bullseye-security exists

Signed-off-by: Yohann D'ANELLO <ynerant@crans.org>

host_vars/synapse.adm.ynerant.fr.yml

@@ -2,3 +2,6 @@
 interfaces:
   adm: eth0
   srv_nat: eth1
+
+loc_apt:
+  backports: true

roles/apt/tasks/main.yml

@@ -8,7 +8,7 @@
     - "185.230.79.30"
     - "2a0c:700:2:0:ea39:35ff:fef0:48c9"
 
-- name: Add mirror.crans.org in /etc/hosts
+- name: Add mirror.adm.ynerant.fr in /etc/hosts
   lineinfile:
     state: present
     path: /etc/hosts
@@ -36,6 +36,7 @@
   loop: "{{ apt.extra_repositories }}"
 
 - name: Configure pin from future distributions
+  when: item[2].key != ansible_distribution_release
   template:
     src: "apt/{{ item[0] }}.d/pin{{ item[1] }}.j2"
     dest: "/etc/apt/{{ item[0] }}.d/{{ item[2].key }}{{ item[1] }}"
@@ -46,6 +47,15 @@
     - [["sources.list", ".list"], ["preferences", ""]]
     - "{{ apt.pin|dict2items }}"
 
+- name: Clear useless pinned configuration
+  when: item[2].key == ansible_distribution_release
+  file:
+    path: "/etc/apt/{{ item[0] }}.d/{{ item[2].key }}{{ item[1] }}"
+    state: absent
+  with_nested:
+    - [["sources.list", ".list"], ["preferences", ""]]
+    - "{{ apt.pin|dict2items }}"
+
 - name: Update APT cache
   apt:
     update_cache: true

roles/apt/templates/apt/sources.list.j2

@@ -1,8 +1,9 @@
 {{ ansible_header | comment }}
 
-{% if ansible_distribution_release != "bullseye" %}
-{# Debian security does not exist yet for bullseye #}
 # Mises à jour de sécurité
+{% if ansible_distribution_release == "bullseye" %}
+deb     {{ apt.mirror }}debian-security {{ ansible_distribution_release }}-security main contrib non-free
+{% else %}
 deb     {{ apt.mirror }}debian-security {{ ansible_distribution_release }}/updates main contrib non-free
 
 {% endif %}