From 13621d4d68f04cc23c49ef94e3fbefdf4fae28e5 Mon Sep 17 00:00:00 2001
From: Ties de Kock <ties@tiesdekock.nl>
Date: Tue, 28 Apr 2020 21:01:46 +0200
Subject: [PATCH] Use wireguard from buster-backports on debian if needed (#49)

* Changes wireguard apt repo to buster-backports

* Add repo only on buster or earlier

* No apt pin needed, backports has lower priority than main distribution

* Update CHANGELOG.md

Co-Authored-By: Robert Wimmer <2039811+githubixx@users.noreply.github.com>

* Clarify effects of updating on system state

Co-authored-by: Robert Wimmer <2039811+githubixx@users.noreply.github.com>
---
 CHANGELOG.md                                  | 19 +++++++++++++++
 .../etc/apt/preferences.d/limit-unstable      |  3 ---
 tasks/setup-debian.yml                        | 23 +++----------------
 3 files changed, 22 insertions(+), 23 deletions(-)
 delete mode 100644 files/debian/etc/apt/preferences.d/limit-unstable

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b0ac6ab..f75556b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,25 @@
 Changelog
 ---------
 
+**6.0.4**
+
+- Use the buster-backports repository on Debian Buster (or older), use package
+  standard repositories on sid/bullseye.
+
+  The role no longer adds the unstable _repo_ nor the _apt preference_ for that repo.
+  There is no need to clean the preference and unstable repository, since packages
+  from your release have a higher priority.
+
+  If you remove the apt preference (`/etc/apt/preferences.d/limit-unstable`)
+  updates from `unstable` are accepted by apt. This likely is not what you want
+  and may lead to an unstable state.
+
+  If you want to clean up:
+    * remove `/etc/apt/preferences.d/limit-unstable` and
+    * remove `deb http://deb.debian.org/debian/ unstable main` from `/etc/apt/sources.list.d/deb_debian_org_debian.list`.
+
+  The backports repository has a lower priority and does not need an apt preference.
+
 **6.0.3**
 
 - If `wg syncconf` command is not available do stop/start service instead of restart (contribution by @cristichiru)
diff --git a/files/debian/etc/apt/preferences.d/limit-unstable b/files/debian/etc/apt/preferences.d/limit-unstable
deleted file mode 100644
index 3350f2c..0000000
--- a/files/debian/etc/apt/preferences.d/limit-unstable
+++ /dev/null
@@ -1,3 +0,0 @@
-Package: *
-Pin: release a=unstable
-Pin-Priority: 90
diff --git a/tasks/setup-debian.yml b/tasks/setup-debian.yml
index 48a94dc..8669fae 100644
--- a/tasks/setup-debian.yml
+++ b/tasks/setup-debian.yml
@@ -1,32 +1,15 @@
 ---
-- name: Setup WireGuard preference
-  copy:
-    src: debian/etc/apt/preferences.d/limit-unstable
-    dest: /etc/apt/preferences.d/limit-unstable
-    owner: root
-    group: root
-    mode: 0644
-  tags:
-    - wg-install
-
 - name: Install GPG - required to add wireguard key
   apt:
     name: gnupg
     state: present
 
-- name: Add WireGuard key
-  apt_key:
-    keyserver: "keyserver.ubuntu.com"
-    id: "8B48AD6246925553"
-    state: present
-  tags:
-    - wg-install
-
-- name: Add WireGuard repository
+- name: Add WireGuard repository on buster or earlier
   apt_repository:
-    repo: "deb http://deb.debian.org/debian/ unstable main"
+    repo: "deb http://deb.debian.org/debian buster-backports main"
     state: present
     update_cache: yes
+  when: ansible_distribution_version | int <= 10
   tags:
     - wg-install