Merge branch 'bullseye' into 'master'

Bullseye Compatibility See merge request !14

Merge branch 'bullseye' into 'master'
Bullseye Compatibility See merge request !14
799c5a45 · Lars Beckers · 7d2896cc · eaf74d42 · 799c5a45 · 799c5a45
Commit 799c5a45 authored May 06, 2021 by Lars Beckers
--- a/cdn/tasks/main.yml
+++ b/cdn/tasks/main.yml
@@ -2,7 +2,7 @@

 - name: include debian version specific vars
  include_vars:
-    file: "{{debian_version|default('fallback')}}.yml"
+    file: "{{ ansible_distribution_release }}.yml"

 - name: install commonly used web libraries
  apt:

--- a/cdn/vars/fallback.yml
+++ b/cdn/vars/fallback.yml
 ---

 cdn_packages:
-  - libjs-jquery
  - libjs-bootstrap
+  - libjs-bootstrap4
+  - libjs-chart.js
+  - libjs-jquery
  - libjs-jquery-datatables
  - libjs-jquery-ui
--- a/php-fpm/tasks/main.yml
+++ b/php-fpm/tasks/main.yml
 ---

 - name: include debian version specific vars
-  include_vars: "{{ debian_version }}.yml"
+  include_vars: "{{ ansible_distribution_release }}.yml"

 - name: ensure php-fpm is installed
  apt:

--- a/php-fpm/vars/bullseye.yml
+++ b/php-fpm/vars/bullseye.yml
+---
+php_fpm_pkgs: ["php-fpm"]
+php_version: "7.4"
--- a/php-fpm/vars/jessie.yml
+++ b/php-fpm/vars/jessie.yml
---
-php_fpm_pkgs: ["php-fpm5", "php5"]
--- a/uwsgi-python/tasks/apps/pgadmin4.yml
+++ b/uwsgi-python/tasks/apps/pgadmin4.yml
@@ -13,7 +13,7 @@
 - name: Enable Postgres APT repository
  apt_repository:
    # yamllint disable-line rule:line-length
-    repo: "deb https://apt.postgresql.org/pub/repos/apt/ {{ debian_version }}-pgdg main"
+    repo: "deb https://apt.postgresql.org/pub/repos/apt/ {{ ansible_distribution_release }}-pgdg main"

 - name: Debconf pgadmin4
  debconf:
@@ -35,7 +35,7 @@
  apt:
    name: python3-flaskext.wtf
    default_release: stretch-pgdg
-  when: debian_version == "stretch"
+  when: ansible_distribution_release == "stretch"

 - name: Fix directory permissions
  file:

--- a/uwsgi-python/templates/uwsgi.ini.j2
+++ b/uwsgi-python/templates/uwsgi.ini.j2
@@ -44,10 +44,12 @@ log-x-forwarded-for =
 {% if app_python_version == 2 %}
 plugin = python27
 {% elif app_python_version == 3 %}
-{% if debian_version == "stretch" %}
+{% if ansible_distribution_release == "stretch" %}
 plugin = python35
-{% elif debian_version == "buster" %}
+{% elif ansible_distribution_release == "buster" %}
 plugin = python37
+{% elif ansible_distribution_release == "bullseye" %}
+plugin = python39
 {% endif %}
 {% endif %}
 {% if app_venv != '' %}

--- a/uwsgi-python/templates/uwsgi@.service.j2
+++ b/uwsgi-python/templates/uwsgi@.service.j2
@@ -8,7 +8,9 @@ ExecReload=/bin/kill -HUP $MAINPID
 ExecStop=/bin/kill -INT $MAINPID
 Restart=always
 Type=notify
+{% if ansible_distribution_major_version|int(default=99) < 11 %}
 StandardError=syslog
+{% endif %}
 NotifyAccess=all
 KillSignal=SIGQUIT
 SuccessExitStatus=15 17 29 30

--- a/webserver/tasks/main.yml
+++ b/webserver/tasks/main.yml
@@ -3,7 +3,7 @@

 - name: include debian version specific configuration
  include_vars:
-    file: "{{debian_version|default('fallback')}}.yml"
+    file: "{{ ansible_distribution_release }}.yml"
  tags:
    - nginx
    - webservices

--- a/webserver/vars/bullseye.yml
+++ b/webserver/vars/bullseye.yml
+---
+# yamllint disable rule:line-length
+
+protocols:
+  modern: 'TLSv1.3'
+  intermediate: 'TLSv1.2 TLSv1.3'
+ciphers:
+  modern: null
+  intermediate: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+prefer_server_ciphers:
+  modern: false
+  intermediate: false
--- a/webserver/vars/fallback.yml
+++ b/webserver/vars/fallback.yml
---
-# yamllint disable rule:line-length
-
-protocols:
-  modern: 'TLSv1.2'
-  intermediate: 'TLSv1 TLSv1.1 TLSv1.2'
-ciphers:
-  modern: 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256'
-  intermediate: 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'
-prefer_server_ciphers:
-  modern: false
-  intermediate: true