From 14ea1f8bde5c7ef0d513330353a523f88f0c2d14 Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Mon, 9 Dec 2024 11:51:18 +0100
Subject: [PATCH 1/5] refs #8280 fix debian-qemu when condition

---
 playbooks/debian.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/debian.yml b/playbooks/debian.yml
index bbf97bb..1180f9d 100644
--- a/playbooks/debian.yml
+++ b/playbooks/debian.yml
@@ -15,4 +15,4 @@
   - name: Configure virtual machine
     import_role:
       name: debian-qemu
-    when: ansible_virtualization_type == 'kvm'
+    when: ansible_virtualization_role == 'guest' and ansible_virtualization_type == 'kvm'

From b4c2898b408a72639e61a5008a64ed21fa19285e Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Mon, 9 Dec 2024 11:54:50 +0100
Subject: [PATCH 2/5] refs #8280 autofs: don't restart nslcd

---
 roles/debian-qemu/handlers/main.yml | 4 ----
 roles/debian-qemu/tasks/autofs.yml  | 1 -
 2 files changed, 5 deletions(-)

diff --git a/roles/debian-qemu/handlers/main.yml b/roles/debian-qemu/handlers/main.yml
index 0079561..0bca163 100644
--- a/roles/debian-qemu/handlers/main.yml
+++ b/roles/debian-qemu/handlers/main.yml
@@ -1,7 +1,3 @@
-- name: restart-nslcd
-  service:
-    name: nslcd
-    state: restarted
 - name: restart-autofs
   service:
     name: autofs
diff --git a/roles/debian-qemu/tasks/autofs.yml b/roles/debian-qemu/tasks/autofs.yml
index b6688cf..cc7815a 100644
--- a/roles/debian-qemu/tasks/autofs.yml
+++ b/roles/debian-qemu/tasks/autofs.yml
@@ -11,7 +11,6 @@
   lineinfile:
     path: /etc/nsswitch.conf
     line: "automount:      files"
-  notify: restart-nslcd
 - name: Add file homes.autofs configured to autofs
   template:
     src: homes.autofs

From ffc7963fcad6574a1cbc9139cc505ec752fe600f Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Mon, 9 Dec 2024 12:33:01 +0100
Subject: [PATCH 3/5] refs #8280 root: passbolt uri minifix

---
 roles/debian-base/tasks/root.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/debian-base/tasks/root.yml b/roles/debian-base/tasks/root.yml
index eccf51d..9f3d548 100644
--- a/roles/debian-base/tasks/root.yml
+++ b/roles/debian-base/tasks/root.yml
@@ -26,7 +26,7 @@
             lookup(passbolt, inventory_hostname_short,
               username='root',
               password=root_password,
-              uri='ssh://'+hostname_fqdn
+              uri='ssh://'+hostname_fqdn+'/'
             )
           }}
       environment:

From 67f01fd74ca0466aae2df1b46f4945447888805a Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Tue, 10 Dec 2024 15:25:40 +0100
Subject: [PATCH 4/5] refs #8280 fix timesync conditions, move grub to qemu

---
 roles/debian-base/tasks/main.yml              |  2 -
 roles/debian-base/tasks/timesync.yml          | 51 ++++++++++---------
 .../tasks/grub_startup.yml                    |  0
 roles/debian-qemu/tasks/main.yml              |  2 +
 4 files changed, 30 insertions(+), 25 deletions(-)
 rename roles/{debian-base => debian-qemu}/tasks/grub_startup.yml (100%)

diff --git a/roles/debian-base/tasks/main.yml b/roles/debian-base/tasks/main.yml
index bbdc17a..dcd5f94 100644
--- a/roles/debian-base/tasks/main.yml
+++ b/roles/debian-base/tasks/main.yml
@@ -32,5 +32,3 @@
   tags: bacula
 - import_tasks: vn-repo.yml
   tags: vn-repo
-- import_tasks: grub_startup.yml
-  tags: grub_startup
diff --git a/roles/debian-base/tasks/timesync.yml b/roles/debian-base/tasks/timesync.yml
index 57974cf..57d45df 100644
--- a/roles/debian-base/tasks/timesync.yml
+++ b/roles/debian-base/tasks/timesync.yml
@@ -1,23 +1,28 @@
-- name: Ensure directory for timesyncd custom configuration exists
-  file:
-    path: /etc/systemd/timesyncd.conf.d/
-    state: directory
-    owner: root
-    group: root
-    mode: u=rwx,g=rx,o=rx
-- name: Configure NTP settings in /etc/systemd/timesyncd.conf.d/vn-ntp.conf
-  copy:
-    dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
-    content: |
-      [Time]
-      NTP={{ time_server }}
-      FallbackNTP={{ time_server_spain }}
-    owner: root
-    group: root
-    mode: u=rw,g=r,o=r
-  notify: restart systemd-timesyncd
-- name: Ensure systemd-timesyncd service is enabled and started
-  service:
-    name: systemd-timesyncd
-    enabled: yes
-    state: started
+- name: Getting service facts to check for timesyncd
+  service_facts:
+- when: "'systemd-timesyncd.service' in ansible_facts.services"
+  block:
+  - name: Ensure directory for timesyncd custom configuration exists
+    file:
+      path: /etc/systemd/timesyncd.conf.d/
+      state: directory
+      owner: root
+      group: root
+      mode: u=rwx,g=rx,o=rx
+  - name: Configure timesyncd service
+    copy:
+      dest: /etc/systemd/timesyncd.conf.d/vn-ntp.conf
+      content: |
+        [Time]
+        NTP={{ time_server }}
+        FallbackNTP={{ time_server_spain }}
+      owner: root
+      group: root
+      mode: u=rw,g=r,o=r
+    notify: restart systemd-timesyncd
+  - name: Ensure timesyncd service is enabled and started
+    when: "ansible_facts.services['systemd-timesyncd.service'].status == 'enabled'"
+    service:
+      name: systemd-timesyncd
+      enabled: yes
+      state: started
diff --git a/roles/debian-base/tasks/grub_startup.yml b/roles/debian-qemu/tasks/grub_startup.yml
similarity index 100%
rename from roles/debian-base/tasks/grub_startup.yml
rename to roles/debian-qemu/tasks/grub_startup.yml
diff --git a/roles/debian-qemu/tasks/main.yml b/roles/debian-qemu/tasks/main.yml
index bcb11ce..1b49a8d 100644
--- a/roles/debian-qemu/tasks/main.yml
+++ b/roles/debian-qemu/tasks/main.yml
@@ -6,3 +6,5 @@
   tags: autofs
 - import_tasks: blacklist.yml
   tags: blacklist
+- import_tasks: grub_startup.yml
+  tags: grub_startup

From e67b7663745b58346fa8e4f0a127cd46600f761b Mon Sep 17 00:00:00 2001
From: Juan Ferrer Toribio <juan@verdnatura.es>
Date: Wed, 18 Dec 2024 09:32:41 +0100
Subject: [PATCH 5/5] fix(debian): refs #8318 check por apparmor and postfix
 services

---
 roles/debian-base/tasks/relayhost.yml | 62 ++++++++++++++-------------
 roles/debian-host/tasks/apparmor.yml  | 28 ++++++------
 2 files changed, 49 insertions(+), 41 deletions(-)

diff --git a/roles/debian-base/tasks/relayhost.yml b/roles/debian-base/tasks/relayhost.yml
index dc04fe1..f912812 100644
--- a/roles/debian-base/tasks/relayhost.yml
+++ b/roles/debian-base/tasks/relayhost.yml
@@ -1,29 +1,33 @@
-- name: Install exim packages
-  apt:
-    name: exim4
-    state: present
-- name: Prepare exim configuration
-  blockinfile:
-    path: /etc/exim4/update-exim4.conf.conf
-    marker_begin: '--- BEGIN VN ---'
-    marker_end: '--- END VN ---'
-    marker: "# {mark}"
-    block: |
-      dc_eximconfig_configtype='satellite'
-      dc_other_hostnames='{{ ansible_fqdn }}'
-      dc_local_interfaces='127.0.0.1'
-      dc_readhost='{{ ansible_fqdn }}'
-      dc_smarthost='{{ smtp_server }}'
-      dc_hide_mailname='true'
-    state: present
-    create: yes
-    mode: u=rw,g=r,o=r
-  notify: update exim configuration
-  register: exim_config
-- name: Force execution of handlers immediately
-  meta: flush_handlers
-- name: Sending mail to verify relay host configuration works
-  shell: >
-    sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
-      | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
-  when: exim_config.changed
+- name: Getting service facts to check for postfix
+  service_facts:
+- when: "'postfix.service' not in ansible_facts.services"
+  block:
+  - name: Install exim packages
+    apt:
+      name: exim4
+      state: present
+  - name: Prepare exim configuration
+    blockinfile:
+      path: /etc/exim4/update-exim4.conf.conf
+      marker_begin: '--- BEGIN VN ---'
+      marker_end: '--- END VN ---'
+      marker: "# {mark}"
+      block: |
+        dc_eximconfig_configtype='satellite'
+        dc_other_hostnames='{{ ansible_fqdn }}'
+        dc_local_interfaces='127.0.0.1'
+        dc_readhost='{{ ansible_fqdn }}'
+        dc_smarthost='{{ smtp_server }}'
+        dc_hide_mailname='true'
+      state: present
+      create: yes
+      mode: u=rw,g=r,o=r
+    notify: update exim configuration
+    register: exim_config
+  - name: Force execution of handlers immediately
+    meta: flush_handlers
+  - name: Sending mail to verify relay host configuration works
+    shell: >
+      sleep 2; echo "If you see this message, relayhost on {{ ansible_fqdn }} has been configured correctly." \
+        | mailx -s "Relayhost test for {{ ansible_fqdn }}" "{{ sysadmin_mail }}"
+    when: exim_config.changed
diff --git a/roles/debian-host/tasks/apparmor.yml b/roles/debian-host/tasks/apparmor.yml
index a239254..887d95f 100644
--- a/roles/debian-host/tasks/apparmor.yml
+++ b/roles/debian-host/tasks/apparmor.yml
@@ -1,12 +1,16 @@
-- name: Stop AppArmor
-  systemd:
-    name: apparmor
-    state: stopped
-- name: Disable AppArmor service
-  systemd:
-    name: apparmor
-    enabled: no
-- name: Mask AppArmor service
-  systemd:
-    name: apparmor
-    masked: yes
\ No newline at end of file
+- name: Getting service facts to check for apparmor
+  service_facts:
+- when: "'apparmor.service' in ansible_facts.services"
+  block:
+  - name: Stop AppArmor
+    systemd:
+      name: apparmor
+      state: stopped
+  - name: Disable AppArmor service
+    systemd:
+      name: apparmor
+      enabled: no
+  - name: Mask AppArmor service
+    systemd:
+      name: apparmor
+      masked: yes
\ No newline at end of file