# -*- coding: utf-8 -*-
# vim: ft=yaml
---
apt:
  # Set the right keyring for the distro (ie ubuntu-keyring or ...)
  keyring_package: debian-archive-keyring

  remove_apt_conf: true
  clean_apt_conf_d: true

  remove_sources_list: true
  clean_sources_list_d: true

  remove_preferences: true
  clean_preferences_d: true

  apt_conf_d:
    30release:
      'APT::Default-Release': stable
    '40dpkg-options':
      'Dpkg::Options':
        - '--force-confdef'
        - '--force-confold'
    60proxy:
      'Acquire::ftp':
        Proxy: "ftp://127.0.0.1/"
        'Proxy::http.us.debian.org': DIRECT
        ProxyLogin:
          - "USER $(PROXY_USER)"
          - "PASS $(PROXY_PASS)"
          - "USER $(SITE_USER)@$(SITE):$(SITE_PORT)"
          - "PASS $(SITE_PASS)"
      DSelect:
        Clean: auto
        Options: -f
        UpdateOptions: ""
        PromptAfterUpdate: "no"

  unattended:
    allowed_origins:
      - origin1
      - origin2
    package_blacklist:
      - package1
      - package2
    origins_patterns:
      - origin=SaltStack
      - origin=Debian,archive=stable,label=Debian-Security
      - origin=Debian,archive=oldstable,label=Debian-Security
    auto_fix_interrupted_dpkg: true
    minimal_steps: false
    install_on_shutdown: false
    mail: root
    sender: root
    # Prefer using `mail_report: 'only-on-error'` over old syntax,
    # mail_only_on_error: false`
    # allowed values: 'always', 'only-on-error', 'on-change'
    mail_report: 'only-on-error'
    remove_unused_dependencies: true
    automatic_reboot: false
    dl_limit: 0
    enabled: 1
    update_package_lists: 1
    download_upgradeable_packages: 1
    unattended_upgrade: 1
    auto_clean_interval: 7
    verbose: 2
    syslog_enable: true
    syslog_facility: 'auth'
    dpkg_options: '--force-confold'
    update_days: ['Mon', 'Fri']
    package_whitelist_strict: false
    keep_debs_after_install: false

  listchanges:
    profiles:
      cmdline:
        frontend: pager
      apt:
        frontend: pager
        email_address: root
        confirm: 1
      custom:
        frontend: browser
        browser: mozilla

  repositories:
    security-stable:
      distro: stable/updates
      url: http://security.debian.org
      comps: [main, contrib, non-free]
      arch: [amd64, i386]
      type: [binary, source]
      key_url: https://ftp-master.debian.org/keys/archive-key-10-security.asc
    updates:
      distro: stable-updates
      url: http://deb.debian.org/debian/
      comps: [main, contrib, non-free]
      key_url: https://ftp-master.debian.org/keys/archive-key-10.asc
    raspbian:
      distro: stable
      url: http://archive.raspbian.org/raspbian
      type: [source]
      key_url: https://archive.raspbian.org/raspbian.public.key
    debian-jessie:
      distro: jessie
      url: http://deb.debian.org/debian
      type: [source]
      comps: [main, contrib, non-free]
    dropbox:
      distro: jessie
      url: http://linux.dropbox.com/debian
      arch: [i386, amd64]
      keyid: 1C61A2656FB57B7E4DE0F4C1FC918B335044912E
      keyserver: hkp://pgp.mit.edu:80
    intranet:
      distro: stretch
      url: http://intranet.example.org
      opts: "trusted=yes"
    extranet:
      distro: stretch
      url: https://extranet.example.org
      opts:
        trusted: 'yes'
        another: whatever

  preferences:
    00-rspamd:
      package: rspamd
      pin: origin rspamd.com
      priority: 650
    01-all:
      pin: release stable
      priority: 610
    02-all:
      pin: release testing
      priority: 600
    03-all:
      pin: release unstable
      priority: 50