get rid of deprecated code.

2026-02-01 12:30:17 +01:00
parent 4d8631cead
commit 29cf8fec49
15 changed files with 223 additions and 63 deletions
--- a/apt-migrate-to-trixie.yml
+++ b/apt-migrate-to-trixie.yml
@@ -0,0 +1,121 @@
 ---
 # ---
 # deb822 ist das neue Konfigurationsformats für APT-Quellen (Repositories).
 # Es basiert auf der Debian Control Syntax nach RFC 822 – daher der Name
 # ---
 - name: Nur APT auf Debian 13 (Trixie) migrieren
  hosts: all
  become: true
  gather_facts: true
  vars:
    target_release: trixie
    debian_mirror: "http://deb.debian.org/debian"
    security_mirror: "http://security.debian.org/debian-security"
    components: "main contrib non-free non-free-firmware"
    enable_backports: true         # auf false setzen, wenn du keine Backports willst
    pin_backports_low: true        # Backports nur auf Anfrage
    # Nur manuelle Installation/Upgrade aus Backports:
    #    backports_pin_priority: 100
    #
    # Automatische Updates für bereits installierte Backports-Pakete.
    #    backports_pin_priority: 500 (>= 500)
    #
    backports_pin_priority: 100    # 100 = nie automatisch bevorzugen
    apt_cache_valid_time: 3600
    # Für offizielle Debian-Repos brauchst es kein Signed-By, weil debian-archive-keyring 
    # ohnehin systemweit vertrauenswürdig ist.
    #
    use_signed_by: true  # oder false, wenn du Option A willst
    # Wenn Signed-By explizit gesetzt werden soll, dann nutze den Keyring-Pfad und stelle sicher, 
    # dass das Paket installiert ist.
    signed_by_keyring: "/usr/share/keyrings/debian-archive-keyring.gpg"
  pre_tasks:
    - name: Sicherstellen, dass wir Debian sind
      assert:
        that:
          - ansible_facts['os_family'] == "Debian"
        fail_msg: "Dieses Playbook ist nur für Debian geeignet."
  tasks:
    - name: Keyring für Debian-Archive sicherstellen (falls Signed-By genutzt)
      ansible.builtin.apt:
        name: debian-archive-keyring
        state: present
      when: use_signed_by
    - name: (Optional) Alte /etc/apt/sources.list sichern
      ansible.builtin.copy:
        src: /etc/apt/sources.list
        dest: /etc/apt/sources.list.before-trixie
        remote_src: true
        force: false
      ignore_errors: true
    - name: Alte /etc/apt/sources.list deaktivieren (leere Kommentar-Datei)
      ansible.builtin.copy:
        dest: /etc/apt/sources.list
        content: |
          # Verwaltet via Ansible. Repositories liegen in /etc/apt/sources.list.d/*.sources (deb822).
          # Zielrelease: {{ target_release }}
        owner: root
        group: root
        mode: "0644"
    - name: Debian-Repo (deb + deb-src) als deb822 anlegen
      ansible.builtin.template:
        src: templates/apt-migrate-to-trixie/debian.sources.j2
        dest: /etc/apt/sources.list.d/debian.sources
        owner: root
        group: root
        mode: "0644"
    - name: Security-Repo (deb + deb-src) als deb822 anlegen
      ansible.builtin.template:
        src: templates/apt-migrate-to-trixie/security.sources.j2
        dest: /etc/apt/sources.list.d/security.sources
        owner: root
        group: root
        mode: "0644"
    - name: Backports-Repo (optional) als deb822 anlegen/entfernen
      ansible.builtin.template:
        src: templates/apt-migrate-to-trixie/backports.sources.j2
        dest: /etc/apt/sources.list.d/backports.sources
        owner: root
        group: root
        mode: "0644"
      when: enable_backports
    - name: Backports-Repo entfernen wenn deaktiviert
      ansible.builtin.file:
        path: /etc/apt/sources.list.d/backports.sources
        state: absent
      when: not enable_backports
    - name: Optionales Backports-Pinning setzen
      ansible.builtin.template:
        src: templates/apt-migrate-to-trixie/99-backports.j2
        dest: /etc/apt/preferences.d/99-backports
        owner: root
        group: root
        mode: "0644"
      when: enable_backports and pin_backports_low
    - name: APT-Cache aktualisieren
      ansible.builtin.apt:
        update_cache: yes
        cache_valid_time: "{{ apt_cache_valid_time }}"
    - name: Verifikation - zeigen, ob Suites auf trixie stehen
      ansible.builtin.command: apt-cache policy
      register: apt_policy
      changed_when: false
    - name: Ausgabe anzeigen (nur Info)
      ansible.builtin.debug:
        msg: "{{ apt_policy.stdout.split('\n') | select('search', 'trixie') | list | join('\n') }}"
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -2,7 +2,6 @@
 ansible_managed: >
  *** ANSIBLE MANAGED FILE - DO NOT EDIT ***
  This file was generated by {{ ansible_user_id }} on {{ ansible_date_time.iso8601 }}
 ansible_python_interpreter: /usr/bin/python3
@@ -785,7 +784,6 @@ apt_initial_install_trixie:
  - patchutils
  - perl
  - perl-doc
  - perl-modules
  - psmisc
  - quota
  - quotatool
@@ -824,6 +822,9 @@ apt_initial_install_trixie:
  - zip
  - zsh
  #- perl-modules
 apt_initial_install_xenial:
  - apt-transport-https
  - dbus
--- a/roles/common/tasks/apt.yml
+++ b/roles/common/tasks/apt.yml
@@ -2,7 +2,7 @@
 - name: (apt.yml) update configuration file - /etc/apt/sources.list
  template:
-    src: "etc/apt/sources.list.{{ ansible_distribution }}.j2"
+    src: "etc/apt/sources.list.{{ ansible_facts['distribution'] }}.j2"
    dest: /etc/apt/sources.list
    owner: root
    group: root
@@ -11,6 +11,7 @@
  when:
    - ansible_facts['distribution'] == "Debian"
    - apt_manage_sources_list|bool
    - (ansible_facts['distribution_major_version'] | int) < 13
  tags:
    - apt-configuration
@@ -167,7 +168,7 @@
  apt:
    name: "{{ microcode_intel_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}-backports"
+    default_release: "{{ ansible_facts['distribution_release'] }}-backports"
  when:
    - apt_backports_enable
    - ansible_facts['distribution'] == "Debian"
@@ -182,7 +183,7 @@
  apt:
    name: "{{ microcode_intel_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - apt_debian_contrib_nonfree_enable
    - ansible_facts['distribution'] == "Debian"
@@ -197,7 +198,7 @@
  apt:
    name: "{{ microcode_amd_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - apt_debian_contrib_nonfree_enable
    - ansible_facts['distribution'] == "Debian"
@@ -212,7 +213,7 @@
  apt:
    name: "{{ microcode_intel_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - ansible_facts['distribution'] == "Ubuntu"
    - ansible_facts['distribution_release'] == "bionic"
@@ -226,7 +227,7 @@
  apt:
    name: "{{ microcode_amd_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - apt_debian_contrib_nonfree_enable
    - ansible_facts['distribution'] == "Ubuntu"
@@ -241,7 +242,7 @@
  apt:
    name: "{{ microcode_intel_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - ansible_facts['distribution'] == "Ubuntu"
    - ansible_facts['distribution_release'] == "xenial"
@@ -255,7 +256,7 @@
  apt:
    name: "{{ microcode_amd_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - apt_debian_contrib_nonfree_enable
    - ansible_facts['distribution'] == "Ubuntu"
@@ -270,7 +271,7 @@
  apt:
    name: "{{ microcode_intel_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - ansible_facts['distribution'] == "Ubuntu"
    - ansible_facts['distribution_release'] == "jammy" or ansible_facts['distribution_release'] == "noble"
@@ -284,7 +285,7 @@
  apt:
    name: "{{ microcode_amd_package }}"
    state: present
-    default_release: "{{ ansible_distribution_release }}"
+    default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - apt_debian_contrib_nonfree_enable
    - ansible_facts['distribution'] == "Ubuntu"
@@ -302,7 +303,7 @@
  apt:
     name: "{{ firmware_packages_ubuntu }}"
     state: present
-     default_release: "{{ ansible_distribution_release }}"
+     default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - ansible_facts['distribution'] == "Ubuntu"
  tags:
@@ -314,7 +315,7 @@
  apt:
     name: "{{ firmware_packages_debian }}"
     state: present
-     default_release: "{{ ansible_distribution_release }}"
+     default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - ansible_facts['distribution'] == "Debian"
  tags:
@@ -326,7 +327,7 @@
  apt:
     name: "{{ firmware_non_free_packages_debian }}"
     state: present
-     default_release: "{{ ansible_distribution_release }}"
+     default_release: "{{ ansible_facts['distribution_release'] }}"
  when:
    - ansible_facts['distribution'] == "Debian"
    - apt_debian_contrib_nonfree_enable
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -238,7 +238,7 @@
 - name: "For OS: Ubuntu 16.04LTS, Arch: amd64"
  import_tasks: ubuntu-x11vnc-1604-amd64.yml
  when:
-    - ansible_distribution_version ==  "16.04"
+    - ansible_facts["distribution_version"] ==  "16.04"
    - ansible_architecture == "x86_64"
  tags:
    - x11vnc
@@ -249,7 +249,7 @@
 - name: "For OS: Ubuntu 18.04LTS, Arch: amd64"
  import_tasks: ubuntu-x11vnc-1804-amd64.yml
  when:
-    - ansible_distribution_version ==  "18.04"
+    - ansible_facts["distribution_version"] ==  "18.04"
    - ansible_architecture == "x86_64"
  tags:
    - x11vnc
@@ -260,7 +260,7 @@
 - name: "For OS: Ubuntu 20.04LTS, Arch: amd64"
  import_tasks: ubuntu-x11vnc-2004-amd64.yml
  when:
-    - ansible_distribution_version ==  "20.04"
+    - ansible_facts["distribution_version"] ==  "20.04"
    - ansible_architecture == "x86_64"
  tags:
    - x11vnc
@@ -271,7 +271,7 @@
 - name: "For OS: Ubuntu 22.04LTS, Arch: amd64"
  import_tasks: ubuntu-x11vnc-2204-amd64.yml
  when:
-    - ansible_distribution_version ==  "22.04"
+    - ansible_facts["distribution_version"] ==  "22.04"
    - ansible_architecture == "x86_64"
  tags:
    - x11vnc
--- a/roles/common/tasks/nfs.yml
+++ b/roles/common/tasks/nfs.yml
@@ -11,8 +11,8 @@
      - nfs-kernel-server
    state: present
  when:
-    - ansible_os_family == "Debian"
+    - ansible_facts['os_family'] == "Debian"
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_server']
  tags:
    - nfs-server
@@ -27,7 +27,7 @@
  loop_control:
    label: '{{ item.path }}'
  when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_server']
  tags:
    - nfs-server
@@ -39,7 +39,7 @@
    group: root
    mode: 0644
  when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_server']
  notify: Reload nfs
  tags:
    - nfs-server
@@ -50,14 +50,14 @@
    enabled: yes
    masked: no
  when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_server']
 - name: Make sure service rpc-statd is running
  systemd:
    state: started
    name: rpc-statd
  when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_server']
  tags:
    - nfs-server
@@ -70,14 +70,14 @@
    path: /etc/default/nfs-kernel-server
  register: default_nfs_kernel_server_exists
  when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_server']
  tags:
    - nfs-server
 - name: (nfs.yml) Backup existing file /etc/default/nfs-kernel-server
  command: cp -a /etc/default/nfs-kernel-server /etc/default/nfs-kernel-server.ORIG
  when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_server']
    - default_nfs_kernel_server_exists.stat.exists == False
  tags:
    - nfs-server
@@ -88,7 +88,7 @@
    regexp: '^RPCNFSDCOUNT=.*'
    replace: "RPCNFSDCOUNT={{ nfs_start_servers | default('16') }}"
  when:
-    - "groups['nfs_server']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_server']
  tags:
    - nfs-server
@@ -132,8 +132,8 @@
    pkg: nfs-common
    state: present
  when: 
-    - ansible_os_family == "Debian"
+    - ansible_facts['os_family'] == "Debian"
-    - "groups['nfs_client']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_client']
  tags:
    - nfs-client
@@ -150,7 +150,7 @@
  loop_control:
    label: '{{ item.src }}'
  when:
-    - "groups['nfs_client']|string is search(inventory_hostname)"
+    - inventory_hostname in groups['nfs_client']
  tags:
    - nfs-client
--- a/roles/common/tasks/nis-install-server.yml
+++ b/roles/common/tasks/nis-install-server.yml
@@ -71,7 +71,7 @@
    - presence_of_passwprd_hashing_yescrypt.rc >= 2
  when:
    - ansible_facts['distribution'] == "Debian"
-    - ansible_distribution_major_version|int >= 11
+    - ansible_facts['distribution_major_version']|int >= 11
    - file_etc_pam_d_common_password.stat.exists == True
    #- ansible_distribution_major_version|int <= 12
--- a/roles/common/tasks/nis-user.yml
+++ b/roles/common/tasks/nis-user.yml
@@ -61,7 +61,8 @@
  loop_control:
    label: '{{ item.name }}'
  when:
-    - item.name not in getent_passwd
+    - ansible_facts.getent_passwd is defined
    - item.name not in ansible_facts.getent_passwd
  notify: Renew nis databases
  tags:
    - nis-user
--- a/roles/common/tasks/ntp.yml
+++ b/roles/common/tasks/ntp.yml
@@ -10,7 +10,7 @@
      - ntpsec
    state: present
  when:
-    - ansible_os_family == "Debian"
+    - ansible_facts.os_family == "Debian"
    - groups['file_server']|string is search(inventory_hostname)
  tags:
    - ntp-server
@@ -33,7 +33,7 @@
    group: ntpsec
    mode: '0755'
  when:
-    - ansible_distribution == "Debian"
+    - ansible_facts.distribution == "Debian"
 - name: (ntp.yml) Backup installation version of file '/etc/ntpsec/ntp.conf'
--- a/roles/common/tasks/system-user.yml
+++ b/roles/common/tasks/system-user.yml
@@ -57,7 +57,8 @@
  loop_control:
    label: '{{ item.name }}'
  when:
-    - item.name not in getent_passwd
+    - ansible_facts.getent_passwd is defined
    - item.name not in ansible_facts.getent_passwd
  notify: Renew nis databases
  tags:
    - system-user
--- a/roles/common/templates/etc/apt/sources.list.Debian.j2
+++ b/roles/common/templates/etc/apt/sources.list.Debian.j2
@@ -1,57 +1,57 @@
 # {{ ansible_managed }}
-deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
+deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} main
-{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} main
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} main
 {% if ansible_facts['distribution_major_version'] | int >= 12 %}
-deb http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware
+deb http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free non-free-firmware
 {% elif ansible_facts['distribution_major_version'] | int == 11 %}
-deb http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
+deb http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free
 {% else %}
-deb http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
+deb http://security.debian.org/ {{ ansible_facts['lsb']['codename'] }}/updates main contrib non-free
 {% endif %}
 {% if not apt_src_enable %}
 {% if ansible_facts['distribution_major_version'] | int >= 12 %}
-#deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware
+#deb-src http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free non-free-firmware
 {% elif ansible_facts['distribution_major_version'] | int == 11 %}
-#deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
+#deb-src http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free
 {% else %}
-#deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
+#deb-src http://security.debian.org/ {{ ansible_facts['lsb']['codename'] }}/updates main contrib non-free
 {% endif %}
 {% else %}
 {% if ansible_facts['distribution_major_version'] | int >= 12 %}
-deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free non-free-firmware
+deb-src http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free non-free-firmware
 {% elif ansible_facts['distribution_major_version'] | int == 11 %}
-deb-src http://security.debian.org/debian-security {{ ansible_lsb.codename }}-security main contrib non-free
+deb-src http://security.debian.org/debian-security {{ ansible_facts['lsb']['codename'] }}-security main contrib non-free
 {% else %}
-deb-src http://security.debian.org/ {{ ansible_lsb.codename }}/updates main contrib non-free
+deb-src http://security.debian.org/ {{ ansible_facts['lsb']['codename'] }}/updates main contrib non-free
 {% endif %}
 {% endif %}
-# {{ ansible_lsb.codename }}-updates, previously known as 'volatile'
+# {{ ansible_facts['lsb']['codename'] }}-updates, previously known as 'volatile'
-deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
+deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates main
-{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates main
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates main
 # Contrib packages contain DFSG-compliant software,
 # but have dependencies not in main (possibly packaged for Debian in non-free).
 # Non-free contains software that does not comply with the DFSG.
 {% if apt_debian_contrib_nonfree_enable %}
 {% if ansible_facts['distribution_major_version'] | int >= 12 %}
-deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free non-free-firmware
+deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} contrib non-free non-free-firmware
-{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free non-free-firmware
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} contrib non-free non-free-firmware
 {% else %}
-deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
+deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} contrib non-free
-{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }} contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }} contrib non-free
 {% endif %}
 {% endif %}
 {% if apt_debian_contrib_nonfree_enable %}
 {% if ansible_facts['distribution_major_version'] | int >= 12 %}
-deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free non-free-firmware
+deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates contrib non-free non-free-firmware
-{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free non-free-firmware
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates contrib non-free non-free-firmware
 {% else %}
-deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free
+deb {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates contrib non-free
-{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['lsb']['codename'] }}-updates contrib non-free
 {% endif %}
 {% endif %}
@@ -60,11 +60,11 @@ deb {{ apt_debian_mirror }} {{ ansible_lsb.codename }}-updates contrib non-free
 # # newer versions of some applications which may provide useful features.
 {% if apt_backports_enable %}
 {% if ansible_facts['distribution_major_version'] | int >= 12 %}
-deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free non-free-firmware
+deb {{ apt_debian_mirror }} {{ ansible_facts['distribution_release'] }}-backports main contrib non-free non-free-firmware
-{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free non-free-firmware
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['distribution_release'] }}-backports main contrib non-free non-free-firmware
 {% else %}
-deb {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
+deb {{ apt_debian_mirror }} {{ ansible_facts['distribution_release'] }}-backports main contrib non-free
-{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_distribution_release }}-backports main contrib non-free
+{{ '# ' if not apt_src_enable else '' }}deb-src {{ apt_debian_mirror }} {{ ansible_facts['distribution_release'] }}-backports main contrib non-free
 {% endif %}
 {% endif %}
--- a/roles/common/templates/etc/sudoers.d/50-user.server.j2
+++ b/roles/common/templates/etc/sudoers.d/50-user.server.j2
@@ -32,7 +32,7 @@ back {{ item }}
 {% endfor -%}
-{%- if ansible_virtualization_role == 'host' %}
+{%- if ansible_facts.virtualization_role == 'host' %}
 {% for item in sudoers_server_file_user_back_disk_privileges | default([]) %}
 back {{ item }}
--- a/templates/apt-migrate-to-trixie/99-backports.j2
+++ b/templates/apt-migrate-to-trixie/99-backports.j2
@@ -0,0 +1,4 @@
 # Backports nicht automatisch bevorzugen
 Package: *
 Pin: release n={{ target_release }}-backports
 Pin-Priority: {{ backports_pin_priority }}
--- a/templates/apt-migrate-to-trixie/backports.sources.j2
+++ b/templates/apt-migrate-to-trixie/backports.sources.j2
@@ -0,0 +1,8 @@
 # Verwaltet via Ansible - Backports für {{ target_release }}
 Types: deb deb-src
 URIs: {{ debian_mirror }}
 Suites: {{ target_release }}-backports
 Components: {{ components }}
 {% if use_signed_by %}
 Signed-By: {{ signed_by_keyring }}
 {% endif %}
--- a/templates/apt-migrate-to-trixie/debian.sources.j2
+++ b/templates/apt-migrate-to-trixie/debian.sources.j2
@@ -0,0 +1,15 @@
 # Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }}
 Types: deb deb-src
 URIs: {{ debian_mirror }}
 Suites: {{ target_release }} {{ target_release }}-updates
 Components: {{ components }}
 Signed-By: default
 EOF
 # Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }}
 Types: deb deb-src
 URIs: {{ debian_mirror }}
 Suites: {{ target_release }} {{ target_release }}-updates
 Components: {{ components }}
 {% if use_signed_by %}
 Signed-By: {{ signed_by_keyring }}
 {% endif %}
--- a/templates/apt-migrate-to-trixie/security.sources.j2
+++ b/templates/apt-migrate-to-trixie/security.sources.j2
@@ -0,0 +1,8 @@
 # Verwaltet via Ansible - Security für {{ target_release }}
 Types: deb deb-src
 URIs: {{ security_mirror }}
 Suites: {{ target_release }}-security
 Components: {{ components }}
 {% if use_signed_by %}
 Signed-By: {{ signed_by_keyring }}
 {% endif %}