feat: move to dedicated repo

templates/apt/conf.d/10periodic.j2

@@ -0,0 +1,3 @@
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Download-Upgradeable-Packages "0";
+APT::Periodic::AutocleanInterval "1";

templates/apt/conf.d/50unattended-upgrades.Debian.j2

@@ -0,0 +1,44 @@
+Unattended-Upgrade::Origins-Pattern {
+
+  # debian
+  "origin=Debian,codename=${distro_codename}";
+  "origin=Debian,codename=${distro_codename}-updates";
+  "origin=Debian,codename=${distro_codename}-security";
+
+  # crowdsec
+  "origin=packagecloud.io/crowdsec/crowdsec,label=crowdsec";
+
+  # tailscale updates
+  "origin=Tailscale,codename=${distro_codename},label=Tailscale";
+
+  # zabbix
+  "origin=Zabbix,codename=${distro_codename},label=zabbix";
+  "origin=zabbix,codename=${distro_codename},label=zabbix";
+};
+
+Unattended-Upgrade::Package-Blacklist {
+};
+
+# dpkg | default > old
+Dpkg::Options {
+   "--force-confdef";
+   "--force-confold";
+};
+
+# auto upgrade packages
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+Unattended-Upgrade::DevRelease "{{ apt_devrelease | default('false') }}";
+Unattended-Upgrade::AutoFixInterruptedDpkg "{{ apt_autofix_interrupted_dpkg | default('true') }}";
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "{{ apt_remove_unused_kernel_packages | default('true') }}";
+Unattended-Upgrade::Remove-New-Unused-Dependencies "{{ apt_remove_new_unused_dependancies | default('true') }}";
+Unattended-Upgrade::Remove-Unused-Dependencies "{{ apt_remove_unused_dependancies | default('true') }}";
+
+# auto reboot
+Unattended-Upgrade::Automatic-Reboot "{{ apt_automatic_reboot }}";
+Unattended-Upgrade::Automatic-Reboot-WithUsers "{{ apt_automatic_reboot_with_users | default('true') }}";
+Unattended-Upgrade::Automatic-Reboot-Time "{{ apt_automatic_reboot_time }}";
+
+# syslog
+Unattended-Upgrade::SyslogEnable "{{ apt_syslog_enable | default('true') }}";
+Unattended-Upgrade::SyslogFacility "{{ apt_syslog_facility | default('daemon') }}";

templates/apt/conf.d/50unattended-upgrades.Ubuntu.j2

@@ -0,0 +1,44 @@
+Unattended-Upgrade::Allowed-Origins {
+
+  # ubuntu updates
+  "${distro_id}:${distro_codename}";
+  "${distro_id}:${distro_codename}-security";
+  "${distro_id}:${distro_codename}-updates";
+  "${distro_id}:${distro_codename}-proposed";
+  "${distro_id}:${distro_codename}-backports";
+
+  # crowdsec
+  "packagecloud.io/crowdsec/crowdsec:${distro_codename}";
+
+  # tailscale updates
+  "Tailscale:${distro_codename}";
+
+  # zabbix updates
+  "Zabbix:${distro_codename}";
+  "zabbix:${distro_codename}";
+};
+
+Unattended-Upgrade::Package-Blacklist {
+};
+
+# dpkg | default > old
+Dpkg::Options {
+   "--force-confdef";
+   "--force-confold";
+};
+
+# auto upgrade packages
+Unattended-Upgrade::DevRelease "{{ apt_devrelease | default('false') }}";
+Unattended-Upgrade::AutoFixInterruptedDpkg "{{ apt_autofix_interrupted_dpkg | default('true') }}";
+Unattended-Upgrade::Remove-Unused-Kernel-Packages "{{ apt_remove_unused_kernel_packages | default('true') }}";
+Unattended-Upgrade::Remove-New-Unused-Dependencies "{{ apt_remove_new_unused_dependancies | default('true') }}";
+Unattended-Upgrade::Remove-Unused-Dependencies "{{ apt_remove_unused_dependancies | default('true') }}";
+
+# auto reboot
+Unattended-Upgrade::Automatic-Reboot "{{ apt_automatic_reboot }}";
+Unattended-Upgrade::Automatic-Reboot-WithUsers "{{ apt_automatic_reboot_with_users | default('true') }}";
+Unattended-Upgrade::Automatic-Reboot-Time "{{ apt_automatic_reboot_time }}";
+
+# syslog
+Unattended-Upgrade::SyslogEnable "{{ apt_syslog_enable | default('true') }}";
+Unattended-Upgrade::SyslogFacility "{{ apt_syslog_facility | default('daemon') }}";

templates/apt/sources.d/Ubuntu.sources.j2

@@ -0,0 +1,12 @@
+Types: deb
+URIs: {{ apt_repository_main }}
+Suites: {{ ansible_distribution_release }} {{ ansible_distribution_release }}-updates {{ ansible_distribution_release }}-backports
+Components: main restricted {% if apt_enable_universe == True %}universe{% endif %} {% if apt_enable_multiverse == True %}multiverse{% endif %} 
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+Types: deb
+URIs: {{ apt_repository_security }}
+Suites: {{ ansible_distribution_release }}-security
+Components: main restricted {% if apt_enable_universe == True %}universe{% endif %} {% if apt_enable_multiverse == True %}multiverse{% endif %} 
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+

templates/apt/sources.d/sources.list.Debian.j2

@@ -0,0 +1,3 @@
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
+deb http://security.debian.org bookworm-security main contrib non-free non-free-firmware

templates/apt/sources.d/sources.list.Ubuntu.j2

@@ -0,0 +1,21 @@
+# main + restricted
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }} main restricted
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-updates main restricted
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-security main restricted
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-backports main restricted
+
+{% if apt_enable_universe == True %}
+# universe
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }} universe
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-updates universe
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-security universe
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-backports universe
+
+{% endif %}
+{% if apt_enable_multiverse == True %}
+# multiverse
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }} multiverse
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-updates multiverse
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-security multiverse
+deb [ arch=amd64 ] {{ apt_repository }} {{ ansible_distribution_release }}-backports multiverse
+{% endif %}