diff --git a/apt-migrate-to-trixie.yml b/apt-migrate-to-trixie.yml new file mode 100644 index 0000000..5e44bf4 --- /dev/null +++ b/apt-migrate-to-trixie.yml @@ -0,0 +1,121 @@ +--- + +# --- +# deb822 ist das neue Konfigurationsformats für APT-Quellen (Repositories). +# Es basiert auf der Debian Control Syntax nach RFC 822 – daher der Name +# --- + +- name: Nur APT auf Debian 13 (Trixie) migrieren + hosts: all + become: true + gather_facts: true + + vars: + target_release: trixie + debian_mirror: "http://deb.debian.org/debian" + security_mirror: "http://security.debian.org/debian-security" + components: "main contrib non-free non-free-firmware" + enable_backports: true # auf false setzen, wenn du keine Backports willst + pin_backports_low: true # Backports nur auf Anfrage + # Nur manuelle Installation/Upgrade aus Backports: + # backports_pin_priority: 100 + # + # Automatische Updates für bereits installierte Backports-Pakete. + # backports_pin_priority: 500 (>= 500) + # + backports_pin_priority: 100 # 100 = nie automatisch bevorzugen + apt_cache_valid_time: 3600 + # Für offizielle Debian-Repos brauchst es kein Signed-By, weil debian-archive-keyring + # ohnehin systemweit vertrauenswürdig ist. + # + use_signed_by: true # oder false, wenn du Option A willst + # Wenn Signed-By explizit gesetzt werden soll, dann nutze den Keyring-Pfad und stelle sicher, + # dass das Paket installiert ist. + signed_by_keyring: "/usr/share/keyrings/debian-archive-keyring.gpg" + + pre_tasks: + - name: Sicherstellen, dass wir Debian sind + assert: + that: + - ansible_facts['os_family'] == "Debian" + fail_msg: "Dieses Playbook ist nur für Debian geeignet." + + tasks: + + - name: Keyring für Debian-Archive sicherstellen (falls Signed-By genutzt) + ansible.builtin.apt: + name: debian-archive-keyring + state: present + when: use_signed_by + + - name: (Optional) Alte /etc/apt/sources.list sichern + ansible.builtin.copy: + src: /etc/apt/sources.list + dest: /etc/apt/sources.list.before-trixie + remote_src: true + force: false + ignore_errors: true + + - name: Alte /etc/apt/sources.list deaktivieren (leere Kommentar-Datei) + ansible.builtin.copy: + dest: /etc/apt/sources.list + content: | + # Verwaltet via Ansible. Repositories liegen in /etc/apt/sources.list.d/*.sources (deb822). + # Zielrelease: {{ target_release }} + owner: root + group: root + mode: "0644" + + - name: Debian-Repo (deb + deb-src) als deb822 anlegen + ansible.builtin.template: + src: templates/apt-migrate-to-trixie/debian.sources.j2 + dest: /etc/apt/sources.list.d/debian.sources + owner: root + group: root + mode: "0644" + + - name: Security-Repo (deb + deb-src) als deb822 anlegen + ansible.builtin.template: + src: templates/apt-migrate-to-trixie/security.sources.j2 + dest: /etc/apt/sources.list.d/security.sources + owner: root + group: root + mode: "0644" + + - name: Backports-Repo (optional) als deb822 anlegen/entfernen + ansible.builtin.template: + src: templates/apt-migrate-to-trixie/backports.sources.j2 + dest: /etc/apt/sources.list.d/backports.sources + owner: root + group: root + mode: "0644" + when: enable_backports + - name: Backports-Repo entfernen wenn deaktiviert + ansible.builtin.file: + path: /etc/apt/sources.list.d/backports.sources + state: absent + when: not enable_backports + + - name: Optionales Backports-Pinning setzen + ansible.builtin.template: + src: templates/apt-migrate-to-trixie/99-backports.j2 + dest: /etc/apt/preferences.d/99-backports + owner: root + group: root + mode: "0644" + when: enable_backports and pin_backports_low + + - name: APT-Cache aktualisieren + ansible.builtin.apt: + update_cache: yes + cache_valid_time: "{{ apt_cache_valid_time }}" + + - name: Verifikation - zeigen, ob Suites auf trixie stehen + ansible.builtin.command: apt-cache policy + register: apt_policy + changed_when: false + + - name: Ausgabe anzeigen (nur Info) + ansible.builtin.debug: + msg: "{{ apt_policy.stdout.split('\n') | select('search', 'trixie') | list | join('\n') }}" + diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index b907273..799b89a 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -2,7 +2,6 @@ ansible_managed: > *** ANSIBLE MANAGED FILE - DO NOT EDIT *** - This file was generated by {{ ansible_user_id }} on {{ ansible_date_time.iso8601 }} ansible_python_interpreter: /usr/bin/python3 @@ -785,7 +784,6 @@ apt_initial_install_trixie: - patchutils - perl - perl-doc - - perl-modules - psmisc - quota - quotatool @@ -824,6 +822,9 @@ apt_initial_install_trixie: - zip - zsh + #- perl-modules + + apt_initial_install_xenial: - apt-transport-https - dbus diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index bfd4248..1cddd76 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -2,7 +2,7 @@ - name: (apt.yml) update configuration file - /etc/apt/sources.list template: - src: "etc/apt/sources.list.{{ ansible_distribution }}.j2" + src: "etc/apt/sources.list.{{ ansible_facts['distribution'] }}.j2" dest: /etc/apt/sources.list owner: root group: root @@ -11,6 +11,7 @@ when: - ansible_facts['distribution'] == "Debian" - apt_manage_sources_list|bool + - (ansible_facts['distribution_major_version'] | int) < 13 tags: - apt-configuration @@ -167,7 +168,7 @@ apt: name: "{{ microcode_intel_package }}" state: present - default_release: "{{ ansible_distribution_release }}-backports" + default_release: "{{ ansible_facts['distribution_release'] }}-backports" when: - apt_backports_enable - ansible_facts['distribution'] == "Debian" @@ -182,7 +183,7 @@ apt: name: "{{ microcode_intel_package }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - apt_debian_contrib_nonfree_enable - ansible_facts['distribution'] == "Debian" @@ -197,7 +198,7 @@ apt: name: "{{ microcode_amd_package }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - apt_debian_contrib_nonfree_enable - ansible_facts['distribution'] == "Debian" @@ -212,7 +213,7 @@ apt: name: "{{ microcode_intel_package }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - ansible_facts['distribution'] == "Ubuntu" - ansible_facts['distribution_release'] == "bionic" @@ -226,7 +227,7 @@ apt: name: "{{ microcode_amd_package }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - apt_debian_contrib_nonfree_enable - ansible_facts['distribution'] == "Ubuntu" @@ -241,7 +242,7 @@ apt: name: "{{ microcode_intel_package }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - ansible_facts['distribution'] == "Ubuntu" - ansible_facts['distribution_release'] == "xenial" @@ -255,7 +256,7 @@ apt: name: "{{ microcode_amd_package }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - apt_debian_contrib_nonfree_enable - ansible_facts['distribution'] == "Ubuntu" @@ -270,7 +271,7 @@ apt: name: "{{ microcode_intel_package }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - ansible_facts['distribution'] == "Ubuntu" - ansible_facts['distribution_release'] == "jammy" or ansible_facts['distribution_release'] == "noble" @@ -284,7 +285,7 @@ apt: name: "{{ microcode_amd_package }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - apt_debian_contrib_nonfree_enable - ansible_facts['distribution'] == "Ubuntu" @@ -302,7 +303,7 @@ apt: name: "{{ firmware_packages_ubuntu }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - ansible_facts['distribution'] == "Ubuntu" tags: @@ -314,7 +315,7 @@ apt: name: "{{ firmware_packages_debian }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - ansible_facts['distribution'] == "Debian" tags: @@ -326,7 +327,7 @@ apt: name: "{{ firmware_non_free_packages_debian }}" state: present - default_release: "{{ ansible_distribution_release }}" + default_release: "{{ ansible_facts['distribution_release'] }}" when: - ansible_facts['distribution'] == "Debian" - apt_debian_contrib_nonfree_enable diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 30f73cb..1c38094 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -238,7 +238,7 @@ - name: "For OS: Ubuntu 16.04LTS, Arch: amd64" import_tasks: ubuntu-x11vnc-1604-amd64.yml when: - - ansible_distribution_version == "16.04" + - ansible_facts["distribution_version"] == "16.04" - ansible_architecture == "x86_64" tags: - x11vnc @@ -249,7 +249,7 @@ - name: "For OS: Ubuntu 18.04LTS, Arch: amd64" import_tasks: ubuntu-x11vnc-1804-amd64.yml when: - - ansible_distribution_version == "18.04" + - ansible_facts["distribution_version"] == "18.04" - ansible_architecture == "x86_64" tags: - x11vnc @@ -260,7 +260,7 @@ - name: "For OS: Ubuntu 20.04LTS, Arch: amd64" import_tasks: ubuntu-x11vnc-2004-amd64.yml when: - - ansible_distribution_version == "20.04" + - ansible_facts["distribution_version"] == "20.04" - ansible_architecture == "x86_64" tags: - x11vnc @@ -271,7 +271,7 @@ - name: "For OS: Ubuntu 22.04LTS, Arch: amd64" import_tasks: ubuntu-x11vnc-2204-amd64.yml when: - - ansible_distribution_version == "22.04" + - ansible_facts["distribution_version"] == "22.04" - ansible_architecture == "x86_64" tags: - x11vnc diff --git a/roles/common/tasks/nfs.yml b/roles/common/tasks/nfs.yml index 24b6403..2db3988 100644 --- a/roles/common/tasks/nfs.yml +++ b/roles/common/tasks/nfs.yml @@ -11,8 +11,8 @@ - nfs-kernel-server state: present when: - - ansible_os_family == "Debian" - - "groups['nfs_server']|string is search(inventory_hostname)" + - ansible_facts['os_family'] == "Debian" + - inventory_hostname in groups['nfs_server'] tags: - nfs-server @@ -27,7 +27,7 @@ loop_control: label: '{{ item.path }}' when: - - "groups['nfs_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['nfs_server'] tags: - nfs-server @@ -39,7 +39,7 @@ group: root mode: 0644 when: - - "groups['nfs_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['nfs_server'] notify: Reload nfs tags: - nfs-server @@ -50,14 +50,14 @@ enabled: yes masked: no when: - - "groups['nfs_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['nfs_server'] - name: Make sure service rpc-statd is running systemd: state: started name: rpc-statd when: - - "groups['nfs_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['nfs_server'] tags: - nfs-server @@ -70,14 +70,14 @@ path: /etc/default/nfs-kernel-server register: default_nfs_kernel_server_exists when: - - "groups['nfs_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['nfs_server'] tags: - nfs-server - name: (nfs.yml) Backup existing file /etc/default/nfs-kernel-server command: cp -a /etc/default/nfs-kernel-server /etc/default/nfs-kernel-server.ORIG when: - - "groups['nfs_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['nfs_server'] - default_nfs_kernel_server_exists.stat.exists == False tags: - nfs-server @@ -88,7 +88,7 @@ regexp: '^RPCNFSDCOUNT=.*' replace: "RPCNFSDCOUNT={{ nfs_start_servers | default('16') }}" when: - - "groups['nfs_server']|string is search(inventory_hostname)" + - inventory_hostname in groups['nfs_server'] tags: - nfs-server @@ -132,8 +132,8 @@ pkg: nfs-common state: present when: - - ansible_os_family == "Debian" - - "groups['nfs_client']|string is search(inventory_hostname)" + - ansible_facts['os_family'] == "Debian" + - inventory_hostname in groups['nfs_client'] tags: - nfs-client @@ -150,7 +150,7 @@ loop_control: label: '{{ item.src }}' when: - - "groups['nfs_client']|string is search(inventory_hostname)" + - inventory_hostname in groups['nfs_client'] tags: - nfs-client diff --git a/roles/common/tasks/nis-install-server.yml b/roles/common/tasks/nis-install-server.yml index 984369c..d56be90 100644 --- a/roles/common/tasks/nis-install-server.yml +++ b/roles/common/tasks/nis-install-server.yml @@ -71,7 +71,7 @@ - presence_of_passwprd_hashing_yescrypt.rc >= 2 when: - ansible_facts['distribution'] == "Debian" - - ansible_distribution_major_version|int >= 11 + - ansible_facts['distribution_major_version']|int >= 11 - file_etc_pam_d_common_password.stat.exists == True #- ansible_distribution_major_version|int <= 12 diff --git a/roles/common/tasks/nis-user.yml b/roles/common/tasks/nis-user.yml index b7754ed..e9b8316 100644 --- a/roles/common/tasks/nis-user.yml +++ b/roles/common/tasks/nis-user.yml @@ -61,7 +61,8 @@ loop_control: label: '{{ item.name }}' when: - - item.name not in getent_passwd + - ansible_facts.getent_passwd is defined + - item.name not in ansible_facts.getent_passwd notify: Renew nis databases tags: - nis-user diff --git a/roles/common/tasks/ntp.yml b/roles/common/tasks/ntp.yml index 4ef4ec9..5e7391c 100644 --- a/roles/common/tasks/ntp.yml +++ b/roles/common/tasks/ntp.yml @@ -10,7 +10,7 @@ - ntpsec state: present when: - - ansible_os_family == "Debian" + - ansible_facts.os_family == "Debian" - groups['file_server']|string is search(inventory_hostname) tags: - ntp-server @@ -33,7 +33,7 @@ group: ntpsec mode: '0755' when: - - ansible_distribution == "Debian" + - ansible_facts.distribution == "Debian" - name: (ntp.yml) Backup installation version of file '/etc/ntpsec/ntp.conf' diff --git a/roles/common/tasks/system-user.yml b/roles/common/tasks/system-user.yml index e29d4a2..ccaff32 100644 --- a/roles/common/tasks/system-user.yml +++ b/roles/common/tasks/system-user.yml @@ -57,7 +57,8 @@ loop_control: label: '{{ item.name }}' when: - - item.name not in getent_passwd + - ansible_facts.getent_passwd is defined + - item.name not in ansible_facts.getent_passwd notify: Renew nis databases tags: - system-user diff --git a/roles/common/templates/etc/apt/sources.list.Debian.j2 b/roles/common/templates/etc/apt/sources.list.Debian.j2 index 5cb85e6..ca242da 100644 --- a/roles/common/templates/etc/apt/sources.list.Debian.j2 +++ b/roles/common/templates/etc/apt/sources.list.Debian.j2 @@ -1,57 +1,57 @@ # {{ ansible_managed }} -deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main -{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main +deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} main +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} main {% if ansible_facts['distribution_major_version'] | int >= 12 %} -deb http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware +deb http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free non-free-firmware {% elif ansible_facts['distribution_major_version'] | int == 11 %} -deb http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free +deb http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free {% else %} -deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free +deb http://security.debian.org/ {{ ansible_facts['lsb']['codename'] }}/updates main contrib non-free {% endif %} {% if not apt_src_enable %} {% if ansible_facts['distribution_major_version'] | int >= 12 %} -#deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware +#deb-src http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free non-free-firmware {% elif ansible_facts['distribution_major_version'] | int == 11 %} -#deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free +#deb-src http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free {% else %} -#deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free +#deb-src http://security.debian.org/ {{ ansible_facts['lsb']['codename'] }}/updates main contrib non-free {% endif %} {% else %} {% if ansible_facts['distribution_major_version'] | int >= 12 %} -deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware +deb-src http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free non-free-firmware {% elif ansible_facts['distribution_major_version'] | int == 11 %} -deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free +deb-src http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free {% else %} -deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free +deb-src http://security.debian.org/ {{ ansible_facts['lsb']['codename'] }}/updates main contrib non-free {% endif %} {% endif %} -# {{ ansible_lsb.codename }}-updates, previously known as 'volatile' -deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main -{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main +# {{ ansible_facts['lsb']['codename'] }}-updates, previously known as 'volatile' +deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates main +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates main # Contrib packages contain DFSG-compliant software, # but have dependencies not in main (possibly packaged for Debian in non-free). # Non-free contains software that does not comply with the DFSG. {% if apt_debian_contrib_nonfree_enable %} {% if ansible_facts['distribution_major_version'] | int >= 12 %} -deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free non-free-firmware -{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free non-free-firmware +deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} contrib non-free non-free-firmware +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} contrib non-free non-free-firmware {% else %} -deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free -{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free +deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} contrib non-free +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} contrib non-free {% endif %} {% endif %} {% if apt_debian_contrib_nonfree_enable %} {% if ansible_facts['distribution_major_version'] | int >= 12 %} -deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free non-free-firmware -{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free non-free-firmware +deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates contrib non-free non-free-firmware +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates contrib non-free non-free-firmware {% else %} -deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free -{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free +deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates contrib non-free +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates contrib non-free {% endif %} {% endif %} @@ -60,11 +60,11 @@ deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free # # newer versions of some applications which may provide useful features. {% if apt_backports_enable %} {% if ansible_facts['distribution_major_version'] | int >= 12 %} -deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free non-free-firmware -{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free non-free-firmware +deb {{ apt_debian_mirror }} {{ ansible_facts['distribution_release'] }}-backports main contrib non-free non-free-firmware +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['distribution_release'] }}-backports main contrib non-free non-free-firmware {% else %} -deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free -{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free +deb {{ apt_debian_mirror }} {{ ansible_facts['distribution_release'] }}-backports main contrib non-free +{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['distribution_release'] }}-backports main contrib non-free {% endif %} {% endif %} diff --git a/roles/common/templates/etc/sudoers.d/50-user.server.j2 b/roles/common/templates/etc/sudoers.d/50-user.server.j2 index 6449a5c..ae23d68 100644 --- a/roles/common/templates/etc/sudoers.d/50-user.server.j2 +++ b/roles/common/templates/etc/sudoers.d/50-user.server.j2 @@ -32,7 +32,7 @@ back {{ item }} {% endfor -%} -{%- if ansible_virtualization_role == 'host' %} +{%- if ansible_facts.virtualization_role == 'host' %} {% for item in sudoers_server_file_user_back_disk_privileges | default([]) %} back {{ item }} diff --git a/templates/apt-migrate-to-trixie/99-backports.j2 b/templates/apt-migrate-to-trixie/99-backports.j2 new file mode 100644 index 0000000..4ab8a6b --- /dev/null +++ b/templates/apt-migrate-to-trixie/99-backports.j2 @@ -0,0 +1,4 @@ +# Backports nicht automatisch bevorzugen +Package: * +Pin: release n={{ target_release }}-backports +Pin-Priority: {{ backports_pin_priority }} diff --git a/templates/apt-migrate-to-trixie/backports.sources.j2 b/templates/apt-migrate-to-trixie/backports.sources.j2 new file mode 100644 index 0000000..613f37e --- /dev/null +++ b/templates/apt-migrate-to-trixie/backports.sources.j2 @@ -0,0 +1,8 @@ +# Verwaltet via Ansible - Backports für {{ target_release }} +Types: deb deb-src +URIs: {{ debian_mirror }} +Suites: {{ target_release }}-backports +Components: {{ components }} +{% if use_signed_by %} +Signed-By: {{ signed_by_keyring }} +{% endif %} diff --git a/templates/apt-migrate-to-trixie/debian.sources.j2 b/templates/apt-migrate-to-trixie/debian.sources.j2 new file mode 100644 index 0000000..8214b2c --- /dev/null +++ b/templates/apt-migrate-to-trixie/debian.sources.j2 @@ -0,0 +1,15 @@ +# Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }} +Types: deb deb-src +URIs: {{ debian_mirror }} +Suites: {{ target_release }} {{ target_release }}-updates +Components: {{ components }} +Signed-By: default +EOF +# Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }} +Types: deb deb-src +URIs: {{ debian_mirror }} +Suites: {{ target_release }} {{ target_release }}-updates +Components: {{ components }} +{% if use_signed_by %} +Signed-By: {{ signed_by_keyring }} +{% endif %} diff --git a/templates/apt-migrate-to-trixie/security.sources.j2 b/templates/apt-migrate-to-trixie/security.sources.j2 new file mode 100644 index 0000000..7a2e3b2 --- /dev/null +++ b/templates/apt-migrate-to-trixie/security.sources.j2 @@ -0,0 +1,8 @@ +# Verwaltet via Ansible - Security für {{ target_release }} +Types: deb deb-src +URIs: {{ security_mirror }} +Suites: {{ target_release }}-security +Components: {{ components }} +{% if use_signed_by %} +Signed-By: {{ signed_by_keyring }} +{% endif %}