forked from evolix/ansible-roles
fef86b0a3f
The generic keyring is used instead of the specific ones for system and security because /usr/share/keyrings/debian-archive-bookworm-* are not present (yet) on major upgrades. It’s not ideal, and should be replaced afterwards. https://wiki.evolix.org/HowtoDebian/SourcesList#bookworm-12
51 lines
1.2 KiB
YAML
51 lines
1.2 KiB
YAML
---
|
|
- ansible.builtin.include_role:
|
|
name: evolix/remount-usr
|
|
|
|
- name: /usr/share/scripts exists
|
|
ansible.builtin.file:
|
|
dest: /usr/share/scripts
|
|
mode: "0700"
|
|
owner: root
|
|
group: root
|
|
state: directory
|
|
tags:
|
|
- apt
|
|
|
|
- name: Migration scripts are installed
|
|
ansible.builtin.copy:
|
|
src: "{{ item }}"
|
|
dest: "/usr/share/scripts/{{ item }}"
|
|
force: true
|
|
mode: "0755"
|
|
loop:
|
|
- deb822-migration.py
|
|
- deb822-migration.sh
|
|
tags:
|
|
- apt
|
|
|
|
- name: Exec migration script
|
|
ansible.builtin.command:
|
|
cmd: /usr/share/scripts/deb822-migration.sh
|
|
ignore_errors: yes
|
|
tags:
|
|
- apt
|
|
|
|
- name: Add signed-by when relevant for bookworm
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/apt/sources.list.d/system.sources
|
|
line: "Signed-by: /usr/share/keyrings/debian-archive-keyring.gpg"
|
|
insertafter: "Suites: bookworm bookworm-updates"
|
|
state: present
|
|
tags:
|
|
- apt
|
|
|
|
- name: Add signed-by when relevant for bookworm-security
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/apt/sources.list.d/security.sources
|
|
line: "Signed-by: /usr/share/keyrings/debian-archive-keyring.gpg"
|
|
insertafter: "Suites: bookworm-security"
|
|
state: present
|
|
tags:
|
|
- apt
|