Updates and fixes for buster.

installbox.yml

@@ -12,9 +12,11 @@
     ipaddr_lan: 192.168.0.10
     dhcp_range: 192.168.0.50,192.168.0.150,2h
     tftp_root: "/var/lib/tftpboot"
-    deb_mirror: "ftp.debian.org"
+    deb_mirror: "deb.debian.org"
-    di_dist: "stretch"
+    di_dist: "buster"
-    repo_dir: "/home/ansible/kiosk"
+    di_pkg: debian-installer-10-netboot-amd64
+    ansible_user: ansible
+    repo_dir: "/home/{{ ansible_user }}/kiosk"
 
   pre_tasks:
     - name: validate if interface is available

roles/installbox2kiosk/tasks/main.yml

@@ -14,6 +14,7 @@
     sshpubkey: "{{ sshpubkey['content'] | b64decode | replace('\n', '') }}"
 
 - name: set debian mirror in preseed file
+  when: deb_mirror != "deb.debian.org"
   replace:
     dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
     regexp: '^(d-i mirror/http/hostname string deb.debian.org)$'
@@ -31,7 +32,7 @@
     regexp: '^(tasksel tasksel/first multiselect standard, ssh-server)$'
     replace: '#\1\ntasksel tasksel/first multiselect standard, ssh-server, gnome-desktop, print-server'
 
-- name: preseed client - add firmware-linux, ansible/stretch-backports, git
+- name: preseed client - add firmware-linux, ansible and git
   replace:
     dest: "{{ tftp_root }}/d-i/{{ di_dist }}/preseed.cfg"
     regexp: '^(d-i pkgsel/include string firmware-linux)$'

roles/tftp-netboot-installer/handlers/main.yml

@@ -1,3 +1,12 @@
+- name: bind mount images
+  mount:
+    path: "{{ tftp_root }}/d-i/n-pkg/"
+    src: /usr/lib/debian-installer/
+    fstype: none
+    state: mounted
+    opts: bind
+  listen: bind mount images
+
 - name: rebuild di-netboot-assistant menu
   command: "{{ item }}"
   with_items:

roles/tftp-netboot-installer/tasks/main.yml

@@ -1,36 +1,11 @@
-- name: add stretch-backports
+- name: install di-netboot-assistant and installer package
-  apt_repository:
-    repo: deb http://deb.debian.org/debian/ stretch-backports main
-    state: present
-
-- name: install di-netboot-assistant from backports
   apt:
     name:
       - di-netboot-assistant
-    default_release: stretch-backports
+      - "{{ di_pkg }}"
-    update_cache: yes
+  notify:
-
+    - bind mount images
-- name: add installer package
+    - rebuild di-netboot-assistant menu
-  apt:
-    name:
-      - debian-installer-9-netboot-amd64
-
-- name: bind mount images
-  mount:
-    path: "{{ tftp_root }}/d-i/n-pkg/"
-    src: /usr/lib/debian-installer/
-    fstype: none
-    opts: bind
-#    state: mounted   BEGINN WORKAROUND
-    state: present
-  register: fstab
-
-- file: path="{{ tftp_root }}/d-i/n-pkg/" state=directory recurse=yes
-
-- name: Reload fstab
-  command: mount -a
-  when: fstab.changed
-# https://github.com/ansible/ansible/issues/23487 END WORKAROUND
 
 - name: configure dnsmasq
   template:

roles/transparent-squid/tasks/main.yml

@@ -9,7 +9,6 @@
     line: "{{ item.line }}"
     insertafter: "{{ item.insertafter }}"
   with_items:
-    - { line: "acl localnet src 192.168.0.0/16", insertafter: "#acl localnet src 192.168.0.0/16" }
     - { line: "http_access allow localnet", insertafter: "#http_access allow localnet" }
     - { line: "http_port 3129 intercept", insertafter: "http_port 3128" }
     - { line: "maximum_object_size_in_memory 10240 KB", insertafter: "# maximum_object_size_in_memory" }

roles/two-interface-shorewall/tasks/main.yml

@@ -71,10 +71,3 @@
     replace: '\1all\2'
     backup: yes
   notify: restart shorewall
-
-- name: enable shorewall in /etc/defaults/shorewall
-  replace:
-    dest: /etc/default/shorewall
-    regexp: 'startup=0'
-    replace: 'startup=1'
-  notify: restart shorewall