From 2f68ae53390df40ef972704b2e17b41ddf7010e7 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Sat, 1 May 2021 17:51:50 +0200
Subject: [PATCH] Preliminary support for Bullseye

---
 CHANGELOG.md                               |   1 +
 apt/files/bullseye_backports_preferences   |   3 +
 apt/tasks/basics.yml                       |   1 +
 evolinux-base/tasks/system.yml             |   6 +-
 haproxy/defaults/main.yml                  |   1 +
 haproxy/tasks/packages_backports.yml       |   4 +
 lxc-php/defaults/main.yml                  |   2 +-
 lxc-php/tasks/php74.yml                    |   4 +-
 mongodb/files/server-4.4.asc               |  30 +++++++
 mongodb/files/server-4.4.gpg               | Bin 0 -> 1162 bytes
 mongodb/tasks/main.yml                     |   5 +-
 mongodb/tasks/main_bullseye.yml            |  80 +++++++++++++++++
 mongodb/templates/logrotate_bullseye.j2    |  15 ++++
 mongodb/templates/mongodb_bullseye.conf.j2 |  39 +++++++++
 php/handlers/main.yml                      |   5 ++
 php/tasks/main.yml                         |   3 +
 php/tasks/main_bullseye.yml                |  97 +++++++++++++++++++++
 postgresql/tasks/main.yml                  |   4 +-
 tomcat/tasks/packages.yml                  |   7 ++
 varnish/tasks/main.yml                     |   1 +
 20 files changed, 299 insertions(+), 9 deletions(-)
 create mode 100644 apt/files/bullseye_backports_preferences
 create mode 100644 mongodb/files/server-4.4.asc
 create mode 100644 mongodb/files/server-4.4.gpg
 create mode 100644 mongodb/tasks/main_bullseye.yml
 create mode 100644 mongodb/templates/logrotate_bullseye.j2
 create mode 100644 mongodb/templates/mongodb_bullseye.conf.j2
 create mode 100644 php/tasks/main_bullseye.yml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 38d99455..5d9abcaf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release.
 
 ### Added
 
+* Preliminary support for Debian 11 « Bullseye »
 * certbot: add script for manual deploy hooks execution
 * listupgrade: crontab is configurable
 
diff --git a/apt/files/bullseye_backports_preferences b/apt/files/bullseye_backports_preferences
new file mode 100644
index 00000000..3a667c93
--- /dev/null
+++ b/apt/files/bullseye_backports_preferences
@@ -0,0 +1,3 @@
+Package: *
+Pin: release a=bullseye-backports
+Pin-Priority: 50
diff --git a/apt/tasks/basics.yml b/apt/tasks/basics.yml
index fee1430a..33c79129 100644
--- a/apt/tasks/basics.yml
+++ b/apt/tasks/basics.yml
@@ -19,6 +19,7 @@
     - /etc/apt/sources.list.d/debian-jessie.list
     - /etc/apt/sources.list.d/debian-stretch.list
     - /etc/apt/sources.list.d/debian-buster.list
+    - /etc/apt/sources.list.d/debian-bullseye.list
     - /etc/apt/sources.list.d/debian-update.list
   when: apt_clean_gandi_sourceslist | bool
   tags:
diff --git a/evolinux-base/tasks/system.yml b/evolinux-base/tasks/system.yml
index 53fa243c..554bb02a 100644
--- a/evolinux-base/tasks/system.yml
+++ b/evolinux-base/tasks/system.yml
@@ -153,7 +153,7 @@
 
 
 
-- name: Install alert5 init script (buster)
+- name: Install alert5 init script (buster and later)
   template:
     src: system/alert5.sh.j2
     dest: /usr/share/scripts/alert5.sh
@@ -163,7 +163,7 @@
     - evolinux_system_alert5_init | bool
     - ansible_distribution_major_version is version('10', '>=')
 
-- name: Install alert5 service (buster)
+- name: Install alert5 service (buster and later)
   copy:
     src: alert5.service
     dest: /etc/systemd/system/alert5.service
@@ -173,7 +173,7 @@
     - evolinux_system_alert5_init | bool
     - ansible_distribution_major_version is version('10', '>=')
 
-- name: Enable alert5 init script (buster)
+- name: Enable alert5 init script (buster and later)
   systemd:
     name: alert5
     daemon_reload: yes
diff --git a/haproxy/defaults/main.yml b/haproxy/defaults/main.yml
index b94d2872..0745f1a9 100644
--- a/haproxy/defaults/main.yml
+++ b/haproxy/defaults/main.yml
@@ -34,3 +34,4 @@ haproxy_deny_ips: []
 
 haproxy_backports_packages_stretch: haproxy libssl1.0.0
 haproxy_backports_packages_buster: haproxy
+haproxy_backports_packages_bullseye: haproxy
diff --git a/haproxy/tasks/packages_backports.yml b/haproxy/tasks/packages_backports.yml
index 9a682120..eab4fbca 100644
--- a/haproxy/tasks/packages_backports.yml
+++ b/haproxy/tasks/packages_backports.yml
@@ -15,6 +15,10 @@
     haproxy_backports_packages: "{{ haproxy_backports_packages_buster }}"
   when: ansible_distribution_release == 'buster'
 
+- set_fact:
+    haproxy_backports_packages: "{{ haproxy_backports_packages_bullseye }}"
+  when: ansible_distribution_release == 'bullseye'
+
 - name: Prefer HAProxy package from backports
   template:
     src: haproxy_apt_preferences.j2
diff --git a/lxc-php/defaults/main.yml b/lxc-php/defaults/main.yml
index 1cceab35..ce8a935d 100644
--- a/lxc-php/defaults/main.yml
+++ b/lxc-php/defaults/main.yml
@@ -18,4 +18,4 @@ lxc_php_container_releases:
   php56: "jessie"
   php70: "stretch"
   php73: "buster"
-  php74: "buster"
+  php74: "bullseye"
diff --git a/lxc-php/tasks/php74.yml b/lxc-php/tasks/php74.yml
index 2c4538e8..464e0766 100644
--- a/lxc-php/tasks/php74.yml
+++ b/lxc-php/tasks/php74.yml
@@ -13,8 +13,8 @@
     create: yes
     mode: "0644"
   loop:
-    - "deb https://packages.sury.org/php/ buster main"
-    - "deb http://pub.evolix.net/ buster-php74/"
+    - "deb https://packages.sury.org/php/ bullseye main"
+    - "deb http://pub.evolix.net/ bullseye-php74/"
 
 - name: copy pub.evolix.net GPG key
   copy:
diff --git a/mongodb/files/server-4.4.asc b/mongodb/files/server-4.4.asc
new file mode 100644
index 00000000..9f4d9161
--- /dev/null
+++ b/mongodb/files/server-4.4.asc
@@ -0,0 +1,30 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mQINBFzteqwBEADSirbLWsjgkQmdWr06jXPN8049MCqXQIZ2ovy9uJPyLkHgOCta
+8dmX+8Fkk5yNOLScjB1HUGJxAWJG+AhldW1xQGeo6loDfTW1mlfetq/zpW7CKbUp
+qve9eYYulneAy/81M/UoUZSzHqj6XY39wzJCH20H+Qx3WwcqXgSU7fSFXyJ4EBYs
+kWybbrAra5v29LUTBd7OvvS+Swovdh4T31YijUOUUL/gJkBI9UneVyV7/8DdUoVJ
+a8ym2pZ6ALy+GZrWBHcCKD/rQjEkXJnDglu+FSUI50SzaC9YX31TTzEMJijiPi6I
+MIZJMXLH7GpCIDcvyrLWIRYVJAQRoYJB4rmp42HTyed4eg4RnSiFrxVV5xQaDnSl
+/8zSOdVMBVewp8ipv34VeRXgNTgRkhA2JmL+KlALMkPo7MbRkJF01DiOOsIdz3Iu
+43oYg3QYmqxZI6kZNtXpUMnJeuRmMQJJN8yc9ZdOA9Ll2TTcIql8XEsjGcM7IWM9
+CP6zGwCcbrv72Ka+h/bGaLpwLbpkr5I8PjjSECn9fBcgnVX6HfKH7u3y11+Va1nh
+a8ZEE1TuOqRxnVDQ+K4iwaZFgFYsBMKo2ghoU2ZbZxu14vs6Eksn6UFsm8DpPwfy
+jtLtdje8jrbYAqAy5zIMLoW+I6Rb5sU3Olh9nI7NW4T5qQeemBcuRAwB4QARAQAB
+tDdNb25nb0RCIDQuNCBSZWxlYXNlIFNpZ25pbmcgS2V5IDxwYWNrYWdpbmdAbW9u
+Z29kYi5jb20+iQI+BBMBAgAoBQJc7XqsAhsDBQkJZgGABgsJCAcDAgYVCAIJCgsE
+FgIDAQIeAQIXgAAKCRBlZAjjkM+x9SKmD/9BzdjFAgBPPkUnD5pJQgsBQKUEkDsu
+cht6Q0Y4M635K7okpqJvXtZV5Mo+ajWZjUeHn4wPdVgzF2ItwVLRjjak3tIZfe3+
+ME5Y27Aej3LeqQC3Q5g6SnpeZwVEhWzU35CnyhQecP4AhDG3FO0gKUn3GkEgmsd6
+rnXAQLEw3VUYO8boxqBF3zjmFLIIaODYNmO1bLddJgvZlefUC62lWBBUs6Z7PBnl
+q7qBQFhz9qV9zXZwCT2/vgGLg5JcwVdcJXwAsQSr1WCVd7Y79+JcA7BZiSg9FAQd
+4t2dCkkctoUKgXsAH5fPwErGNj5L6iUnhFODPvdDJ7l35UcIZ2h74lqfEh+jh8eo
+UgxkcI2y2FY/lPapcPPKe0FHzCxG2U/NRdM+sqrIfp9+s88Bj+Eub7OhW4dF3AlL
+bh/BGHL9R8xAJRDLv8v7nsKkZWUnJaskeDFCKX3rjcTyTRWTG7EuMCmCn0Ou1hKc
+R3ECvIq0pVfVh+qk0hu+A5Dvj6k3QDcTfse+KfSAJkYvRKiuRuq5KgYcX3YSzL6K
+aZitMyu18XsQxKavpIGzaDhWyrVAig3XXF//zxowYVwuOikr5czgqizu87cqjpyn
+S0vVG4Q3+LswH4xVTn3UWadY/9FkM167ecouu4g3op29VDi7hCKsMeFvFP6OOIls
+G4vQ/QbzucK77Q==
+=eD3N
+-----END PGP PUBLIC KEY BLOCK-----
\ No newline at end of file
diff --git a/mongodb/files/server-4.4.gpg b/mongodb/files/server-4.4.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..f1b1730e67131b5c9f15b1ec84d5fc10f79887ee
GIT binary patch
literal 1162
zcmV;51a<qF0u2OQ?Ru;M5CGDOw#!<`;E@TPTD>}rbItQkJuoVlK!$dr{Jpr7@-9K(
zI4fH5*_ZplWRskYIJBIM9Y;`NaRFjR_y}cnZE-+nsOnk+eKob3SKhX-^QCUWDYYr8
z_q}<BE|zzI%l|bq^(ax4vmU7WU5)+2GD0712l)(lTL&s$1eERcg<m3g5Ed+vY@2Sd
zD{Gtf^tBTO-p;=CzDo)(b{-SoRw9i<lu*CmCO}B_N#0i_d;h@QQiVxt%%<9wdH}q>
z8JgAvcLFFs>q0RkT$#gyTfP+~2<JqzXfIe_eN#^{3??YzJ}!tbhDkAU$LwlCAU7|{
zveqFM6(j@^p@Ko;xvAq})5+&}dJYktD21;TRp%5M4s@me%+fj4Oa)i4r^u<leieBY
z;59fAk`Oi~V*V;n3o=9K?8ecMk#y8Jjyl2}&vGu~dKiOr7@DkEBdHlS)#*^l$$I2w
zF#<_9%$)U?P6N{A*)-fDseD{ZBN@XxA!9uV{<9kZoNl}O*rvXR_Qq(sa4ouIuaZ1I
zIMNU){d^Z7omKiB@`vv2^4DLLYgyrI#zYfT?mDD#olwyDt|GyvMSxZ;1j4A=2xwDg
zTW1@!;`=%hODE|;Y@5L8KL_%T((QIPypFcm0-!SIG7K(-z9Xbt=EXNUSbdz1&0B=|
zsRy2z7cN8$0pS1<0RRECH%)JDXKzG8AT%yCAW~&)Wnpt=AX8~)ZfS03AWLO=AUtqk
zV{2h&X>MmgZEtR8Z)9RFV{dIfi2^<Z69EDMC<Ovs?Ru;N8v_Li31$I+1`7!Y2Ll2I
z6$k<e3JU}l0s{d89svRufB*^!5M^Wt<B-p>^&+MZ|3S^z#R33NK1C-Fnn^+n0YIe$
zkUK7N8+t=VI5VyJE4n16qHkW-RpiP(YBiaSM~9z`4|P~G7h)~JQqhh!q~6jQeeM1*
zPFUNp9*=U~sQ|Y_m^w;&US|bFg>2N{kf+KN9&r8ugfX`i?I0;h_ZmSUn#X#sb-+Ne
zFx^!cJI3h7phe#}<`l9BXyDj3W3_CzT_y|JmFLt8t)*BHRI{dgJQ?Myx`9AgbM~cu
z&314JJ-@yIi-VF}!B<=*d;qZotJPqYceXqC;#>o;S&1k;6a*dO-JJ?a9JYlDfqMWS
zm(RdT#x_1n>Ln+HQ-ePDLnpa+<wpo-XnW#XpAsLVhsUT=3}kSPve;HXl=i7`^U8Zc
zN6ain*-y<y(>}7Q$bO%Gv(EvK;Vy5pp<9PV+zCr=AHf)M{YT6|B@oNM%ln?fq-A9%
zC95QOF+wSQ>y5<nO%;<Hu`Vzvf}caK))JgYaRR)Gw53<ohw7x#8@>aO?~kcBKsOV9
z$G$1_fF?#SM5wMt>bWWg9A9=4%)W|gn5{D_wefop#HO#LfwO2hR?4+NiVfFXU;ob<
zFkxISIw>pV%;2gl?(?@Qj-01UOVt~MH~70SAB<H_ebiZ}SpU&vGhVxS$}YQzH=>=r
cR5-hYBCIjtZxsHHIEic<i_rZB^SQ#i?W1%G{{R30

literal 0
HcmV?d00001

diff --git a/mongodb/tasks/main.yml b/mongodb/tasks/main.yml
index a054a5fd..1d238b00 100644
--- a/mongodb/tasks/main.yml
+++ b/mongodb/tasks/main.yml
@@ -12,4 +12,7 @@
   when: ansible_distribution_release == "stretch"
 
 - include: main_buster.yml
-  when: ansible_distribution_major_version is version('10', '>=')
+  when: ansible_distribution_release == "buster"
+
+- include: main_bullseye.yml
+  when: ansible_distribution_major_version is version('11', '>=')
diff --git a/mongodb/tasks/main_bullseye.yml b/mongodb/tasks/main_bullseye.yml
new file mode 100644
index 00000000..03094278
--- /dev/null
+++ b/mongodb/tasks/main_bullseye.yml
@@ -0,0 +1,80 @@
+---
+
+# https://wiki.debian.org/DebianRepository/UseThirdParty
+- name: Add MongoDB GPG key for version 4.4
+  copy:
+    src: server-4.4.gpg
+    dest: /usr/share/keyrings/mongodb-server-4.4.gpg
+    force: yes
+
+- name: enable APT sources list
+  apt_repository:
+    repo: deb [signed-by=/usr/share/keyrings/mongodb-server-4.4.gpg] http://repo.mongodb.org/apt/debian buster/mongodb-org/4.4 main
+    state: present
+    filename: mongodb-org-4.4
+    update_cache: yes
+
+- name: Install packages
+  apt:
+    name: mongodb-org
+    update_cache: yes
+    state: present
+  register: _mongodb_install_package
+
+- name: MongoDB service in enabled and started
+  systemd:
+    name: mongod
+    enabled: yes
+    state: started
+  when: _mongodb_install_package.changed
+
+- name: install dependency for monitoring
+  apt:
+    name: python-pymongo
+    state: present
+
+- name: Custom configuration
+  template:
+    src: mongodb_bullseye.conf.j2
+    dest: "/etc/mongod.conf"
+    force: "{{ mongodb_force_config | bool | ternary('yes', 'no') }}"
+  notify: restart mongod
+
+- name: Configure logrotate
+  template:
+    src: logrotate_bullseye.j2
+    dest: /etc/logrotate.d/mongodb
+    force: yes
+    backup: no
+
+- name: Munin plugins are present
+  copy:
+    src: "munin/{{ item }}"
+    dest: '/usr/local/share/munin/plugins/{{ item }}'
+    force: yes
+  with_items:
+    - mongo_btree
+    - mongo_collections
+    - mongo_conn
+    - mongo_docs
+    - mongo_lock
+    - mongo_mem
+    - mongo_ops
+    - mongo_page_faults
+  notify: restart munin-node
+
+- name: Enable core Munin plugins
+  file:
+    src: '/usr/local/share/munin/plugins/{{ item }}'
+    dest: /etc/munin/plugins/{{ item }}
+    state: link
+  with_items:
+    - mongo_btree
+    - mongo_collections
+    - mongo_conn
+    - mongo_docs
+    - mongo_lock
+    - mongo_mem
+    - mongo_ops
+    - mongo_page_faults
+  notify: restart munin-node
diff --git a/mongodb/templates/logrotate_bullseye.j2 b/mongodb/templates/logrotate_bullseye.j2
new file mode 100644
index 00000000..8239e880
--- /dev/null
+++ b/mongodb/templates/logrotate_bullseye.j2
@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+
+/var/log/mongodb/mongod.log {
+    daily
+    missingok
+    rotate 365
+    dateext
+    compress
+    delaycompress
+    notifempty
+    sharedscripts
+    postrotate
+       pidof mongod | xargs kill -USR1
+    endscript
+}
diff --git a/mongodb/templates/mongodb_bullseye.conf.j2 b/mongodb/templates/mongodb_bullseye.conf.j2
new file mode 100644
index 00000000..b61479bd
--- /dev/null
+++ b/mongodb/templates/mongodb_bullseye.conf.j2
@@ -0,0 +1,39 @@
+# mongodb.conf - {{ ansible_managed }}
+
+# for documentation of all options, see:
+#   http://docs.mongodb.org/manual/reference/configuration-options/
+
+# Where and how to store data.
+storage:
+  dbPath: /var/lib/mongodb
+  journal:
+    enabled: true
+#  engine:
+#  mmapv1:
+#  wiredTiger:
+
+# where to write logging data.
+systemLog:
+  destination: file
+  logRotate: reopen
+  logAppend: true
+  path: /var/log/mongodb/mongodb.log
+
+# network interfaces
+net:
+  port: {{ mongodb_port }}
+  bindIp: {{ mongodb_bind }}
+
+#security:
+
+#operationProfiling:
+
+#replication:
+
+#sharding:
+
+## Enterprise-Only Options:
+
+#auditLog:
+
+#snmp:
diff --git a/php/handlers/main.yml b/php/handlers/main.yml
index 1aade6c1..973c0069 100644
--- a/php/handlers/main.yml
+++ b/php/handlers/main.yml
@@ -14,3 +14,8 @@
   service:
     name: php7.3-fpm
     state: restarted
+
+- name: restart php7.4-fpm
+  service:
+    name: php7.4-fpm
+    state: restarted
diff --git a/php/tasks/main.yml b/php/tasks/main.yml
index e9687e67..5cf46bec 100644
--- a/php/tasks/main.yml
+++ b/php/tasks/main.yml
@@ -12,3 +12,6 @@
 
 - include: main_buster.yml
   when: ansible_distribution_release == "buster"
+
+- include: main_bullseye.yml
+  when: ansible_distribution_release == "bullseye"
diff --git a/php/tasks/main_bullseye.yml b/php/tasks/main_bullseye.yml
new file mode 100644
index 00000000..7584305d
--- /dev/null
+++ b/php/tasks/main_bullseye.yml
@@ -0,0 +1,97 @@
+---
+
+- name: "Set variables (Debian 10 or later)"
+  set_fact:
+    php_cli_defaults_ini_file: /etc/php/7.4/cli/conf.d/z-evolinux-defaults.ini
+    php_cli_custom_ini_file: /etc/php/7.4/cli/conf.d/zzz-evolinux-custom.ini
+    php_apache_defaults_ini_file: /etc/php/7.4/apache2/conf.d/z-evolinux-defaults.ini
+    php_apache_custom_ini_file: /etc/php/7.4/apache2/conf.d/zzz-evolinux-custom.ini
+    php_fpm_defaults_ini_file: /etc/php/7.4/fpm/conf.d/z-evolinux-defaults.ini
+    php_fpm_custom_ini_file: /etc/php/7.4/fpm/conf.d/zzz-evolinux-custom.ini
+    php_fpm_debian_default_pool_file: /etc/php/7.4/fpm/pool.d/www.conf
+    php_fpm_default_pool_file: /etc/php/7.4/fpm/pool.d/www-evolinux-defaults.conf
+    php_fpm_default_pool_custom_file: /etc/php/7.4/fpm/pool.d/www-evolinux-zcustom.conf
+    php_fpm_default_pool_socket: /var/run/php/php7.4-fpm.sock
+    php_fpm_service_name: php7.4-fpm
+
+# Packages
+
+- name: "Set package list (Debian 9 or later)"
+  set_fact:
+    php_stretch_packages:
+      - php-cli
+      - php-gd
+      - php-intl
+      - php-imap
+      - php-ldap
+      - php-mysql
+      # php-mcrypt is no longer packaged for PHP 7.2
+      - php-pgsql
+      - php-sqlite3
+      - php-gettext
+      - php-curl
+      - php-ssh2
+      - php-zip
+      - composer
+      - libphp-phpmailer
+
+- include: sury_pre.yml
+  when: php_sury_enable
+
+- name: "Install PHP packages (Debian 9 or later)"
+  apt:
+    name: '{{ php_stretch_packages }}'
+    state: present
+
+- name: "Install mod_php packages (Debian 9 or later)"
+  apt:
+    name:
+      - libapache2-mod-php
+      - php
+    state: present
+  when: php_apache_enable
+
+- name: "Install PHP FPM packages (Debian 9 or later)"
+  apt:
+    name:
+      - php-fpm
+      - php
+    state: present
+  when: php_fpm_enable
+
+# Configuration
+
+- name: Enforce permissions on PHP directory
+  file:
+    dest: "{{ item }}"
+    mode: "0755"
+  with_items:
+    - /etc/php
+    - /etc/php/7.4
+
+- include: config_cli.yml
+- name: Enforce permissions on PHP cli directory
+  file:
+    dest: /etc/php/7.4/cli
+    mode: "0755"
+
+- include: config_fpm.yml
+  when: php_fpm_enable
+
+- name: Enforce permissions on PHP fpm directory
+  file:
+    dest: /etc/php/7.4/fpm
+    mode: "0755"
+  when: php_fpm_enable
+
+- include: config_apache.yml
+  when: php_apache_enable
+
+- name: Enforce permissions on PHP apache2 directory
+  file:
+    dest: /etc/php/7.4/apache2
+    mode: "0755"
+  when: php_apache_enable
+
+- include: sury_post.yml
+  when: php_sury_enable
diff --git a/postgresql/tasks/main.yml b/postgresql/tasks/main.yml
index fbe22989..1783a763 100644
--- a/postgresql/tasks/main.yml
+++ b/postgresql/tasks/main.yml
@@ -5,10 +5,10 @@
   when: ansible_distribution_release == "jessie"
 
 - include: packages_stretch.yml
-  when: ansible_distribution_major_version is version('9', '=')
+  when: ansible_distribution_release == "stretch"
 
 - include: packages_buster.yml
-  when: ansible_distribution_major_version is version('10', '=')
+  when: ansible_distribution_release == "buster"
 
 - include: packages_bullseye.yml
   when: ansible_distribution_major_version is version('11', '>=')
diff --git a/tomcat/tasks/packages.yml b/tomcat/tasks/packages.yml
index 900dffd0..9b7995cc 100644
--- a/tomcat/tasks/packages.yml
+++ b/tomcat/tasks/packages.yml
@@ -21,6 +21,13 @@
     - ansible_distribution_release == "buster"
     - tomcat_version is not defined
 
+- name: Set Tomcat version to 10 on Debian 11 if missing
+  set_fact:
+    tomcat_version: 10
+  when:
+    - ansible_distribution_release == "bullseye"
+    - tomcat_version is not defined
+
 - name: Install packages
   apt:
     name:
diff --git a/varnish/tasks/main.yml b/varnish/tasks/main.yml
index 95a720c8..75268841 100644
--- a/varnish/tasks/main.yml
+++ b/varnish/tasks/main.yml
@@ -52,6 +52,7 @@
     - config
     - update-config
 
+# TODO: verify if it's still necessary for Debian 11
 - name: Override Varnish systemd unit (Buster and later)
   template:
     src: varnish.conf.buster.j2