role(docker): dropping support for debian versions prior to 13/trixie

.gitignore

@@ -3,6 +3,7 @@
 ext_roles/*
 !ext_roles/.gitkeep
 test.yml
+.ansible/*
 
 # pyenv
 .venv/*

README.md

@@ -9,10 +9,13 @@
 
 this ansible collection primarily aims to provide common roles that i've been building
 for either my home or the wululu web network and systems.
+
 by publishing it i hope it can be useful for anyone looking for inspiration
 or even roles ready-to-go.
+
 please mind that everything in this collection mainly focuses debian as a server operating system.
 thus i will not add features specific to other operating systems unless i really need to.
+
 if you have any questions or suggestions feel free to get in touch with me.
 
 ## contents
@@ -23,7 +26,7 @@ if you have any questions or suggestions feel free to get in touch with me.
 * **docker** – a docker install role to install docker-ce engine [🠞README](roles/docker/README.md)
 
 ### playbooks
-* **test_connection.yml** – a playbook to test ansible and connectivity by running the `test` and the role 
+* **test_connection.yml** – a playbook to test ansible and connectivity by running ansible pings and the role `test`.
 
 ## usage
 to use a **playbook** provided with this collection you can use `import_playbook`:  

galaxy.yml

@@ -8,7 +8,7 @@ namespace: dede
 name: common
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 0.2.3
+version: 0.3.4
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

requirements-freeze.txt

@@ -1,30 +0,0 @@
-ansible==11.1.0
-ansible-compat==24.10.0
-ansible-core==2.18.1
-ansible-lint==24.12.2
-attrs==24.3.0
-black==24.10.0
-bracex==2.5.post1
-cffi==1.17.1
-click==8.1.8
-cryptography==44.0.0
-filelock==3.16.1
-importlib_metadata==8.5.0
-Jinja2==3.1.5
-jsonschema==4.23.0
-jsonschema-specifications==2024.10.1
-MarkupSafe==3.0.2
-mypy-extensions==1.0.0
-packaging==24.2
-pathspec==0.12.1
-platformdirs==4.3.6
-pycparser==2.22
-PyYAML==6.0.2
-referencing==0.35.1
-resolvelib==1.0.1
-rpds-py==0.22.3
-ruamel.yaml==0.18.6
-subprocess-tee==0.4.2
-wcmatch==10.0
-yamllint==1.35.1
-zipp==3.21.0

requirements-raw.txt

@@ -0,0 +1,2 @@
+ansible
+ansible-lint

requirements.txt

@@ -1,2 +1,33 @@
-ansible
-ansible-lint
+ansible==12.2.0
+ansible-compat==25.8.2
+ansible-core==2.19.4
+ansible-lint==25.9.2
+attrs==25.4.0
+black==25.9.0
+bracex==2.6
+cffi==2.0.0
+click==8.3.0
+cryptography==46.0.3
+distro==1.9.0
+filelock==3.20.0
+importlib_metadata==8.7.0
+Jinja2==3.1.6
+jsonschema==4.25.1
+jsonschema-specifications==2025.9.1
+MarkupSafe==3.0.3
+mypy_extensions==1.1.0
+packaging==25.0
+pathspec==0.12.1
+platformdirs==4.5.0
+pycparser==2.23
+pytokens==0.3.0
+PyYAML==6.0.3
+referencing==0.37.0
+resolvelib==1.2.1
+rpds-py==0.28.0
+ruamel.yaml==0.18.16
+ruamel.yaml.clib==0.2.14
+subprocess-tee==0.4.2
+wcmatch==10.1
+yamllint==1.37.1
+zipp==3.23.0

roles/apt_sources/defaults/main.yml

@@ -0,0 +1,8 @@
+---
+apt_sources_debian_repos_list: |
+  deb https://ftp-stud.hs-esslingen.de/debian/ bookworm main non-free-firmware
+  deb-src https://ftp-stud.hs-esslingen.de/debian/ bookworm main non-free-firmware
+  deb https://ftp-stud.hs-esslingen.de/debian-security/ bookworm-security main non-free-firmware
+  deb-src https://ftp-stud.hs-esslingen.de/debian-security/ bookworm-security main non-free-firmware
+  deb https://ftp-stud.hs-esslingen.de/debian/ bookworm-updates main non-free-firmware
+  deb-src https://ftp-stud.hs-esslingen.de/debian/ bookworm-updates main non-free-firmware

roles/apt_sources/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: update apt sources
+  listen: apt_sources_update
+  become: true
+  ansible.builtin.apt:
+    update_cache: true

roles/apt_sources/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: ensure custom repositories in apt sources
+  become: true
+  notify: apt_sources_update
+  ansible.builtin.copy:
+    dest: /etc/apt/sources.list.d/debian.list
+    mode: '0644'
+    owner: root
+    group: root
+    backup: true
+    content: |
+      #
+      # this file was modified by ansible on {{ ansible_date_time.iso8601 }}
+      #
+      {{ apt_sources_debian_repos_list }}
+
+- name: disable default apt repos
+  become: true
+  notify: apt_sources_update
+  register: apt_sources_disable
+  ansible.builtin.replace:
+    path: /etc/apt/sources.list
+    backup: true
+    regexp: '^(deb(?:\-src)?.*)$'
+    replace: '#\1'
+
+- name: ensure info comment in default sources file
+  become: true
+  when: apt_sources_disable is changed
+  ansible.builtin.lineinfile:
+    state: present
+    path: /etc/apt/sources.list
+    insertbefore: BOF
+    search_string: '# this file was modified by ansible on '
+    line: '# this file was modified by ansible on {{ ansible_date_time.iso8601 }}'

roles/docker/tasks/main.yml

@@ -9,6 +9,7 @@
       - docker-compose
       - podman-docker
       - containerd
+      - runc
 
 - name: install prerequisites
   become: true
@@ -49,9 +50,12 @@
     state: present
     filename: docker
     update_cache: true
-    repo: >
-      deb [arch={{ docker_arch.stdout }} signed-by=/etc/apt/keyrings/docker.asc]
-      https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable
+    repo: |
+      Types: deb
+      URIs: https://download.docker.com/linux/debian
+      Suites: {{ ansible_distribution_release }}
+      Components: stable
+      Signed-By: /etc/apt/keyrings/docker.asc
 
 - name: install docker + compose plugin and dependencies
   become: true

roles/locale_config/defaults/main.yml

@@ -1,3 +1,3 @@
 ---
-locale_config_locale: 'de_DE.UTF-8'
+locale_config_locale: 'en_US.UTF-8'
 locale_config_language: 'en_US.UTF-8'

roles/locale_config/tasks/main.yml

@@ -15,19 +15,24 @@
     name: "{{ locale_config_language }}"
 
 - name: get current locale and language configuration
-  register: locale_status
+  register: locale_config_status
   changed_when: false
   ignore_errors: true
+  check_mode: false
   ansible.builtin.command:
     cmd: localectl status
 
-- name: set fact
+- name: remember current LANG config
   ansible.builtin.set_fact:
-    locale_lang: "{{ locale_status.stdout | regex_search('LANG=([^\n]+)', '\\1') | first }}"
+    locale_config_current: "{{ locale_config_status.stdout | regex_search('LANG=([^\n]+)', '\\1') | first }}"
+
+- name: print current config
+  ansible.builtin.debug:
+    msg: "LANG={{ locale_config_current }}"
 
 - name: set locale to '{{ locale_config_locale }}'
   become: true
-  changed_when: locale_lang != locale_config_locale
+  changed_when: locale_config_current != locale_config_locale
   ansible.builtin.command:
     cmd: localectl set-locale LANG={{ locale_config_locale }}
 
@@ -35,6 +40,6 @@
   become: true
   changed_when: locale_language != locale_config_language
   vars:
-    locale_language: "{{ locale_status.stdout | regex_search('LANGUAGE=([^\n]+)', '\\1') | default([locale_lang], true) | first }}"
+    locale_language: "{{ locale_config_status.stdout | regex_search('LANGUAGE=([^\n]+)', '\\1') | default([locale_config_current], true) | first }}"
   ansible.builtin.command:
     cmd: localectl set-locale LANGUAGE={{ locale_config_language }}

roles/timesync_setup/defaults/main.yml

@@ -0,0 +1,7 @@
+---
+timesyncd_setup_timezone: Europe/Berlin
+timesyncd_setup_ntp_servers:
+  - rustime02.rus.uni-stuttgart.de
+  - ntp2.fau.de
+  - rustime01.rus.uni-stuttgart.de
+  - ntp1.fau.de

roles/timesync_setup/handlers/main.yml

@@ -0,0 +1,35 @@
+---
+# handlers file for systemd-timesyncd
+- name: reload ntp
+  become: true
+  listen: reload_ntp
+  ansible.builtin.shell:
+    timedatectl set-ntp false || true;
+    timedatectl set-ntp true || true;
+
+- name: reload timesyncd
+  become: true
+  listen: reload_timesyncd
+  ansible.builtin.service:
+    name: systemd-timesyncd
+    state: reloaded
+
+- name: restart timesyncd
+  become: true
+  listen: restart_timesyncd
+  ansible.builtin.service:
+    name: systemd-timesyncd
+    state: restarted
+
+- name: reconfigure timezone
+  become: true
+  listen: reconfigure_timezone
+  ansible.builtin.shell:
+    DEBIAN_FRONTEND=noninteractive \
+      dpkg-reconfigure --frontend noninteractive tzdata
+
+- name: sync rtc
+  become: true
+  listen: sync_rtc
+  ansible.builtin.command:
+    timedatectl set-local-rtc 0

roles/timesync_setup/tasks/main.yml

@@ -0,0 +1,65 @@
+---
+- name: set timezone in /etc/localtime
+  become: true
+  ansible.builtin.file:
+    src: /usr/share/zoneinfo/{{ timesyncd_setup_timezone }}
+    dest: /etc/localtime
+    state: link
+    force: true
+  notify:
+    - reconfigure_timezone
+    - reload_ntp
+
+- name: set timezone in /etc/timezone
+  become: true
+  ansible.builtin.lineinfile:
+    state: present
+    dest: /etc/timezone
+    regexp: '.*'
+    line: '{{ timesyncd_setup_timezone }}'
+    insertbefore: EOF
+    create: true
+    mode: '0644'
+  notify:
+    - reconfigure_timezone
+    - reload_ntp
+
+- name: set timezone via systemd
+  become: true
+  ansible.builtin.command:
+    timedatectl set-timezone {{ timesyncd_setup_timezone }}
+
+- name: set ntp config in /etc/systemd/timesyncd.conf
+  become: true
+  community.general.ini_file:
+    path: /etc/systemd/timesyncd.conf
+    section: Time
+    option: NTP
+    value: '{{ timesyncd_setup_ntp_servers | join(" ") }}'
+    backup: true
+  notify:
+    - reload_ntp
+    - restart_timesyncd
+    - sync_rtc
+
+- name: enable systemd-timesyncd unit
+  become: true
+  service:
+    name: systemd-timesyncd
+    enabled: true
+  notify:
+    - reload_ntp
+    - restart_timesyncd
+    - sync_rtc
+
+- name: flush handlers
+  ansible.builtin.meta: flush_handlers
+
+# - name: wait for timesyncd to synchronize
+#   ansible.builtin.command: systemctl status systemd-timesyncd
+#   retries: 60
+#   delay: 3
+#   register: task_result
+#   until:
+#     - task_result.rc == 0
+#     - task_result.stdout is search('[Ss]ynchroniz.* to time server')

scripts/setup.sh

@@ -41,13 +41,13 @@ create_virtualenv() {
 # function to install python requirements
 install_requirements() {
   check_command "pip"
-  echo -e "${BLUE}installing python requirements from requirements-freeze.txt...${NC}"
+  echo -e "${BLUE}installing python requirements from requirements.txt...${NC}"
   source $VENV_DIR/bin/activate
   pip install --upgrade pip
-  if [ -f "requirements-freeze.txt" ]; then
-    pip install -r requirements-freeze.txt
+  if [ -f "requirements.txt" ]; then
+    pip install -r requirements.txt
   else
-    echo -e "${YELLOW}requirements-freeze.txt not found. skipping python requirements installation.${NC}"
+    echo -e "${YELLOW}requirements.txt not found. skipping python requirements installation.${NC}"
   fi
   deactivate
 }