From 672629ade5b6190993c840e1dfa7e3e96e4b1fee Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Wed, 5 Apr 2023 13:42:58 +0200
Subject: debian/bookworm

---
 chaos-at-home/ch-testvm-prometheus.yml             |  12 ---
 files/common/keyrings/debian-bookworm.gpg          | Bin 0 -> 36853 bytes
 roles/apt-repo/base/defaults/main.yml              |  10 ++-
 .../templates/preseed_debian-bookworm.cfg.j2       |  96 +++++++++++++++++++++
 4 files changed, 104 insertions(+), 14 deletions(-)
 create mode 100644 files/common/keyrings/debian-bookworm.gpg
 create mode 100644 roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2

diff --git a/chaos-at-home/ch-testvm-prometheus.yml b/chaos-at-home/ch-testvm-prometheus.yml
index 2087cdb9..9a1191ad 100644
--- a/chaos-at-home/ch-testvm-prometheus.yml
+++ b/chaos-at-home/ch-testvm-prometheus.yml
@@ -7,15 +7,3 @@
   - role: core/sshd/base
   - role: core/zsh
   - role: core/ntp
-
-- name: Payload Setup
-  hosts: ch-testvm-prometheus
-  roles:
-  - role: apt-repo/spreadspace
-  - role: nginx/base
-  - role: monitoring/prometheus/ca
-  - role: monitoring/prometheus/server
-  - role: monitoring/prometheus/exporter
-  #- role: monitoring/prometheus/alertmanager
-  #- role: monitoring/grafana
-  - role: monitoring/landingpage
diff --git a/files/common/keyrings/debian-bookworm.gpg b/files/common/keyrings/debian-bookworm.gpg
new file mode 100644
index 00000000..23153bcc
Binary files /dev/null and b/files/common/keyrings/debian-bookworm.gpg differ
diff --git a/roles/apt-repo/base/defaults/main.yml b/roles/apt-repo/base/defaults/main.yml
index a5102fc4..37ff5e88 100644
--- a/roles/apt-repo/base/defaults/main.yml
+++ b/roles/apt-repo/base/defaults/main.yml
@@ -1,10 +1,16 @@
 ---
+_apt_repo_base_components_debian_:
+  until_bullseye:
+  - main
+  after_bullseye:
+  - main
+  - non-free-firmware
+
 apt_repo_base_components:
   ubuntu:
   - main
   - universe
-  debian:
-  - main
+  debian: "{{ ((ansible_distribution_major_version | int) <= 11) | ternary(_apt_repo_base_components_debian_.until_bullseye, _apt_repo_base_components_debian_.after_bullseye) }}"
   raspbian:
   - main
   - rpi
diff --git a/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2 b/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2
new file mode 100644
index 00000000..96c23d86
--- /dev/null
+++ b/roles/installer/debian/preseed/templates/preseed_debian-bookworm.cfg.j2
@@ -0,0 +1,96 @@
+#########################################################################
+#  ansible-generated preseed file for Debian bookworm based machines
+#########################################################################
+
+d-i debian-installer/language string {{ debian_preseed_language }}
+d-i debian-installer/country string {{ debian_preseed_country }}
+d-i debian-installer/locale string {{ debian_preseed_locales | first }}
+d-i localechooser/preferred-locale string {{ debian_preseed_locales | first }}
+d-i localechooser/supported-locales multiselect {{ debian_preseed_locales | join(', ') }}
+
+d-i keyboard-configuration/xkb-keymap select {{ debian_preseed_keyboard_layout }}
+d-i keyboard-configuration/layoutcode string {{ debian_preseed_keyboard_layout }}
+d-i keyboard-configuration/variantcode string {{ debian_preseed_keyboard_variant }}
+
+d-i hw-detect/load_firmware boolean false
+
+d-i netcfg/choose_interface select {{ install_interface | default(network.primary.name) }}
+{% if (install_dhcp | default(false)) %}
+d-i netcfg/disable_dhcp boolean false
+d-i netcfg/disable_autoconfig boolean false
+{% else %}
+d-i netcfg/disable_dhcp boolean true
+d-i netcfg/disable_autoconfig boolean true
+d-i netcfg/get_ipaddress string {{ network.primary.address | ansible.utils.ipaddr('address') }}
+d-i netcfg/get_netmask string {{ network.primary.address | ansible.utils.ipaddr('netmask') }}
+d-i netcfg/get_gateway string {{ network.primary.gateway }}
+d-i netcfg/get_nameservers string {{ network.nameservers | join(' ') }}
+d-i netcfg/confirm_static boolean true
+{% endif %}
+
+d-i netcfg/hostname string {{ host_name }}
+d-i netcfg/get_hostname string {{ host_name }}
+d-i netcfg/domain string {{ network.domain }}
+d-i netcfg/get_domain string {{ network.domain }}
+d-i netcfg/wireless_wep string
+
+
+d-i mirror/country string manual
+d-i mirror/http/hostname string {{ apt_repo_providers[apt_repo_provider].debian.host }}
+d-i mirror/http/directory string {{ apt_repo_providers[apt_repo_provider].debian.path }}
+d-i mirror/http/proxy string
+
+
+d-i passwd/make-user boolean false
+d-i passwd/root-password password this-very-very-secure-password-will-be-removed-by-latecommand
+d-i passwd/root-password-again password this-very-very-secure-password-will-be-removed-by-latecommand
+
+
+d-i clock-setup/utc boolean true
+d-i time/zone string {{ debian_preseed_timezone }}
+d-i clock-setup/ntp boolean false
+
+
+{% if not debian_preseed_manual_partitioning %}
+{% include 'partman_config.j2' %}
+{% endif %}
+
+
+{% if debian_preseed_kernel_image is defined %}
+d-i base-installer/kernel/image string {{ debian_preseed_kernel_image }}
+{% endif %}
+
+d-i base-installer/install-recommends boolean false
+d-i apt-setup/security_host string {{ apt_repo_providers[apt_repo_provider].debian_security.host }}
+d-i apt-setup/security_path string {{ apt_repo_providers[apt_repo_provider].debian_security.path }}
+
+tasksel tasksel/first multiselect {{ debian_preseed_install_tasks | join(', ') }}
+d-i pkgsel/include string openssh-server {{ python_basename }} {{ python_basename }}-apt
+d-i pkgsel/upgrade select safe-upgrade
+popularity-contest popularity-contest/participate boolean false
+
+d-i finish-install/reboot_in_progress note
+{% if debian_preseed_poweroff_when_done %}
+d-i debian-installer/exit/poweroff boolean true
+{% endif %}
+
+
+d-i preseed/late_command string \
+    lvremove -f {{ host_name }}/dummy; \
+    in-target bash -c "apt-get update -q && apt-get full-upgrade -y -q"; \
+    in-target bash -c "sed -e 's/^allow-hotplug/auto/' -i /etc/network/interfaces"; \
+{% if debian_preseed_force_net_ifnames_policy is defined %}
+    mkdir -p /target/etc/systemd/network; \
+    in-target bash -c "echo '[Match]' > /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo 'OriginalName=*' >> /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo '' >> /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo '[Link]' >> /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "echo 'NamePolicy={{ debian_preseed_force_net_ifnames_policy }}' >> /etc/systemd/network/90-namepolicy.link"; \
+    in-target bash -c "update-initramfs -u"; \
+{% endif %}
+    in-target bash -c "passwd -d root && passwd -l root"; \
+{% if ansible_port is defined %}
+    in-target bash -c "sed -e 's/^\(\s*#*\s*Port.*\)/Port {{ ansible_port }}/' -i /etc/ssh/sshd_config"; \
+{% endif %}
+    mkdir -p -m 0700 /target/root/.ssh; \
+    cp /authorized_keys /target/root/.ssh/
-- 
cgit v1.2.3