From d7a1a146ddba81ebeadc68f60ba8f7be04692ade Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Fri, 24 May 2019 17:26:15 +0300
Subject: [PATCH] Updates and fixes for buster.

---
 installbox.yml                                |  8 +++--
 roles/installbox2kiosk/tasks/main.yml         |  3 +-
 .../tftp-netboot-installer/handlers/main.yml  |  9 +++++
 roles/tftp-netboot-installer/tasks/main.yml   | 35 +++----------------
 roles/transparent-squid/tasks/main.yml        |  1 -
 roles/two-interface-shorewall/tasks/main.yml  |  7 ----
 6 files changed, 21 insertions(+), 42 deletions(-)

diff --git a/installbox.yml b/installbox.yml
index 02782dd..8d8667c 100644
--- a/installbox.yml
+++ b/installbox.yml
@@ -12,9 +12,11 @@
     ipaddr_lan: 192.168.0.10
     dhcp_range: 192.168.0.50,192.168.0.150,2h
     tftp_root: "/var/lib/tftpboot"
-    deb_mirror: "ftp.debian.org"
-    di_dist: "stretch"
-    repo_dir: "/home/ansible/kiosk"
+    deb_mirror: "deb.debian.org"
+    di_dist: "buster"
+    di_pkg: debian-installer-10-netboot-amd64
+    ansible_user: ansible
+    repo_dir: "/home/{{ ansible_user }}/kiosk"
 
   pre_tasks:
     - name: validate if interface is available
diff --git a/roles/installbox2kiosk/tasks/main.yml b/roles/installbox2kiosk/tasks/main.yml
index fb2c515..c2fe199 100644
--- a/roles/installbox2kiosk/tasks/main.yml
+++ b/roles/installbox2kiosk/tasks/main.yml
@@ -14,6 +14,7 @@
     sshpubkey: "{{ sshpubkey['content'] | b64decode | replace('\n', '') }}"
 
 - name: set debian mirror in preseed file
+  when: deb_mirror != "deb.debian.org"
   replace:
     dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
     regexp: '^(d-i mirror/http/hostname string deb.debian.org)$'
@@ -31,7 +32,7 @@
     regexp: '^(tasksel tasksel/first multiselect standard, ssh-server)$'
     replace: '#\1\ntasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server'
 
-- name: preseed client - add firmware-linux, ansible/stretch-backports, git
+- name: preseed client - add firmware-linux, ansible and git
   replace:
     dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
     regexp: '^(d-i pkgsel/include string firmware-linux)$'
diff --git a/roles/tftp-netboot-installer/handlers/main.yml b/roles/tftp-netboot-installer/handlers/main.yml
index 4cc836c..75ce256 100644
--- a/roles/tftp-netboot-installer/handlers/main.yml
+++ b/roles/tftp-netboot-installer/handlers/main.yml
@@ -1,3 +1,12 @@
+- name: bind mount images
+  mount:
+    path: "{{ tftp_root }}/d-i/n-pkg/"
+    src: /usr/lib/debian-installer/
+    fstype: none
+    state: mounted
+    opts: bind
+  listen: bind mount images
+
 - name: rebuild di-netboot-assistant menu
   command: "{{ item }}"
   with_items:
diff --git a/roles/tftp-netboot-installer/tasks/main.yml b/roles/tftp-netboot-installer/tasks/main.yml
index aac8c29..31df608 100644
--- a/roles/tftp-netboot-installer/tasks/main.yml
+++ b/roles/tftp-netboot-installer/tasks/main.yml
@@ -1,36 +1,11 @@
-- name: add stretch-backports
-  apt_repository:
-    repo: deb http://deb.debian.org/debian/ stretch-backports main
-    state: present
-
-- name: install di-netboot-assistant from backports
+- name: install di-netboot-assistant and installer package
   apt:
     name:
       - di-netboot-assistant
-    default_release: stretch-backports
-    update_cache: yes
-
-- name: add installer package
-  apt:
-    name:
-      - debian-installer-9-netboot-amd64
-
-- name: bind mount images
-  mount:
-    path: "{{ tftp_root }}/d-i/n-pkg/"
-    src: /usr/lib/debian-installer/
-    fstype: none
-    opts: bind
-#    state: mounted   BEGINN WORKAROUND
-    state: present
-  register: fstab
-
-- file: path="{{ tftp_root }}/d-i/n-pkg/" state=directory recurse=yes
-
-- name: Reload fstab
-  command: mount -a
-  when: fstab.changed
-# https://github.com/ansible/ansible/issues/23487 END WORKAROUND
+      - "{{ di_pkg }}"
+  notify:
+    - bind mount images
+    - rebuild di-netboot-assistant menu
 
 - name: configure dnsmasq
   template:
diff --git a/roles/transparent-squid/tasks/main.yml b/roles/transparent-squid/tasks/main.yml
index 581acc9..f4a046e 100644
--- a/roles/transparent-squid/tasks/main.yml
+++ b/roles/transparent-squid/tasks/main.yml
@@ -9,7 +9,6 @@
     line: "{{ item.line }}"
     insertafter: "{{ item.insertafter }}"
   with_items:
-    - { line: "acl localnet src 192.168.0.0/16", insertafter: "#acl localnet src 192.168.0.0/16" }
     - { line: "http_access allow localnet", insertafter: "#http_access allow localnet" }
     - { line: "http_port 3129 intercept", insertafter: "http_port 3128" }
     - { line: "maximum_object_size_in_memory 10240 KB", insertafter: "# maximum_object_size_in_memory" }
diff --git a/roles/two-interface-shorewall/tasks/main.yml b/roles/two-interface-shorewall/tasks/main.yml
index 30db436..e92f99c 100644
--- a/roles/two-interface-shorewall/tasks/main.yml
+++ b/roles/two-interface-shorewall/tasks/main.yml
@@ -71,10 +71,3 @@
     replace: '\1all\2'
     backup: yes
   notify: restart shorewall
-
-- name: enable shorewall in /etc/defaults/shorewall
-  replace:
-    dest: /etc/default/shorewall
-    regexp: 'startup=0'
-    replace: 'startup=1'
-  notify: restart shorewall