fix: enforce https on repository installation

Previously was just http to allow for caching and non-caching of
packages. Currently, a client tool exists to rewrite repository
definitions.

salt/ansible/files/repo/ansible.list

@@ -1,2 +1,2 @@
-deb [signed-by=/usr/share/keyrings/ansible.asc] http://ppa.launchpad.net/ansible/ansible/ubuntu focal main
+deb [signed-by=/usr/share/keyrings/ansible.asc] https://ppa.launchpad.net/ansible/ansible/ubuntu focal main
 # vim: ft=debsources

salt/ansible/files/repo/ansible.sources

@@ -1,5 +1,5 @@
 Types: deb
-URIs: http://ppa.launchpad.net/ansible/ansible/ubuntu
+URIs: https://ppa.launchpad.net/ansible/ansible/ubuntu
 Suites: jammy
 Components: main
 Signed-by: /usr/share/keyrings/ansible.asc

salt/browser/files/repo/chrome.list

@@ -1,2 +1,2 @@
-deb [signed-by=/usr/share/keyrings/chrome.asc] http://dl.google.com/linux/chrome/deb/ stable main
+deb [signed-by=/usr/share/keyrings/chrome.asc] https://dl.google.com/linux/chrome/deb/ stable main
 # vim:ft=debsources

salt/browser/files/repo/chrome.sources

@@ -1,5 +1,5 @@
 Types: deb
-URIs: http://dl.google.com/linux/chrome/deb/
+URIs: https://dl.google.com/linux/chrome/deb/
 Suites: stable
 Components: main
 Signed-by: /usr/share/keyrings/chrome.asc

salt/browser/files/repo/chrome.yum.repo

@@ -1,6 +1,6 @@
 [google-chrome]
 name=google-chrome - $basearch
-baseurl=http://dl.google.com/linux/chrome/rpm/stable/$basearch
+baseurl=https://dl.google.com/linux/chrome/rpm/stable/$basearch
 enabled=1
 gpgcheck=1
 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-chrome

salt/docker/files/repo/docker.list

@@ -1,2 +1,2 @@
-deb [arch=amd64 signed-by=/usr/share/keyrings/docker.asc] http://download.docker.com/linux/debian bookworm stable
+deb [arch=amd64 signed-by=/usr/share/keyrings/docker.asc] https://download.docker.com/linux/debian bookworm stable
 # vim: ft=debsources

salt/docker/files/repo/docker.sources

@@ -1,5 +1,5 @@
 Types: deb
-URIs: http://download.docker.com/linux/debian
+URIs: https://download.docker.com/linux/debian
 Suites: bookworm
 Components: stable
 Signed-by: /usr/share/keyrings/docker.asc

salt/kicksecure-minimal/files/repo/derivative.sources

@@ -1,5 +1,5 @@
 Types: deb
-URIs: http://deb.kicksecure.com
+URIs: https://deb.kicksecure.com
 Suites: bookworm
 Components: main contrib non-free
 Signed-by: /usr/share/keyrings/derivative.asc

salt/opentofu/files/repo/opentofu.list

@@ -1,2 +1,2 @@
-deb [signed-by=/usr/share/keyrings/opentofu.asc] http://packages.opentofu.org/opentofu/tofu/any/ any main
+deb [signed-by=/usr/share/keyrings/opentofu.asc] https://packages.opentofu.org/opentofu/tofu/any/ any main
 # vim:ft=debsources

salt/opentofu/files/repo/opentofu.sources

@@ -1,5 +1,5 @@
 Types: deb
-URIs: http://packages.opentofu.org/opentofu/tofu/any/
+URIs: https://packages.opentofu.org/opentofu/tofu/any/
 Suites: any
 Components: main
 Signed-by: /usr/share/keyrings/opentofu.asc

salt/opentofu/files/repo/opentofu.yum.repo

@@ -1,6 +1,6 @@
 [opentofu]
 name=opentofu
-baseurl=http://packages.opentofu.org/opentofu/tofu/rpm_any/rpm_any/$basearch
+baseurl=https://packages.opentofu.org/opentofu/tofu/rpm_any/rpm_any/$basearch
 repo_gpgcheck=0
 gpgcheck=1
 enabled=1
@@ -11,7 +11,7 @@ metadata_expire=300
 
 [opentofu-source]
 name=opentofu-source
-baseurl=http://packages.opentofu.org/opentofu/tofu/rpm_any/rpm_any/SRPMS
+baseurl=https://packages.opentofu.org/opentofu/tofu/rpm_any/rpm_any/SRPMS
 repo_gpgcheck=0
 gpgcheck=1
 enabled=1

salt/signal/files/repo/signal.list

@@ -1,2 +1,2 @@
-deb [arch=amd64 signed-by=/usr/share/keyrings/signal.asc] http://updates.signal.org/desktop/apt xenial main
+deb [arch=amd64 signed-by=/usr/share/keyrings/signal.asc] https://updates.signal.org/desktop/apt xenial main
 # vim: ft=debsources

salt/signal/files/repo/signal.sources

@@ -1,5 +1,5 @@
 Types: deb
-URIs: http://updates.signal.org/desktop/apt
+URIs: https://updates.signal.org/desktop/apt
 Suites: xenial
 Components: main
 Signed-by: /usr/share/keyrings/signal.asc

salt/sys-cacher/uninstall-client.sls

@@ -4,11 +4,17 @@ SPDX-FileCopyrightText: 2023 - 2024 Benjamin Grande M. S. <ben.grande.b@gmail.co
 SPDX-License-Identifier: AGPL-3.0-or-later
 #}
 
+{% if salt['cmd.shell']('command -v apt-cacher-ng-repo >/dev/null') -%}
 "{{ slsdotpath }}-uninstall-client-repository-modifications":
   cmd.run:
     - name: apt-cacher-ng-repo uninstall
     - stateful: True
     - runas: root
+{% endif -%}
+
+"{{ slsdotpath }}-uninstall-client-scripts":
+  file.absent:
+    - name: /usr/bin/apt-cacher-ng-repo
 
 "{{ slsdotpath }}-uninstall-client-systemd-service":
   file.absent:

salt/sys-syncthing/files/repo/syncthing.list

@@ -1,2 +1,2 @@
-deb [signed-by=/usr/share/keyrings/syncthing.asc] http://apt.syncthing.net/ syncthing stable
+deb [signed-by=/usr/share/keyrings/syncthing.asc] https://apt.syncthing.net/ syncthing stable
 # vim:ft=debsources

salt/sys-syncthing/files/repo/syncthing.sources

@@ -1,6 +1,6 @@
 ## NOTE: Syncthing maintainers inverted the Suites with the Components field.
 Types: deb
-URIs: http://apt.syncthing.net/
+URIs: https://apt.syncthing.net/
 Suites: syncthing
 Components: stable
 Signed-by: /usr/share/keyrings/syncthing.asc

salt/terraform/files/repo/terraform.list

@@ -1,2 +1,2 @@
-deb [signed-by=/usr/share/keyrings/terraform.asc] http://apt.releases.hashicorp.com bookworm main
+deb [signed-by=/usr/share/keyrings/terraform.asc] https://apt.releases.hashicorp.com bookworm main
 # vim:ft=debsources

salt/terraform/files/repo/terraform.sources

@@ -1,5 +1,5 @@
 Types: deb
-URIs: http://apt.releases.hashicorp.com
+URIs: https://apt.releases.hashicorp.com
 Suites: bookworm
 Components: main
 Signed-by: /usr/share/keyrings/terraform.asc

salt/utils/macros/install-repo.sls

@@ -81,4 +81,10 @@ If sls_path is 'browser', then this would install the repo from:
 
 {% endif -%}
 
+{% if salt['cmd.shell']('command -v apt-cacher-ng-repo >/dev/null') -%}
+"{{ name }}-run-apt-cacher-ng-repo":
+  cmd.run:
+    - name: apt-cacher-ng-repo
+{% endif -%}
+
 {% endmacro -%}