122 lines
4.1 KiB
YAML
122 lines
4.1 KiB
YAML
---
|
||
|
||
# ---
|
||
# deb822 ist das neue Konfigurationsformats für APT-Quellen (Repositories).
|
||
# Es basiert auf der Debian Control Syntax nach RFC 822 – daher der Name
|
||
# ---
|
||
|
||
- name: Nur APT auf Debian 13 (Trixie) migrieren
|
||
hosts: all
|
||
become: true
|
||
gather_facts: true
|
||
|
||
vars:
|
||
target_release: trixie
|
||
debian_mirror: "http://deb.debian.org/debian"
|
||
security_mirror: "http://security.debian.org/debian-security"
|
||
components: "main contrib non-free non-free-firmware"
|
||
enable_backports: true # auf false setzen, wenn du keine Backports willst
|
||
pin_backports_low: true # Backports nur auf Anfrage
|
||
# Nur manuelle Installation/Upgrade aus Backports:
|
||
# backports_pin_priority: 100
|
||
#
|
||
# Automatische Updates für bereits installierte Backports-Pakete.
|
||
# backports_pin_priority: 500 (>= 500)
|
||
#
|
||
backports_pin_priority: 100 # 100 = nie automatisch bevorzugen
|
||
apt_cache_valid_time: 3600
|
||
# Für offizielle Debian-Repos brauchst es kein Signed-By, weil debian-archive-keyring
|
||
# ohnehin systemweit vertrauenswürdig ist.
|
||
#
|
||
use_signed_by: true # oder false, wenn du Option A willst
|
||
# Wenn Signed-By explizit gesetzt werden soll, dann nutze den Keyring-Pfad und stelle sicher,
|
||
# dass das Paket installiert ist.
|
||
signed_by_keyring: "/usr/share/keyrings/debian-archive-keyring.gpg"
|
||
|
||
pre_tasks:
|
||
- name: Sicherstellen, dass wir Debian sind
|
||
assert:
|
||
that:
|
||
- ansible_facts['os_family'] == "Debian"
|
||
fail_msg: "Dieses Playbook ist nur für Debian geeignet."
|
||
|
||
tasks:
|
||
|
||
- name: Keyring für Debian-Archive sicherstellen (falls Signed-By genutzt)
|
||
ansible.builtin.apt:
|
||
name: debian-archive-keyring
|
||
state: present
|
||
when: use_signed_by
|
||
|
||
- name: (Optional) Alte /etc/apt/sources.list sichern
|
||
ansible.builtin.copy:
|
||
src: /etc/apt/sources.list
|
||
dest: /etc/apt/sources.list.before-trixie
|
||
remote_src: true
|
||
force: false
|
||
ignore_errors: true
|
||
|
||
- name: Alte /etc/apt/sources.list deaktivieren (leere Kommentar-Datei)
|
||
ansible.builtin.copy:
|
||
dest: /etc/apt/sources.list
|
||
content: |
|
||
# Verwaltet via Ansible. Repositories liegen in /etc/apt/sources.list.d/*.sources (deb822).
|
||
# Zielrelease: {{ target_release }}
|
||
owner: root
|
||
group: root
|
||
mode: "0644"
|
||
|
||
- name: Debian-Repo (deb + deb-src) als deb822 anlegen
|
||
ansible.builtin.template:
|
||
src: templates/apt-migrate-to-trixie/debian.sources.j2
|
||
dest: /etc/apt/sources.list.d/debian.sources
|
||
owner: root
|
||
group: root
|
||
mode: "0644"
|
||
|
||
- name: Security-Repo (deb + deb-src) als deb822 anlegen
|
||
ansible.builtin.template:
|
||
src: templates/apt-migrate-to-trixie/security.sources.j2
|
||
dest: /etc/apt/sources.list.d/security.sources
|
||
owner: root
|
||
group: root
|
||
mode: "0644"
|
||
|
||
- name: Backports-Repo (optional) als deb822 anlegen/entfernen
|
||
ansible.builtin.template:
|
||
src: templates/apt-migrate-to-trixie/backports.sources.j2
|
||
dest: /etc/apt/sources.list.d/backports.sources
|
||
owner: root
|
||
group: root
|
||
mode: "0644"
|
||
when: enable_backports
|
||
- name: Backports-Repo entfernen wenn deaktiviert
|
||
ansible.builtin.file:
|
||
path: /etc/apt/sources.list.d/backports.sources
|
||
state: absent
|
||
when: not enable_backports
|
||
|
||
- name: Optionales Backports-Pinning setzen
|
||
ansible.builtin.template:
|
||
src: templates/apt-migrate-to-trixie/99-backports.j2
|
||
dest: /etc/apt/preferences.d/99-backports
|
||
owner: root
|
||
group: root
|
||
mode: "0644"
|
||
when: enable_backports and pin_backports_low
|
||
|
||
- name: APT-Cache aktualisieren
|
||
ansible.builtin.apt:
|
||
update_cache: yes
|
||
cache_valid_time: "{{ apt_cache_valid_time }}"
|
||
|
||
- name: Verifikation - zeigen, ob Suites auf trixie stehen
|
||
ansible.builtin.command: apt-cache policy
|
||
register: apt_policy
|
||
changed_when: false
|
||
|
||
- name: Ausgabe anzeigen (nur Info)
|
||
ansible.builtin.debug:
|
||
msg: "{{ apt_policy.stdout.split('\n') | select('search', 'trixie') | list | join('\n') }}"
|
||
|