add owntracks and support debian bookworm

7 files changed, 38 insertions, 3 deletions

diff --git a/host_vars/owntracks.in.freya.cat.yml b/host_vars/owntracks.in.freya.cat.yml
new file mode 100644
index 0000000..85e0587
--- /dev/null
+++ b/host_vars/owntracks.in.freya.cat.yml
@@ -0,0 +1,7 @@
+net_address_suffix: 17
+
+# owntracks requires debian 12
+debian_version: 'bookworm'
+
+# owntracks quicksetup uses nginx
+disable_caddy: 'y'
diff --git a/inventory/hosts b/inventory/hosts
index 477b1bd..2acebb3 100644
--- a/inventory/hosts
+++ b/inventory/hosts
@@ -15,6 +15,7 @@ cron.in.freya.cat
 
 [debian]
 jenkins.in.freya.cat
+owntracks.in.freya.cat
 
 [all:vars]
 ansible_user=root
diff --git a/roles/common/files/sshd_config b/roles/common/files/sshd_config
index f2ec50e..4b0690a 100644
--- a/roles/common/files/sshd_config
+++ b/roles/common/files/sshd_config
@@ -9,7 +9,6 @@ GatewayPorts no
 X11Forwarding yes
 PrintMotd no
 AcceptEnv LANG LC_*
-Subsystem	sftp	internal-sftp
 
 Match Address 10.*
 	PasswordAuthentication yes
diff --git a/roles/common/tasks/caddy.yml b/roles/common/tasks/caddy.yml
index 026d9f0..3d2541e 100644
--- a/roles/common/tasks/caddy.yml
+++ b/roles/common/tasks/caddy.yml
@@ -37,7 +37,7 @@
 - name: Ensure Caddy log file exists
   file:
     path: /var/log/caddy.log
-    state: file
+    state: touch
     owner: caddy
     group: caddy
     mode: '0664'
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 131431a..3404666 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -9,4 +9,6 @@
 
 # services
 - import_tasks: caddy.yml
+  when: disable_caddy is not defined
 - import_tasks: ssh.yml
+  when: disable_ssh is not defined
diff --git a/roles/debian/tasks/sources.yml b/roles/debian/tasks/sources.yml
index b6457a5..813c3db 100644
--- a/roles/debian/tasks/sources.yml
+++ b/roles/debian/tasks/sources.yml
@@ -1,12 +1,27 @@
 # Setup Debian
 
-- name: Configure Debian APT repositories
+- name: Check for modern sources
+  stat:
+    path: /etc/apt/sources.list.d/debian.sources
+  register: modern
+
+- name: Configure Debian APT repositories (modern)
   template:
     src: debian.sources.j2
     dest: /etc/apt/sources.list.d/debian.sources
     owner: root
     group: root
     mode: '0644'
+  when: modern.stat.exists
+
+- name: Configure Debian APT repositories (legacy)
+  template:
+    src: sources.list.j2
+    dest: /etc/apt/sources.list
+    owner: root
+    group: root
+    mode: '0644'
+  when: not modern.stat.exists
 
 # Setup Adoptium
 
diff --git a/roles/debian/templates/sources.list.j2 b/roles/debian/templates/sources.list.j2
new file mode 100644
index 0000000..6654c4f
--- /dev/null
+++ b/roles/debian/templates/sources.list.j2
@@ -0,0 +1,11 @@
+# main
+deb http://deb.debian.org/debian/ {{ debian_version }} main non-free-firmware
+deb-src http://deb.debian.org/debian/ {{ debian_version }} main non-free-firmware
+
+# security
+deb http://security.debian.org/debian-security {{ debian_version }}-security main non-free-firmware
+deb-src http://security.debian.org/debian-security {{ debian_version }}-security main non-free-firmware
+
+# updates
+deb http://deb.debian.org/debian/ {{ debian_version }}-updates main non-free-firmware
+deb-src http://deb.debian.org/debian/ {{ debian_version }}-updates main non-free-firmware