failed operations Default: `3`
packages_retry_delay integer	Delay between retries in seconds Default: `10`
packages_services_to_restart list / elements=string	List of services to restart after package changes Default: `[]`
packages_unattended_upgrades_enabled boolean	Enable unattended-upgrades entry point Choices: `false` ← (default) `true`
packages_update_cache boolean	Update APT cache before operations Choices: `false` `true` ← (default)
packages_upgrade string	Upgrade packages (false, yes, safe, full, dist) Choices: `"False"` ← (default) `"yes"` `"safe"` `"full"` `"dist"`
packages_upgrade_enabled boolean	Enable package upgrade entry point Choices: `false` ← (default) `true`

Entry point `packages` – Package processing entry point 

Synopsis 

Entry point for processing packages from unified list
Handles package installation, removal, hold/unhold operations
Executes package operations in correct order: unhold → remove → install → hold

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	Unified list of packages with their desired states
allow_unauthenticated boolean	Allow unauthenticated packages Choices: `false` ← (default) `true`
autoclean boolean	Clean package cache (for absent state) Choices: `false` ← (default) `true`
autoremove boolean	Remove unused packages (for absent state) Choices: `false` ← (default) `true`
cache_valid_time integer	Cache validity time in seconds
default_release string	Default release to install from
force boolean	Force package operation Choices: `false` ← (default) `true`
install_recommends boolean	Install recommended packages Choices: `false` `true` ← (default)
name string / required	Package name
only_upgrade boolean	Only upgrade, do not install Choices: `false` ← (default) `true`
purge boolean	Purge package configuration (for absent state) Choices: `false` ← (default) `true`
state string	Package state Choices: `"present"` ← (default) `"latest"` `"absent"` `"build-dep"` `"hold"` `"unhold"`
packages_retry_count integer	Number of retries for failed operations Default: `3`
packages_retry_delay integer	Delay between retries in seconds Default: `10`
packages_services_to_restart list / elements=string	List of services to restart after package changes Default: `[]`

Entry point `remove` – Package removal entry point 

Synopsis 

Entry point for removing packages from unified list
Handles only removal operations (absent state)

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	List of packages to remove
autoremove boolean	Remove unused packages Choices: `false` ← (default) `true`
force boolean	Force package operation Choices: `false` ← (default) `true`
name string / required	Package name
purge boolean	Purge package configuration Choices: `false` ← (default) `true`
state string	Package state (must be absent) Choices: `"absent"` ← (default)
packages_retry_count integer	Number of retries for failed operations Default: `3`
packages_retry_delay integer	Delay between retries in seconds Default: `10`

Entry point `repositories` – Repository management entry point 

Synopsis 

Entry point for managing APT repositories and keys
Handles repository addition and GPG key management

Parameters 

Parameter	Comments
packages_keys list / elements=dictionary	List of APT signing keys to add Default: `[]`
data string	Key data directly
id string	Key ID for keyserver
keyring string	Path to keyring file for modern GPG key management
keyserver string	Keyserver to use
name string	Name for the key (used for default keyring filename)
state string	Key state Choices: `"present"` ← (default) `"absent"`
url string	URL to key file
packages_repositories list / elements=dictionary / required	List of APT repositories to add

Entry point `unhold` – Package unhold entry point 

Synopsis 

Entry point for unholding packages from unified list
Allows previously held packages to be upgraded

Parameters 

Parameter	Comments
packages_list list / elements=dictionary / required	List of packages to unhold
name string / required	Package name
state string	Package state (must be unhold) Choices: `"unhold"` ← (default)

Entry point `upgrade` – Upgrade packages entry point 

Synopsis 

Entry point for upgrading system packages
Supports different upgrade strategies

Parameters 

Parameter	Comments
packages_upgrade string / required	Type of upgrade to perform Choices: `"yes"` `"safe"` `"full"` `"dist"`

arillso.system.packages role – Package management with multi-entry-point support

Collection links