update..

group_vars/all/main.yml

@@ -327,6 +327,123 @@ apt_initial_install_buster:
   - socat
   - wakeonlan
 
+apt_initial_install_bullseye:
+  - apt-transport-https
+  - dbus
+  - openssh-server
+  - rush
+  - vim
+  - vim-common
+  - vim-doc
+  - mc
+  - screen
+  - tmux
+  - cron
+  - bc
+  - figlet
+  - rcconf
+  - sudo
+  - rsync
+  - dselect
+  - iputils-ping
+  - apt-utils
+  - aptitude
+  - zip
+  - unzip
+  - bzip2
+  - arj
+  - locate
+  - curl
+  - gawk
+  - mawk
+  - lynx
+  - links
+  - w3m
+  - universal-ctags
+  - mime-support
+  - file
+  - coreutils
+  - moreutils
+  - less
+  - sipcalc
+  - psmisc
+  - dnsutils
+  - rblcheck
+  - whois
+  - gettext
+  - gettext-base
+  - gettext-doc
+  - debian-keyring
+  - patch
+  - patchutils
+  - recode
+  - recode-doc 
+  - librecode0
+  - librecode-dev
+  - sharutils
+  - perl
+  - perl-modules-5.32
+  - perl-doc
+  - libperl-dev
+  - libterm-readline-gnu-perl
+  - libterm-readline-perl-perl
+  - libterm-readkey-perl
+  - libmail-imapclient-perl
+  - libtime-duration-perl
+  - libtimedate-perl
+  - libwww-perl
+  - libpcre3
+  - libio-compress-perl
+  - libreadline-dev
+  - re2c
+  - util-linux
+  - parted
+  - lshw
+  - gdisk
+  - smartmontools
+  - tcpdump
+  - telnet
+  - unhide
+  - lsof
+  - hdparm
+  - groff
+  - iproute2
+  - bridge-utils
+  - vlan
+  - ethtool
+  - wipe
+  - iperf
+  - mtr
+  - iptraf
+  - wget
+  - logrotate
+  - rsyslog
+  - haveged
+  - rdate
+  - ntpdate
+  - wipe
+  - man
+  - groff
+  - iptables
+  - shellcheck
+  - ssl-cert
+  - ssl-cert-check
+  - git
+  - ftp
+  - htop
+  - net-tools
+  - lsb-release
+  - attr
+  - acl
+  - quota
+  - quotatool
+  - needrestart
+  - socat
+  - zsh
+  - lua5.4
+  - btrfs-progs
+  - fdisk
+
 apt_initial_install_xenial:
   - apt-transport-https
   - dbus

roles/common/tasks/apt.yml

@@ -65,6 +65,7 @@
     name: "{{ apt_initial_install_stretch }}"
     state: "{{ apt_install_state }}"
   when:
+    - apt_initial_install_stretch is defined and apt_initial_install_stretch|length > 0
     - ansible_facts['distribution'] == "Debian"
     - ansible_facts['distribution_major_version'] == "9"
   tags:
@@ -76,12 +77,25 @@
     name: "{{ apt_initial_install_buster }}"
     state: "{{ apt_install_state }}"
   when:
+    - apt_initial_install_buster is defined and apt_initial_install_buster|length > 0
     - ansible_facts['distribution'] == "Debian"
     - ansible_facts['distribution_major_version'] == "10"
   tags:
     - apt-initial-install
 
 
+- name: (apt.yml) Initial install debian packages (bullseye)
+  apt:
+    name: "{{ apt_initial_install_bullseye }}"
+    state: "{{ apt_install_state }}"
+  when:
+    - apt_initial_install_bullseye is defined and apt_initial_install_bullseye|length > 0
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version'] == "11"
+  tags:
+    - apt-initial-install
+
+
 - name: (apt.yml) Initial install ubuntu packages (bionic)
   apt:
     name: "{{ apt_initial_install_bionic }}"
@@ -122,30 +136,15 @@
     - apt-microcode
 
 
-- name: (apt.yml) Ensure we have CPU microcode from backports for AMD CPU (debian stretch)
-  apt:
-    name: "{{ microcode_amd_package }}"
-    state: present
-    default_release: "{{ ansible_distribution_release }}-backports"
-  when:
-    - apt_backports_enable
-    - apt_debian_contrib_nonfree_enable
-    - ansible_facts['distribution'] == "Debian"
-    - ansible_facts['distribution_major_version'] == "9"
-    - ansible_facts['processor']|string is search("AMD")
-  tags:
-    - apt-initial-install
-    - apt-microcode
-
-
-- name: (apt.yml) Install CPU microcode for Intel CPU (debian buster)
+- name: (apt.yml) Install CPU microcode (debian buster/bullseye)
   apt:
     name: "{{ microcode_intel_package }}"
     state: present
     default_release: "{{ ansible_distribution_release }}"
   when:
+    - apt_debian_contrib_nonfree_enable
     - ansible_facts['distribution'] == "Debian"
-    - ansible_facts['distribution_major_version'] == "10"
+    - ansible_facts['distribution_major_version'] == "10" or ansible_facts['distribution_major_version'] == "11"
     - ansible_facts['processor']|string is search("Intel")
   tags:
     - apt-initial-install
@@ -239,6 +238,7 @@
     - apt-initial-install
     - apt-firmware
 
+
 - name: (apt.yml) Install Firmware packages (Debian)
   apt:
      name: "{{ firmware_packages_debian }}"

roles/common/tasks/main.yml

@@ -101,6 +101,13 @@
     - samba-remove-user
 
 
+# tags supported inside system-remove-user.yml:
+#
+- import_tasks: system-remove-user.yml
+  tags:
+    - system-remove-user
+
+
 # tags supported inside system-user.yml:
 #
 #    system-user

roles/common/tasks/nis-user.yml

@@ -1,32 +1,32 @@
 ---
 
-# ---
-# - Remove unwanted users
-# ---
-
-- name: (nis_user.yml) Remove (old) users from system
-  user:
-    name: '{{ item.name }}'
-    state: absent
-  with_items: 
-    - "{{ remove_nis_users }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - nis-user
-    - system-user
-
-- name: (nis_user.yml) Remove home directory from deleted users
-  file:
-    path: '{{ nis_base_home }}/{{ item.name }}'
-    state: absent
-  with_items: 
-    - "{{ remove_nis_users }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - nis-user
-    - system-user
+## # ---
+## # - Remove unwanted users
+## # ---
+##
+## - name: (nis_user.yml) Remove (old) users from system
+##   user:
+##     name: '{{ item.name }}'
+##     state: absent
+##   with_items:
+##     - "{{ remove_nis_users }}"
+##   loop_control:
+##     label: '{{ item.name }}'
+##   tags:
+##     - nis-user
+##     - system-user
+##
+## - name: (nis_user.yml) Remove home directory from deleted users
+##   file:
+##     path: '{{ nis_base_home }}/{{ item.name }}'
+##     state: absent
+##   with_items:
+##     - "{{ remove_nis_users }}"
+##   loop_control:
+##     label: '{{ item.name }}'
+##   tags:
+##     - nis-user
+##     - system-user
 
 # ---
 # - default user/groups

roles/common/tasks/nis_samba_user.yml

@@ -1,121 +0,0 @@
----
-
-# ---
-# - Remove unwanted users
-# ---
-
-- name: (nis_samba_user.yml) Check if samba user exists for removable nis user
-  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
-  register: samba_deleted_user_present
-  changed_when: "samba_deleted_user_present.rc == 0"
-  failed_when: "samba_deleted_user_present.rc > 1"
-  with_items: 
-    - "{{ nis_deleted_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - samba-user
-
-
-- name: (nis_samba_user.yml) Remove (old) users from samba
-  shell: "smbpasswd -s -x {{ item.name }}"
-  with_items: 
-    - "{{ nis_deleted_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: samba_deleted_user_present is changed
-  tags:
-    - samba-user
-
-
-- name: (nis_samba_user.yml) Remove (old) users from system
-  user:
-    name: '{{ item.name }}'
-    state: absent
-  with_items: 
-    - "{{ nis_deleted_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - nis-user
-    - system-user
-
-- name: (nis_samba_user.yml) Remove home directory from deleted users
-  file:
-    path: '{{ nis_base_home }}/{{ item.name }}'
-    state: absent
-  with_items: 
-    - "{{ nis_deleted_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  tags:
-    - nis-user
-    - system-user
-
-# ---
-# - default user/groups
-# ---
-
-- name: (nis_samba_user.yml) Ensure nis groups exists
-  group:
-    name: '{{ item.name }}'
-    state: present
-    gid: '{{ item.group_id | default(omit) }}'
-  loop: "{{ nis_groups }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: item.group_id is defined
-  notify: Renew nis databases
-  tags:
-    - nis-user
-    - system-user
-    
-#- meta: end_host
-
-- name: (nis_samba_user.yml) Ensure nis users exists
-  user:
-    name: '{{ item.name }}'
-    state: present
-    uid: '{{ item.user_id | default(omit) }}'
-    #group: '{{ item.0.name | default(omit) }}'
-    groups: "{{ item.groups|join(', ') }}"
-    home: '{{ nis_base_home }}/{{ item.name }}'
-    shell: '{{ item.shell|d("/bin/bash") }}'
-    password: "{{ item.password | password_hash('sha512') }}"
-    update_password: on_create
-    append: yes
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  notify: Renew nis databases
-  tags:
-    - nis-user
-    - system-user
-
-
-- name: (nis_samba_user.yml) Check if samba user exists for nis user
-  shell: pdbedit -w -L | awk -F":" '{ print $1 }' | grep '{{ item.name }}'
-  register: samba_nis_user_present
-  changed_when: "samba_nis_user_present.rc > 0"
-  failed_when: "samba_nis_user_present.rc > 1"
-  with_items: 
-    - "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when:
-    - item.is_samba_user is defined and item.is_samba_user|bool
-  tags:
-    - samba-user
-
-- name: (nis_samba_user.yml) Add nis user to samba (with nis users password)
-  shell: "echo -e '{{ item.password }}\n{{ item.password }}\n' | smbpasswd -s -a {{ item.name }}"
-  loop: "{{ nis_user }}"
-  loop_control:
-    label: '{{ item.name }}'
-  when: 
-    - item.is_samba_user is defined and item.is_samba_user|bool
-    - samba_nis_user_present is changed
-  notify: Renew nis databases
-  tags:
-    - samba-user
-

roles/common/tasks/samba-install.yml

@@ -105,7 +105,7 @@
     - samba-server
 
 
-- name: Check if cleaning up trash dirs is configured
+- name: (samba-install.yml) Check if cleaning up trash dirs is configured
   lineinfile:
     path: /root/bin/samba/conf/clean_samba_trash.conf
     regexp: "^trash_dirs=*"
@@ -117,7 +117,7 @@
     - "groups['samba_server']|string is search(inventory_hostname)"
 
 
-- name: Creates a cron job for cleaning up samba trash dirs
+- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
   cron:
     name: '{{ samba_cronjob_trash_dirs.name }}'
     minute: '{{ samba_cronjob_trash_dirs.minute }}'
@@ -154,7 +154,7 @@
     - samba-server
 
 
-- name: Creates a cron job for cleaning up samba trash dirs
+- name: (samba-install.yml) Creates a cron job for cleaning up samba trash dirs
   cron:
     name: '{{ samba_cronjob_permissions.name }}'
     minute: '{{ samba_cronjob_permissions.minute }}'

roles/common/tasks/samba-remove-user.yml

@@ -10,7 +10,7 @@
   register: samba_remove_system_users_present
   changed_when: "samba_remove_system_users_present.rc == 0"
   failed_when: "samba_remove_system_users_present.rc > 1"
-  with_items: 
+  with_items:
     - "{{ remove_system_users }}"
   loop_control:
     label: '{{ item.name }}'
@@ -21,11 +21,11 @@
 - name: (samba-remove-user.yml) Remove (old) system users from samba
   shell: >
     smbpasswd -s -x {{ item.item.name }}
-  with_items: 
+  with_items:
     - "{{ samba_remove_system_users_present.results }}"
   loop_control:
     label: '{{ item.item.name }}'
-  when: 
+  when:
     - item.changed
   tags:
     - samba-user

roles/common/tasks/system-remove-user.yml

@@ -0,0 +1,29 @@
+---
+
+# ---
+# - Remove unwanted users
+# ---
+
+- name: (system-remove-user.yml) Remove (old) users from system
+  user:
+    name: '{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - nis-user
+    - system-user
+
+- name: (system-remove-user.yml) Remove home directory from deleted users
+  file:
+    path: '{{ nis_base_home }}/{{ item.name }}'
+    state: absent
+  with_items: 
+    - "{{ remove_nis_users }}"
+  loop_control:
+    label: '{{ item.name }}'
+  tags:
+    - nis-user
+    - system-user