diff --git a/apt-migrate-to-trixie.yml b/apt-migrate-to-trixie.yml new file mode 100644 index 0000000..5e44bf4 --- /dev/null +++ b/apt-migrate-to-trixie.yml @@ -0,0 +1,121 @@ +--- + +# --- +# deb822 ist das neue Konfigurationsformats für APT-Quellen (Repositories). +# Es basiert auf der Debian Control Syntax nach RFC 822 – daher der Name +# --- + +- name: Nur APT auf Debian 13 (Trixie) migrieren + hosts: all + become: true + gather_facts: true + + vars: + target_release: trixie + debian_mirror: "http://deb.debian.org/debian" + security_mirror: "http://security.debian.org/debian-security" + components: "main contrib non-free non-free-firmware" + enable_backports: true # auf false setzen, wenn du keine Backports willst + pin_backports_low: true # Backports nur auf Anfrage + # Nur manuelle Installation/Upgrade aus Backports: + # backports_pin_priority: 100 + # + # Automatische Updates für bereits installierte Backports-Pakete. + # backports_pin_priority: 500 (>= 500) + # + backports_pin_priority: 100 # 100 = nie automatisch bevorzugen + apt_cache_valid_time: 3600 + # Für offizielle Debian-Repos brauchst es kein Signed-By, weil debian-archive-keyring + # ohnehin systemweit vertrauenswürdig ist. + # + use_signed_by: true # oder false, wenn du Option A willst + # Wenn Signed-By explizit gesetzt werden soll, dann nutze den Keyring-Pfad und stelle sicher, + # dass das Paket installiert ist. + signed_by_keyring: "/usr/share/keyrings/debian-archive-keyring.gpg" + + pre_tasks: + - name: Sicherstellen, dass wir Debian sind + assert: + that: + - ansible_facts['os_family'] == "Debian" + fail_msg: "Dieses Playbook ist nur für Debian geeignet." + + tasks: + + - name: Keyring für Debian-Archive sicherstellen (falls Signed-By genutzt) + ansible.builtin.apt: + name: debian-archive-keyring + state: present + when: use_signed_by + + - name: (Optional) Alte /etc/apt/sources.list sichern + ansible.builtin.copy: + src: /etc/apt/sources.list + dest: /etc/apt/sources.list.before-trixie + remote_src: true + force: false + ignore_errors: true + + - name: Alte /etc/apt/sources.list deaktivieren (leere Kommentar-Datei) + ansible.builtin.copy: + dest: /etc/apt/sources.list + content: | + # Verwaltet via Ansible. Repositories liegen in /etc/apt/sources.list.d/*.sources (deb822). + # Zielrelease: {{ target_release }} + owner: root + group: root + mode: "0644" + + - name: Debian-Repo (deb + deb-src) als deb822 anlegen + ansible.builtin.template: + src: templates/apt-migrate-to-trixie/debian.sources.j2 + dest: /etc/apt/sources.list.d/debian.sources + owner: root + group: root + mode: "0644" + + - name: Security-Repo (deb + deb-src) als deb822 anlegen + ansible.builtin.template: + src: templates/apt-migrate-to-trixie/security.sources.j2 + dest: /etc/apt/sources.list.d/security.sources + owner: root + group: root + mode: "0644" + + - name: Backports-Repo (optional) als deb822 anlegen/entfernen + ansible.builtin.template: + src: templates/apt-migrate-to-trixie/backports.sources.j2 + dest: /etc/apt/sources.list.d/backports.sources + owner: root + group: root + mode: "0644" + when: enable_backports + - name: Backports-Repo entfernen wenn deaktiviert + ansible.builtin.file: + path: /etc/apt/sources.list.d/backports.sources + state: absent + when: not enable_backports + + - name: Optionales Backports-Pinning setzen + ansible.builtin.template: + src: templates/apt-migrate-to-trixie/99-backports.j2 + dest: /etc/apt/preferences.d/99-backports + owner: root + group: root + mode: "0644" + when: enable_backports and pin_backports_low + + - name: APT-Cache aktualisieren + ansible.builtin.apt: + update_cache: yes + cache_valid_time: "{{ apt_cache_valid_time }}" + + - name: Verifikation - zeigen, ob Suites auf trixie stehen + ansible.builtin.command: apt-cache policy + register: apt_policy + changed_when: false + + - name: Ausgabe anzeigen (nur Info) + ansible.builtin.debug: + msg: "{{ apt_policy.stdout.split('\n') | select('search', 'trixie') | list | join('\n') }}" + diff --git a/files/homedirs/sysadm/_vimrc.BAK b/files/homedirs/sysadm/_vimrc.BAK deleted file mode 100644 index 0bf54d9..0000000 --- a/files/homedirs/sysadm/_vimrc.BAK +++ /dev/null @@ -1,173 +0,0 @@ -" An example for a vimrc file. -" -" Maintainer: Bram Moolenaar -" Last change: 1999 Sep 09 -" -" To use it, copy it to -" for Unix and OS/2: ~/.vimrc -" for Amiga: s:.vimrc -" for MS-DOS and Win32: $VIM\_vimrc - -" This line should not be removed as it ensures that various options are -" properly set to work with the Vim-related packages available in Debian. -runtime! debian.vim - -set nocompatible " Use Vim defaults (much better!) -set bs=2 " allow backspacing over everything in insert mode -set ai " always set autoindenting on -" set backup " keep a backup file -"set viminfo='20,\"50 " read/write a .viminfo file, don't store more - " than 50 lines of registers -set viminfo='20,\"50,:20,%,n~/.viminfo -set history=50 " keep 50 lines of command line history -set ruler " show the cursor position all the time -set ignorecase " suchen case-insenitiv -set showmatch " zeige passende klammern -set shell=/bin/bash " shell to start with ! -set expandtab " tabs --> blanks -set showmode " anzeige INSERT/REPLACE/... - -" set smartcase " Do smart case matching - -set incsearch " Incremental search - " Start searching when you type the first character of - " the search string. As you type in more characters, the - " search is refined. - -set t_Co=256 " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme - -" einrueckung -set shiftwidth=3 -set tabstop=3 -" Round indent to multiple of 'shiftwidth' for > and < commands -set shiftround - -" For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries -" let &guioptions = substitute(&guioptions, "t", "", "g") - -" Don't use Ex mode, use Q for formatting -map Q gq - -" Make p in isual Visual mode replace the selected text with the "" register. -vnoremap p :let current_reg = @"gvdi=current_reg - -" Switch syntax highlighting on, when the terminal has colors -" Also switch on highlighting the last used search pattern. -if &t_Co > 2 || has("gui_running") - syntax on - set hlsearch -endif - -" Only do this part when compiled with support for autocommands. -if has("autocmd") - -" In text files, always limit the width of text to 78 characters - autocmd BufRead *.txt set tw=78 - - augroup cprog - " Remove all cprog autocommands - au! - - " When starting to edit a file: - " For C and C++ files set formatting of comments and set C-indenting on. - " For other files switch it off. - " Don't change the order, it's important that the line with * comes first. - autocmd FileType * set formatoptions=tcql nocindent comments& - autocmd FileType c,cpp set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,:// - augroup END - - augroup gzip - " Remove all gzip autocommands - au! - - " Enable editing of gzipped files - " set binary mode before reading the file - autocmd BufReadPre,FileReadPre *.gz,*.bz2 set bin - autocmd BufReadPost,FileReadPost *.gz call GZIP_read("gunzip") - autocmd BufReadPost,FileReadPost *.bz2 call GZIP_read("bunzip2") - autocmd BufWritePost,FileWritePost *.gz call GZIP_write("gzip") - autocmd BufWritePost,FileWritePost *.bz2 call GZIP_write("bzip2") - autocmd FileAppendPre *.gz call GZIP_appre("gunzip") - autocmd FileAppendPre *.bz2 call GZIP_appre("bunzip2") - autocmd FileAppendPost *.gz call GZIP_write("gzip") - autocmd FileAppendPost *.bz2 call GZIP_write("bzip2") - - " After reading compressed file: Uncompress text in buffer with "cmd" - fun! GZIP_read(cmd) - let ch_save = &ch - set ch=2 - execute "'[,']!" . a:cmd - set nobin - let &ch = ch_save - execute ":doautocmd BufReadPost " . expand("%:r") - endfun - - " After writing compressed file: Compress written file with "cmd" - fun! GZIP_write(cmd) - if rename(expand(""), expand(":r")) == 0 - execute "!" . a:cmd . " :r" - endif - endfun - - " Before appending to compressed file: Uncompress file with "cmd" - fun! GZIP_appre(cmd) - execute "!" . a:cmd . " " - call rename(expand(":r"), expand("")) - endfun - - augroup END - - " This is disabled, because it changes the jumplist. Can't use CTRL-O to go - " back to positions in previous files more than once. - if 0 - " When editing a file, always jump to the last cursor position. - " This must be after the uncompress commands. - autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif - endif - -endif " has("autocmd") - -" toggle syntax highlighting -map :if exists("syntax_on") syntax off else syntax on endif -map :nohls - -" use to toggle line numbers -nmap :set number! - - -" If using a dark background within the editing area and syntax highlighting -" turn on this option as well -set background=dark - - -" set color for search -hi clear search -hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse - -" set color for Comment -hi clear Comment -"highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold -"highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold -"highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold -highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold -"highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold -"highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold - -" Go back to the position the cursor was on the last time this file was edited -au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif - -" visual shifting (does not exit Visual mode) -vnoremap < >gv - -" Scroll when cursor gets within 3 characters of top/bottom edge -set scrolloff=3 - -" Show line, column number, and relative position within a file in the status line -" set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L] -"set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\ -set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%% -" Always show status line, even for one window -set laststatus=2 -highlight StatusLine cterm=none ctermfg=white ctermbg=blue - diff --git a/group_vars/all/main.yml b/group_vars/all/main.yml index 28d77ba..9270a1b 100644 --- a/group_vars/all/main.yml +++ b/group_vars/all/main.yml @@ -2941,6 +2941,8 @@ ipv6_address: '' is_relay_host: +# support_dmarc_reporting: + # sasl_auth_enable: # # possible values are: diff --git a/host_vars/a.mx.oopen.de.yml b/host_vars/a.mx.oopen.de.yml index 7a2c914..ae4f1d5 100644 --- a/host_vars/a.mx.oopen.de.yml +++ b/host_vars/a.mx.oopen.de.yml @@ -214,6 +214,8 @@ ipv6_address: 2a01:4f9:4a:47e5::247 admin_email: argus@oopen.de is_relay_host: !!str "false" +support_dmarc_reporting: !!str "true" + db_in_use: !!str "true" # postfix_db_type # diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 103fe92..2111cc0 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -8,7 +8,10 @@ group: root mode: 0644 register: apt_config_updated - when: apt_manage_sources_list|bool + when: + - apt_manage_sources_list|bool + - ansible_facts['distribution'] == 'Debian' + - (ansible_facts['distribution_major_version'] | int) < 13 tags: - apt-configuration diff --git a/roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 b/roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 index e9e6977..2a7db1d 100644 --- a/roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 +++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2 @@ -36,7 +36,7 @@ _SASL_PASS= _RELAY_HOST=true _SYMPA_LIST_SERVER=true {% else %} -_RELAY_HOST="{{ is_relay_host | default('false') }}" +_RELAY_HOST={{ is_relay_host | default('false') }} _SYMPA_LIST_SERVER=false {% endif %} - +_INSTALL_DMARC_REPORT_SUPPORT={{ support_dmarc_reporting | default('false') }} diff --git a/templates/apt-migrate-to-trixie/99-backports.j2 b/templates/apt-migrate-to-trixie/99-backports.j2 new file mode 100644 index 0000000..4ab8a6b --- /dev/null +++ b/templates/apt-migrate-to-trixie/99-backports.j2 @@ -0,0 +1,4 @@ +# Backports nicht automatisch bevorzugen +Package: * +Pin: release n={{ target_release }}-backports +Pin-Priority: {{ backports_pin_priority }} diff --git a/templates/apt-migrate-to-trixie/backports.sources.j2 b/templates/apt-migrate-to-trixie/backports.sources.j2 new file mode 100644 index 0000000..613f37e --- /dev/null +++ b/templates/apt-migrate-to-trixie/backports.sources.j2 @@ -0,0 +1,8 @@ +# Verwaltet via Ansible - Backports für {{ target_release }} +Types: deb deb-src +URIs: {{ debian_mirror }} +Suites: {{ target_release }}-backports +Components: {{ components }} +{% if use_signed_by %} +Signed-By: {{ signed_by_keyring }} +{% endif %} diff --git a/templates/apt-migrate-to-trixie/debian.sources.j2 b/templates/apt-migrate-to-trixie/debian.sources.j2 new file mode 100644 index 0000000..8214b2c --- /dev/null +++ b/templates/apt-migrate-to-trixie/debian.sources.j2 @@ -0,0 +1,15 @@ +# Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }} +Types: deb deb-src +URIs: {{ debian_mirror }} +Suites: {{ target_release }} {{ target_release }}-updates +Components: {{ components }} +Signed-By: default +EOF +# Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }} +Types: deb deb-src +URIs: {{ debian_mirror }} +Suites: {{ target_release }} {{ target_release }}-updates +Components: {{ components }} +{% if use_signed_by %} +Signed-By: {{ signed_by_keyring }} +{% endif %} diff --git a/templates/apt-migrate-to-trixie/security.sources.j2 b/templates/apt-migrate-to-trixie/security.sources.j2 new file mode 100644 index 0000000..7a2e3b2 --- /dev/null +++ b/templates/apt-migrate-to-trixie/security.sources.j2 @@ -0,0 +1,8 @@ +# Verwaltet via Ansible - Security für {{ target_release }} +Types: deb deb-src +URIs: {{ security_mirror }} +Suites: {{ target_release }}-security +Components: {{ components }} +{% if use_signed_by %} +Signed-By: {{ signed_by_keyring }} +{% endif %}