From 4fe3babc83bbce0c3fd9a18e350a188ab85a5dd5 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Wed, 10 Nov 2021 11:39:40 +0100 Subject: [PATCH] bullseye-security exists Signed-off-by: Yohann D'ANELLO --- host_vars/synapse.adm.ynerant.fr.yml | 3 +++ roles/apt/tasks/main.yml | 12 +++++++++++- roles/apt/templates/apt/sources.list.j2 | 5 +++-- 3 files changed, 17 insertions(+), 3 deletions(-) diff --git a/host_vars/synapse.adm.ynerant.fr.yml b/host_vars/synapse.adm.ynerant.fr.yml index 2eb6f99..8348b32 100644 --- a/host_vars/synapse.adm.ynerant.fr.yml +++ b/host_vars/synapse.adm.ynerant.fr.yml @@ -2,3 +2,6 @@ interfaces: adm: eth0 srv_nat: eth1 + +loc_apt: + backports: true diff --git a/roles/apt/tasks/main.yml b/roles/apt/tasks/main.yml index 0957379..ae766d2 100644 --- a/roles/apt/tasks/main.yml +++ b/roles/apt/tasks/main.yml @@ -8,7 +8,7 @@ - "185.230.79.30" - "2a0c:700:2:0:ea39:35ff:fef0:48c9" -- name: Add mirror.crans.org in /etc/hosts +- name: Add mirror.adm.ynerant.fr in /etc/hosts lineinfile: state: present path: /etc/hosts @@ -36,6 +36,7 @@ loop: "{{ apt.extra_repositories }}" - name: Configure pin from future distributions + when: item[2].key != ansible_distribution_release template: src: "apt/{{ item[0] }}.d/pin{{ item[1] }}.j2" dest: "/etc/apt/{{ item[0] }}.d/{{ item[2].key }}{{ item[1] }}" @@ -46,6 +47,15 @@ - [["sources.list", ".list"], ["preferences", ""]] - "{{ apt.pin|dict2items }}" +- name: Clear useless pinned configuration + when: item[2].key == ansible_distribution_release + file: + path: "/etc/apt/{{ item[0] }}.d/{{ item[2].key }}{{ item[1] }}" + state: absent + with_nested: + - [["sources.list", ".list"], ["preferences", ""]] + - "{{ apt.pin|dict2items }}" + - name: Update APT cache apt: update_cache: true diff --git a/roles/apt/templates/apt/sources.list.j2 b/roles/apt/templates/apt/sources.list.j2 index a9398c5..2a7c869 100644 --- a/roles/apt/templates/apt/sources.list.j2 +++ b/roles/apt/templates/apt/sources.list.j2 @@ -1,8 +1,9 @@ {{ ansible_header | comment }} -{% if ansible_distribution_release != "bullseye" %} -{# Debian security does not exist yet for bullseye #} # Mises à jour de sécurité +{% if ansible_distribution_release == "bullseye" %} +deb {{ apt.mirror }}debian-security {{ ansible_distribution_release }}-security main contrib non-free +{% else %} deb {{ apt.mirror }}debian-security {{ ansible_distribution_release }}/updates main contrib non-free {% endif %}