From de1096bee5be4e48d34accc70513e4523efd014b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Tue, 4 Nov 2025 17:35:11 +0100 Subject: [PATCH 1/3] Don't install software-properties-common We no longer need this package since we add the repository with Ansible's `apt_repository` module instead of using `add-apt-repository` since commit 0f3a1f28. The `apt_repository` module doesn't require this package [1]. Installing this package prevented us from upgrading to Debian Trixie, since it isn't available in that distribution. [1] https://docs.ansible.com/ansible/latest/collections/ansible/builtin/apt_repository_module.html#id3 --- roles/letsencrypt/tasks/main.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/roles/letsencrypt/tasks/main.yml b/roles/letsencrypt/tasks/main.yml index 4b65144..ebffff5 100644 --- a/roles/letsencrypt/tasks/main.yml +++ b/roles/letsencrypt/tasks/main.yml @@ -1,10 +1,6 @@ --- - when: domain is defined block: - - name: Install software-properties-common - apt: - name: software-properties-common - - name: Check python3-certbot-nginx is available command: apt-cache show python3-certbot-nginx ignore_errors: yes From 2d6e2f6b5794ba05ebf3fe296f6adf87c54c6d30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Tue, 4 Nov 2025 19:05:29 +0100 Subject: [PATCH 2/3] Add support for Debian Trixie We're still supporting Debian Bullseye because it'll be supported by Debian until August 2026. Note we need to use the `callback_result_format=yaml` option; we were getting an error on github actions with Debian Trixie: ``` [DEPRECATION WARNING]: community.general.yaml has been deprecated. The plugin has been superseded by the the option `result_format=yaml` in callback plugin ansible.builtin.default from ansible-core 2.13 onwards. This feature will be removed from collection 'community.general' version 13.0.0. Error: : Unexpected Exception, this is probably a bug: module 'ansible._internal._yaml._dumper' has no attribute 'SafeRepresenter' ``` The `result_format` option (which must be prefixed with `callback_` when used in the `ansible.cfg` file [1]) was introduced in ansible-core 2.13, released in May 2022. So we're using it instead and updating the requirements. The package `policykit-1` was been replaced by `polkitd` and `pkexec`. Ubuntu 22.04, Ubuntu 24.04 and Debian Bookworm support both cases. However, Debian Bullseye only supports `policykit-1` while Debian Trixie only supports the `polkitd` and `pkexec` combo. So we're adding a condition. We also need to explicitly install `gpg` since the Debian Trixie image on github actions doesn't include it by default, and we need it in order to install RVM. Finally, we're using an empty string for `rvm1_ruby_install_flags`, since the default empty value now results in an error due to a `None` argument being added to the command: ``` - name: Install rubies ^ column 3 failed: [localhost] (item=ruby-3.3.10) => ansible_loop_var: item changed: true cmd: - ~/.rvm/bin/rvm - install - ruby-3.3.10 - None delta: '0:00:00.337518' end: '2025-11-04 18:30:55.085785' item: ruby-3.3.10 msg: non-zero return code rc: 1 start: '2025-11-04 18:30:54.748267' stderr: 'Unrecognized command line argument: None' stderr_lines: stdout: Run `rvm help` to see usage information stdout_lines: ``` [1] https://docs.ansible.com/ansible/latest/collections/ansible/builtin/default_callback.html#parameter-result_format --- .github/workflows/debian.yml | 2 +- README.md | 3 ++- ansible.cfg | 3 +-- group_vars/all | 1 + roles/system/tasks/tools.yml | 19 +++++++++++++++++++ 5 files changed, 24 insertions(+), 4 deletions(-) diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml index 88d8b2c..a35ab71 100644 --- a/.github/workflows/debian.yml +++ b/.github/workflows/debian.yml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - image: ["debian:bullseye", "debian:bookworm"] + image: ["debian:bullseye", "debian:bookworm", "debian:trixie"] rails_env: [staging, production] container: image: ${{ matrix.image }} diff --git a/README.md b/README.md index 3ec1a0d..f3c53bc 100644 --- a/README.md +++ b/README.md @@ -29,6 +29,7 @@ A remote server with one of the supported distributions: - Ubuntu 24.04 x64 - Debian Bullseye x64 - Debian Bookworm x64 +- Debian Trixie x64 Access to a remote server via public ssh key without password. The default user is `deploy` but you can [use any user](#using-a-different-user-than-deploy) with sudo privileges. @@ -49,7 +50,7 @@ Python 3 installed in the remote server The following commands must be executed in your local machine -[Install Ansible >= 2.7](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) +[Install Ansible >= 6.x](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) (that is, ansible-core >= 2.13). Get the Ansible Playbook diff --git a/ansible.cfg b/ansible.cfg index 4a56408..935c60f 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,5 +1,4 @@ [defaults] -# Use the YAML callback plugin. -stdout_callback = yaml +callback_result_format=yaml allow_world_readable_tmpfiles = true interpreter_python = auto diff --git a/group_vars/all b/group_vars/all index 6252926..46281de 100644 --- a/group_vars/all +++ b/group_vars/all @@ -62,6 +62,7 @@ fnm_command: "export PATH=\"{{ fnm_dir }}/:$PATH\" && eval \"$(fnm env)\"" # RVM rvm_command: "source {{ home_dir }}/.rvm/scripts/rvm" rvm1_delete_ruby: False +rvm1_ruby_install_flags: "" # Errbit errbit: False diff --git a/roles/system/tasks/tools.yml b/roles/system/tasks/tools.yml index 1997236..f57e56d 100644 --- a/roles/system/tasks/tools.yml +++ b/roles/system/tasks/tools.yml @@ -10,6 +10,7 @@ - vim - htop - git-core + - gpg - wget - zlib1g-dev - libssl-dev @@ -24,4 +25,22 @@ - imagemagick - ruby-dev - shared-mime-info + +- name: Install policykit-1 + become: true + apt: + state: latest + update_cache: true + name: - policykit-1 + when: ansible_distribution_release in ["bullseye"] + +- name: Install polkitd and pkexec + become: true + apt: + state: latest + update_cache: true + name: + - polkitd + - pkexec + when: ansible_distribution_release not in ["bullseye"] From 44efd705a9a481da4d640862d28b5d6eabc9051b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javi=20Mart=C3=ADn?= Date: Thu, 13 Nov 2025 15:13:36 +0100 Subject: [PATCH 3/3] Avoid embedding templates in constant strings We were getting a warning when using the version of Ansible included in Debian Trixie: ``` TASK [user : Install SSH key] ***************************** [WARNING]: Jinja constant strings should not contain embedded templates. This feature will be disabled by default in ansible-core 2.23. Origin: roles/user/tasks/main.yml:32:10 30 authorized_key: 31 user: "{{ deploy_user }}" 32 key: "{{ lookup('file', '{{ ssh_public_key_path }}') }}" ^ column 10 Use inline expressions, for example: `msg: "{{ lookup('env', '{{ a_var }}') }}"` becomes `msg: "{{ lookup('env', a_var) }}"` ``` --- roles/user/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 220a9fa..75db6d9 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -29,4 +29,4 @@ - name: Install SSH key authorized_key: user: "{{ deploy_user }}" - key: "{{ lookup('file', '{{ ssh_public_key_path }}') }}" + key: "{{ lookup('file', ssh_public_key_path) }}"