update..

2025-11-25 00:23:27 +01:00
parent 4c406279e9
commit 24aeb45e92
10 changed files with 166 additions and 176 deletions
--- a/apt-migrate-to-trixie.yml
+++ b/apt-migrate-to-trixie.yml
@@ -0,0 +1,121 @@
 ---
 # ---
 # deb822 ist das neue Konfigurationsformats für APT-Quellen (Repositories).
 # Es basiert auf der Debian Control Syntax nach RFC 822 – daher der Name
 # ---
 - name: Nur APT auf Debian 13 (Trixie) migrieren
  hosts: all
  become: true
  gather_facts: true
  vars:
    target_release: trixie
    debian_mirror: "http://deb.debian.org/debian"
    security_mirror: "http://security.debian.org/debian-security"
    components: "main contrib non-free non-free-firmware"
    enable_backports: true         # auf false setzen, wenn du keine Backports willst
    pin_backports_low: true        # Backports nur auf Anfrage
    # Nur manuelle Installation/Upgrade aus Backports:
    #    backports_pin_priority: 100
    #
    # Automatische Updates für bereits installierte Backports-Pakete.
    #    backports_pin_priority: 500 (>= 500)
    #
    backports_pin_priority: 100    # 100 = nie automatisch bevorzugen
    apt_cache_valid_time: 3600
    # Für offizielle Debian-Repos brauchst es kein Signed-By, weil debian-archive-keyring 
    # ohnehin systemweit vertrauenswürdig ist.
    #
    use_signed_by: true  # oder false, wenn du Option A willst
    # Wenn Signed-By explizit gesetzt werden soll, dann nutze den Keyring-Pfad und stelle sicher, 
    # dass das Paket installiert ist.
    signed_by_keyring: "/usr/share/keyrings/debian-archive-keyring.gpg"
  pre_tasks:
    - name: Sicherstellen, dass wir Debian sind
      assert:
        that:
          - ansible_facts['os_family'] == "Debian"
        fail_msg: "Dieses Playbook ist nur für Debian geeignet."
  tasks:
    - name: Keyring für Debian-Archive sicherstellen (falls Signed-By genutzt)
      ansible.builtin.apt:
        name: debian-archive-keyring
        state: present
      when: use_signed_by
    - name: (Optional) Alte /etc/apt/sources.list sichern
      ansible.builtin.copy:
        src: /etc/apt/sources.list
        dest: /etc/apt/sources.list.before-trixie
        remote_src: true
        force: false
      ignore_errors: true
    - name: Alte /etc/apt/sources.list deaktivieren (leere Kommentar-Datei)
      ansible.builtin.copy:
        dest: /etc/apt/sources.list
        content: |
          # Verwaltet via Ansible. Repositories liegen in /etc/apt/sources.list.d/*.sources (deb822).
          # Zielrelease: {{ target_release }}
        owner: root
        group: root
        mode: "0644"
    - name: Debian-Repo (deb + deb-src) als deb822 anlegen
      ansible.builtin.template:
        src: templates/apt-migrate-to-trixie/debian.sources.j2
        dest: /etc/apt/sources.list.d/debian.sources
        owner: root
        group: root
        mode: "0644"
    - name: Security-Repo (deb + deb-src) als deb822 anlegen
      ansible.builtin.template:
        src: templates/apt-migrate-to-trixie/security.sources.j2
        dest: /etc/apt/sources.list.d/security.sources
        owner: root
        group: root
        mode: "0644"
    - name: Backports-Repo (optional) als deb822 anlegen/entfernen
      ansible.builtin.template:
        src: templates/apt-migrate-to-trixie/backports.sources.j2
        dest: /etc/apt/sources.list.d/backports.sources
        owner: root
        group: root
        mode: "0644"
      when: enable_backports
    - name: Backports-Repo entfernen wenn deaktiviert
      ansible.builtin.file:
        path: /etc/apt/sources.list.d/backports.sources
        state: absent
      when: not enable_backports
    - name: Optionales Backports-Pinning setzen
      ansible.builtin.template:
        src: templates/apt-migrate-to-trixie/99-backports.j2
        dest: /etc/apt/preferences.d/99-backports
        owner: root
        group: root
        mode: "0644"
      when: enable_backports and pin_backports_low
    - name: APT-Cache aktualisieren
      ansible.builtin.apt:
        update_cache: yes
        cache_valid_time: "{{ apt_cache_valid_time }}"
    - name: Verifikation - zeigen, ob Suites auf trixie stehen
      ansible.builtin.command: apt-cache policy
      register: apt_policy
      changed_when: false
    - name: Ausgabe anzeigen (nur Info)
      ansible.builtin.debug:
        msg: "{{ apt_policy.stdout.split('\n') | select('search', 'trixie') | list | join('\n') }}"
--- a/files/homedirs/sysadm/_vimrc.BAK
+++ b/files/homedirs/sysadm/_vimrc.BAK
@@ -1,173 +0,0 @@
 " An example for a vimrc file.
 "
 " Maintainer:   Bram Moolenaar <Bram@vim.org>
 " Last change:  1999 Sep 09
 "
 " To use it, copy it to
 "     for Unix and OS/2:  ~/.vimrc
 "             for Amiga:  s:.vimrc
 "  for MS-DOS and Win32:  $VIM\_vimrc
 " This line should not be removed as it ensures that various options are
 " properly set to work with the Vim-related packages available in Debian.
 runtime! debian.vim
 set nocompatible        " Use Vim defaults (much better!)
 set bs=2                " allow backspacing over everything in insert mode
 set ai                  " always set autoindenting on
 " set backup            " keep a backup file
 "set viminfo='20,\"50    " read/write a .viminfo file, don't store more
                        " than 50 lines of registers
 set viminfo='20,\"50,:20,%,n~/.viminfo
 set history=50          " keep 50 lines of command line history
 set ruler               " show the cursor position all the time
 set ignorecase          " suchen case-insenitiv
 set showmatch           " zeige passende klammern
 set shell=/bin/bash     " shell to start with !
 set expandtab           " tabs --> blanks
 set showmode            " anzeige INSERT/REPLACE/...
 " set smartcase           " Do smart case matching
 set incsearch           " Incremental search
                        " Start searching when you type the first character of 
                        " the search string. As you type in more characters, the 
                        " search is refined.
 set t_Co=256            " To enable 256 colors in vim, put this your .vimrc before setting the colorscheme
 " einrueckung
 set shiftwidth=3
 set tabstop=3
 " Round indent to multiple of 'shiftwidth' for > and < commands
 set shiftround
 " For Win32 GUI: remove 't' flag from 'guioptions': no tearoff menu entries
 " let &guioptions = substitute(&guioptions, "t", "", "g")
 " Don't use Ex mode, use Q for formatting
 map Q gq
 " Make p in isual Visual mode replace the selected text with the "" register.
 vnoremap p <Esc>:let current_reg = @"<CR>gvdi<C-R>=current_reg<CR><Esc>
 " Switch syntax highlighting on, when the terminal has colors
 " Also switch on highlighting the last used search pattern.
 if &t_Co > 2 || has("gui_running")
  syntax on
  set hlsearch
 endif
 " Only do this part when compiled with support for autocommands.
 if has("autocmd")
 " In text files, always limit the width of text to 78 characters
 autocmd BufRead *.txt set tw=78
 augroup cprog
  " Remove all cprog autocommands
  au!
  " When starting to edit a file:
  "   For C and C++ files set formatting of comments and set C-indenting on.
  "   For other files switch it off.
  "   Don't change the order, it's important that the line with * comes first.
  autocmd FileType *      set formatoptions=tcql nocindent comments&
  autocmd FileType c,cpp  set formatoptions=croql cindent comments=sr:/*,mb:*,el:*/,://
 augroup END
 augroup gzip
  " Remove all gzip autocommands
  au!
  " Enable editing of gzipped files
  " set binary mode before reading the file
  autocmd BufReadPre,FileReadPre        *.gz,*.bz2 set bin
  autocmd BufReadPost,FileReadPost      *.gz call GZIP_read("gunzip")
  autocmd BufReadPost,FileReadPost      *.bz2 call GZIP_read("bunzip2")
  autocmd BufWritePost,FileWritePost    *.gz call GZIP_write("gzip")
  autocmd BufWritePost,FileWritePost    *.bz2 call GZIP_write("bzip2")
  autocmd FileAppendPre                 *.gz call GZIP_appre("gunzip")
  autocmd FileAppendPre                 *.bz2 call GZIP_appre("bunzip2")
  autocmd FileAppendPost                *.gz call GZIP_write("gzip")
  autocmd FileAppendPost                *.bz2 call GZIP_write("bzip2")
  " After reading compressed file: Uncompress text in buffer with "cmd"
  fun! GZIP_read(cmd)
    let ch_save = &ch
    set ch=2
    execute "'[,']!" . a:cmd
    set nobin
    let &ch = ch_save
    execute ":doautocmd BufReadPost " . expand("%:r")
  endfun
  " After writing compressed file: Compress written file with "cmd"
  fun! GZIP_write(cmd)
    if rename(expand("<afile>"), expand("<afile>:r")) == 0
      execute "!" . a:cmd . " <afile>:r"
    endif
  endfun
  " Before appending to compressed file: Uncompress file with "cmd"
  fun! GZIP_appre(cmd)
    execute "!" . a:cmd . " <afile>"
    call rename(expand("<afile>:r"), expand("<afile>"))
  endfun
 augroup END
 " This is disabled, because it changes the jumplist.  Can't use CTRL-O to go
 " back to positions in previous files more than once.
 if 0
  " When editing a file, always jump to the last cursor position.
  " This must be after the uncompress commands.
   autocmd BufReadPost * if line("'\"") && line("'\"") <= line("$") | exe "normal `\"" | endif
 endif
 endif " has("autocmd")
 " toggle syntax highlighting
 map <F12> :if exists("syntax_on") <Bar> syntax off <Bar> else <Bar> syntax on <Bar> endif <CR><ESC>
 map <F11> :nohls <CR>
 " use <F6> to toggle line numbers
 nmap <silent> <F6> :set number!<CR>
 " If using a dark background within the editing area and syntax highlighting
 " turn on this option as well
 set background=dark
 " set color for search
 hi clear search
 hi search term=bold,reverse cterm=bold,reverse gui=bold,reverse
 " set color for Comment
 hi clear Comment
 "highlight Comment term=bold cterm=bold ctermfg=LightBlue guifg=#80a0ff gui=bold
 "highlight Comment term=none cterm=none ctermfg=LightBlue guifg=#80a0ff gui=bold
 "highlight Comment term=bold cterm=bold ctermfg=grey guifg=#80a0ff gui=bold
 highlight Comment term=none cterm=none ctermfg=grey guifg=#80a0ff gui=bold
 "highlight Comment term=none cterm=none ctermfg=177 guifg=#80a0ff gui=bold
 "highlight Comment term=none cterm=none ctermfg=215 guifg=#80a0ff gui=bold
 " Go back to the position the cursor was on the last time this file was edited
 au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")|execute("normal `\"")|endif
 " visual shifting (does not exit Visual mode)
 vnoremap < <gv
 vnoremap > >gv
 " Scroll when cursor gets within 3 characters of top/bottom edge
 set scrolloff=3
 " Show line, column number, and relative position within a file in the status line
 " set statusline=%F%m%r%h%w\ [FORMAT=%{&ff}]\ [TYPE=%Y]\ [ASCII=\%03.3b]\ [HEX=\%02.2B]\ [POS=%04l,%04v][%p%%]\ [LEN=%L]
 "set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)%(\|\ syntax:\ %{synIDattr(synID(line('.'),col('.'),0),'name')}%)\ \ %=line:\ %l/%L\ \|\ column:\ %c%V\ \|\ relative\:\ %p%%\
 set statusline=\ %F\ %(\|\ flags:\ %R%M%H%W\ %)%(\|\ type:\ %Y\ %)%(\|\ format:\ %{&ff}\ %)\ \ %=line:\ %l/%L\ \|\ col:\ %c%V\ \|\ %p%%
 " Always show status line, even for one window
 set laststatus=2
 highlight StatusLine cterm=none ctermfg=white ctermbg=blue
--- a/group_vars/all/main.yml
+++ b/group_vars/all/main.yml
@@ -2941,6 +2941,8 @@ ipv6_address: ''
 is_relay_host:
 # support_dmarc_reporting:
 # sasl_auth_enable:
 #
 # possible values are:
--- a/host_vars/a.mx.oopen.de.yml
+++ b/host_vars/a.mx.oopen.de.yml
@@ -214,6 +214,8 @@ ipv6_address: 2a01:4f9:4a:47e5::247
 admin_email: argus@oopen.de
 is_relay_host: !!str "false"
 support_dmarc_reporting: !!str "true"
 db_in_use: !!str "true"
 # postfix_db_type
 #
--- a/roles/common/tasks/apt.yml
+++ b/roles/common/tasks/apt.yml
@@ -8,7 +8,10 @@
    group: root
    mode: 0644
  register: apt_config_updated
-  when: apt_manage_sources_list|bool
+  when:
    - apt_manage_sources_list|bool
    - ansible_facts['distribution'] == 'Debian'
    - (ansible_facts['distribution_major_version'] | int) < 13
  tags:
    - apt-configuration
--- a/roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
+++ b/roles/common/templates/usr/local/src/mailsystem/conf/install_postfix_advanced.conf.j2
@@ -36,7 +36,7 @@ _SASL_PASS=
 _RELAY_HOST=true
 _SYMPA_LIST_SERVER=true
 {% else %}
-_RELAY_HOST="{{ is_relay_host | default('false') }}"
+_RELAY_HOST={{ is_relay_host | default('false') }}
 _SYMPA_LIST_SERVER=false
 {% endif %}
-
+_INSTALL_DMARC_REPORT_SUPPORT={{ support_dmarc_reporting | default('false') }}
--- a/templates/apt-migrate-to-trixie/99-backports.j2
+++ b/templates/apt-migrate-to-trixie/99-backports.j2
@@ -0,0 +1,4 @@
 # Backports nicht automatisch bevorzugen
 Package: *
 Pin: release n={{ target_release }}-backports
 Pin-Priority: {{ backports_pin_priority }}
--- a/templates/apt-migrate-to-trixie/backports.sources.j2
+++ b/templates/apt-migrate-to-trixie/backports.sources.j2
@@ -0,0 +1,8 @@
 # Verwaltet via Ansible - Backports für {{ target_release }}
 Types: deb deb-src
 URIs: {{ debian_mirror }}
 Suites: {{ target_release }}-backports
 Components: {{ components }}
 {% if use_signed_by %}
 Signed-By: {{ signed_by_keyring }}
 {% endif %}
--- a/templates/apt-migrate-to-trixie/debian.sources.j2
+++ b/templates/apt-migrate-to-trixie/debian.sources.j2
@@ -0,0 +1,15 @@
 # Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }}
 Types: deb deb-src
 URIs: {{ debian_mirror }}
 Suites: {{ target_release }} {{ target_release }}-updates
 Components: {{ components }}
 Signed-By: default
 EOF
 # Verwaltet via Ansible - Debian Basis & Updates für {{ target_release }}
 Types: deb deb-src
 URIs: {{ debian_mirror }}
 Suites: {{ target_release }} {{ target_release }}-updates
 Components: {{ components }}
 {% if use_signed_by %}
 Signed-By: {{ signed_by_keyring }}
 {% endif %}
--- a/templates/apt-migrate-to-trixie/security.sources.j2
+++ b/templates/apt-migrate-to-trixie/security.sources.j2
@@ -0,0 +1,8 @@
 # Verwaltet via Ansible - Security für {{ target_release }}
 Types: deb deb-src
 URIs: {{ security_mirror }}
 Suites: {{ target_release }}-security
 Components: {{ components }}
 {% if use_signed_by %}
 Signed-By: {{ signed_by_keyring }}
 {% endif %}