update..

roles/ansible_dependencies-bullseye/tasks/main.yml

@@ -0,0 +1,47 @@
+---
+
+- name: re-synchronize the package index files from their sources
+  raw: apt-get update
+  
+- name: Ensure aptitude is present
+  raw: test -e /usr/bin/aptitude || apt-get install aptitude -y
+
+- name: Ensure python2 is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python2 || (apt -y update && apt install -y python-is-python2)
+
+- name: Ensure python3 is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3)
+
+- name: Ensure python-apt-common is present (This is necessary for ansible to work properly)
+  raw: test -e  /usr/bin/python2 && (apt -y update && apt install -y python-apt-common)
+
+- name: Ensure python-apt is present (This is necessary for ansible to work properly)
+  raw: test -e /usr/bin/python3 || (apt -y update && apt install -y python3-apt)
+
+- name: dpkg --configure -a
+  command: >
+    dpkg --configure -a
+  args:
+    warn: false
+  changed_when: _dpkg_configure.stdout_lines | length
+  register: _dpkg_configure
+  when: apt_dpkg_configure|bool
+  tags:
+    - ansible-dependencies
+
+- name: apt upgrade
+  apt:
+    upgrade: "{{ apt_upgrade_type }}"
+    update_cache: true
+    dpkg_options: "{{ apt_upgrade_dpkg_options | join(',') }}"
+  when: apt_upgrade|bool
+  tags:
+    - ansible-dependencies
+
+- name: apt install ansible dependencies
+  apt:
+    name: "{{ apt_ansible_dependencies }}"
+    state: "{{ apt_install_state }}"
+  tags:
+    - ansible-dependencies
+

roles/common/tasks/main.yml

@@ -223,6 +223,7 @@
     - x11vnc-1604
     - finish-client-install
 
+
 - name: "For OS: Ubuntu 18.04LTS, Arch: amd64"
   import_tasks: ubuntu-x11vnc-1804-amd64.yml
   when:

roles/common/tasks/nis-install-client.yml

@@ -74,6 +74,15 @@
     - nis-install
     - nis-install-client
 
+- name: (nis-install-client.yml) Adjust file /etc/default/nis - set 'YPBINDARGS' (client)
+  replace:
+    path: /etc/default/nis
+    regexp: '^YPBINDARGS=.*'
+    replace: 'YPBINDARGS='
+  tags:
+    - nis-install
+    - nis-install-client
+
 
 # ---
 # /etc/{passwd,group,shadow}

roles/common/tasks/nis-install-server.yml

@@ -37,6 +37,48 @@
     - nis-install-client
 
 
+# ---
+# Since Debian 11 (bullseye) password hashing uses 'yescrypt' by default. 
+#
+# Note:
+#    'yescrypt' is not supported by Debian 10 (buster) nor by Ubuntu 18.04 and smaller
+#
+# ---
+
+- name: (nis-install-server.yml) Check if file '/etc/pam.d/common-password' exists 
+  stat:
+    path: /etc/pam.d/common-password
+  register: file_etc_pam_d_common_password
+  tags:
+    - nis-install
+    - nis-install-server
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version']|int >= 11
+
+- name: (nis-install-server.yml) Check if default hash for password is 'yescrypt'
+  shell: "grep -i -q -E  '^password.+yescrypt' /etc/pam.d/common-password"
+  register: presence_of_passwprd_hashing_yescrypt
+  changed_when: 
+    - presence_of_passwprd_hashing_yescrypt.rc < 1
+  failed_when:
+    - presence_of_passwprd_hashing_yescrypt.rc >= 2
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_distribution_major_version|int >= 11
+    - ansible_distribution_major_version|int <= 12
+    - file_etc_pam_d_common_password.stat.exists == True
+
+- name: (nis-install-server.yml) Change default password hash for local system accounts from SHA-512 to yescrypt
+  shell: perl -i -n -p -e "s/^(password.+)yescrypt/\1sha512/" /etc/pam.d/common-password
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - ansible_facts['distribution_major_version']|int >= 11
+    - ansible_facts['distribution_major_version']|int <= 12
+    - file_etc_pam_d_common_password.stat.exists == True
+    - presence_of_passwprd_hashing_yescrypt is changed
+
+
 # ---
 # /etc/default/nis
 # ---