Allow apt mirrors

config/defaults/version-large.yml

@@ -194,6 +194,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group

config/defaults/version-medium.yml

@@ -189,6 +189,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group

config/defaults/version-mini.yml

@@ -179,6 +179,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group

config/defaults/version-small.yml

@@ -189,6 +189,7 @@ system_default:
   reboot_timeout: 300      # wait 5 minutes max when rebooting the system
   apt:                     # The apt sections to use,
     sections: [ main ]     # contrib and non-free not activated by default
+    mirror: deb.debian.org # package mirror to use
 
   # Administration settings
   # the user below is automatically added to the sudo group

config/samples/system-minimal.yml

@@ -58,7 +58,8 @@ system:
   release: bookworm
   devel: false
   debug: false
-
+  apt:
+    mirror: deb.debian.org
 
 ###############################################################################
 # If you are using Gandi, you can enter an API key here

docs/30-define-your-config.md

@@ -68,7 +68,7 @@ If you are planning to work with multiple domains, jump to the next section dire
 Once you have chosen your flavour, you need to copy the configuration sample, to create yours:
 
 ```sh
-cp config/samples/minimal.yml config/system.yml
+cp config/samples/system-minimal.yml config/system.yml
 ```
 
 You also need to copy the inventory file for Ansible.
@@ -79,10 +79,10 @@ cp config/samples/hosts.yml config/hosts.yml
 
 ### Working with multiple domains
 
-To work with multiple domains, uses these commands instead, by adjusting `<domain-name>`:
+To work with multiple domains, use these commands instead, by adjusting `<domain-name>`:
 
 ```sh
-cp config/samples/minimal.yml config/system-<domain-name>.yml
+cp config/samples/system-minimal.yml config/system-<domain-name>.yml
 ```
 
 Same for the inventory file for Ansible:
@@ -91,7 +91,7 @@ Same for the inventory file for Ansible:
 cp config/samples/hosts.yml config/hosts-<domain-name>.yml
 ```
 
-The inventory should contains this:
+The inventory should contain this:
 
 ```yml
 all:
@@ -265,6 +265,8 @@ system:
   release: bookworm
   devel: false
   debug: false
+  apt:
+    mirror: deb.debian.org
 ```
 
 #### DNS provider

roles/bootstrap/tasks/check/apt.yml

@@ -1,5 +1,17 @@
 ---
 
+- name: Check if apt mirror is valid
+  register: mirror
+  ansible.builtin.uri:
+    url: http://{{ system.apt.mirror }}/debian/dists/{{ distribution_release }}/Release
+    return_content: true
+  loop:
+    - "{{ system.release }}"
+    - "{{ system.release }}-updates"
+    - "{{ system.release }}-backports"
+  loop_control:
+    loop_var: distribution_release
+
 - name: Check if we can run apt update without error
   ansible.builtin.apt:
     update_cache: true

roles/bootstrap/tasks/install/apt.yml

@@ -6,6 +6,18 @@
   ansible.builtin.set_fact:
     sections: '{{ system.apt.sections | join(" ") }}'
 
+- name: Check if apt mirror is valid
+  register: mirror
+  ansible.builtin.uri:
+    url: http://{{ system.apt.mirror }}/debian/dists/{{ distribution_release }}/Release
+    return_content: true
+  loop:
+    - "{{ system.release }}"
+    - "{{ system.release }}-updates"
+    - "{{ system.release }}-backports"
+  loop_control:
+    loop_var: distribution_release
+
 - name: Initialise default repositories
   register: repositories
   ansible.builtin.template:

roles/bootstrap/templates/sources.list

@@ -1,16 +1,16 @@
 # Main repository
-deb https://deb.debian.org/debian/ {{ system.release }} {{ sections }}
-deb-src https://deb.debian.org/debian/ {{ system.release }} {{ sections }}
+deb https://{{ system.apt.mirror }}/debian/ {{ system.release }} {{ sections }}
+deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }} {{ sections }}
 
 # Security updates
 deb https://security.debian.org/debian-security {{ system.release }}-security main contrib non-free
 deb-src https://security.debian.org/debian-security {{ system.release }}-security main contrib non-free
 
 # {{ system.release }}-updates, previously known as 'volatile'
-deb https://deb.debian.org/debian/ {{ system.release }}-updates {{ sections }}
-deb-src https://deb.debian.org/debian/ {{ system.release }}-updates {{ sections }}
+deb https://{{ system.apt.mirror }}/debian/ {{ system.release }}-updates {{ sections }}
+deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }}-updates {{ sections }}
 
 # Uncomment to activate backports
 # {{ system.release }}-backports, previously on backports.debian.org
-# deb https://deb.debian.org/debian/ {{ system.release }}-backports {{ sections }}
-# deb-src https://deb.debian.org/debian/ {{ system.release }}-backports {{ sections }}
+# deb https://{{ system.apt.mirror }}/debian/ {{ system.release }}-backports {{ sections }}
+# deb-src https://{{ system.apt.mirror }}/debian/ {{ system.release }}-backports {{ sections }}

roles/bootstrap/vars/main.yml

@@ -3,6 +3,6 @@
 whitelisted_hosts:
   - api.ipify.org
   - api64.ipify.org
-  - deb.debian.org
   - letsencrypt.org
   - security.debian.org
+  - '{{ system.apt.mirror }}'