Linuxfabrik
diff --git a/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎roles/acme_sh/tasks/main.yml‎
Lines changed: 2 additions & 0 deletions b/‎roles/acme_sh/tasks/main.yml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎roles/apache_httpd/tasks/confs.yml‎
Lines changed: 1 addition & 0 deletions b/‎roles/apache_httpd/tasks/confs.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎roles/apache_httpd/tasks/main.yml‎
Lines changed: 1 addition & 0 deletions b/‎roles/apache_httpd/tasks/main.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎roles/apache_httpd/tasks/matomo.yml‎
Lines changed: 1 addition & 0 deletions b/‎roles/apache_httpd/tasks/matomo.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎roles/apache_httpd/tasks/mods.yml‎
Lines changed: 1 addition & 0 deletions b/‎roles/apache_httpd/tasks/mods.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎roles/apache_httpd/tasks/vhosts.yml‎
Lines changed: 1 addition & 0 deletions b/‎roles/apache_httpd/tasks/vhosts.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎roles/apache_solr/tasks/main.yml‎
Lines changed: 4 additions & 0 deletions b/‎roles/apache_solr/tasks/main.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎roles/apache_tomcat/tasks/main.yml‎
Lines changed: 10 additions & 0 deletions b/‎roles/apache_tomcat/tasks/main.yml‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎roles/audit/tasks/main.yml‎
Lines changed: 1 addition & 0 deletions b/‎roles/audit/tasks/main.yml‎
Lines changed: 1 addition & 0 deletions
@@ -54,6 +54,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
+* **roles**: Add `backup: true` to all `ansible.builtin.template` tasks to ensure config file backups before overwriting
 * **role:nextcloud**: Refactor `nextcloud-update.j2`
 * **role:keycloak**: Rework `keycloak.conf` template to match Keycloak's default config structure
 * **role:apache_httpd**: bump Core Rule Set to 4.24.1
 
@@ -29,6 +29,7 @@
 
   - name: 'Deploy /etc/systemd/system/acme-sh.service'
     ansible.builtin.template:
+      backup: true
       src: 'etc/systemd/system/acme-sh.service.j2'
       dest: '/etc/systemd/system/acme-sh.service'
       owner: 'root'
@@ -37,6 +38,7 @@
 
   - name: 'Deploy /etc/systemd/system/acme-sh.timer'
     ansible.builtin.template:
+      backup: true
       src: 'etc/systemd/system/acme-sh.timer.j2'
       dest: '/etc/systemd/system/acme-sh.timer'
       owner: 'root'
 
@@ -25,6 +25,7 @@
 
 - name: 'Create conf-available configs'
   ansible.builtin.template:
+    backup: true
     src: 'etc/httpd/conf-available/{{ item["template"]}}.conf.j2'
     dest: '{{ apache_httpd__config_path }}/{{ apache_httpd__config_prefix }}conf-available/{{ item["filename"] }}.conf'
     owner: 'root'
 
@@ -82,6 +82,7 @@
 
   - name: 'Create or update global Apache configuration {{ apache_httpd__config_file }}'
     ansible.builtin.template:
+      backup: true
       src: 'etc/httpd/conf/httpd.conf.j2'
       dest: '{{ apache_httpd__config_file }}'
       owner: 'root'
 
@@ -1,5 +1,6 @@
 - name: 'Deploy Matomo Log Analytics Python Script to /usr/local/sbin/import_logs.py'
   ansible.builtin.template:
+    backup: true
     src: 'usr/local/sbin/import_logs.py.j2'
     dest: '/usr/local/sbin/import_logs.py'
     owner: '{{ apache_httpd__user }}'
 
@@ -25,6 +25,7 @@
 
 - name: 'Create mods-available configs'
   ansible.builtin.template:
+    backup: true
     src: 'etc/httpd/mods-available/{{ item["template"] | d(item["filename"]) }}.conf.j2'
     dest: '{{ apache_httpd__config_path }}/{{ apache_httpd__config_prefix }}mods-available/{{ item["filename"] }}.conf'
     owner: 'root'
 
@@ -47,6 +47,7 @@
 
 - name: 'Create sites-available vHosts'
   ansible.builtin.template:
+    backup: true
     src: 'etc/httpd/sites-available/{{ item["template"] }}.conf.j2'
     dest: '{{ apache_httpd__config_path }}/{{ apache_httpd__config_prefix }}sites-available/{{ item["filename"] | d(item["conf_server_name"] ~ "." ~ (item["virtualhost_port"] | d(443))) }}.conf'
     owner: 'root'
 
@@ -77,12 +77,14 @@
 
   - name: 'Deploy {{ apache_solr__install_dir }}/solr/bin/solr.in.sh'
     ansible.builtin.template:
+      backup: true
       src: 'opt/solr/bin/solr.in.sh.j2'
       dest: '{{ apache_solr__install_dir }}/solr/bin/solr.in.sh'
     notify: 'apache_solr: restart solr.service'
 
   - name: 'Deploy {{ apache_solr__log4j_props }}'
     ansible.builtin.template:
+      backup: true
       src: 'var/solr/log4j.xml.j2'
       dest: '{{ apache_solr__log4j_props }}'
     notify: 'apache_solr: restart solr.service'
@@ -138,6 +140,7 @@
 
   - name: 'Deploy /etc/systemd/system/solr.service'
     ansible.builtin.template:
+      backup: true
       src: 'etc/systemd/system/solr.service.j2'
       dest: '/etc/systemd/system/solr.service'
       owner: 'root'
@@ -185,6 +188,7 @@
 
   - name: 'Deploy {{ apache_solr__var_dir }}/security.json'
     ansible.builtin.template:
+      backup: true
       src: 'var/solr/security.json.j2'
       dest: '{{ apache_solr__var_dir }}/security.json'
     notify: 'apache_solr: restart solr.service'
 
@@ -52,6 +52,7 @@
 
   - name: 'Deploy /etc/tomcat/server.xml'
     ansible.builtin.template:
+      backup: true
       src: 'etc/tomcat/{{ tomcat__installed_version }}-server.xml.j2'
       dest: '/etc/tomcat/server.xml'
       owner: 'root'
@@ -61,6 +62,7 @@
 
   - name: 'Copy tomcat config /etc/sysconfig'
     ansible.builtin.template:
+      backup: true
       src: 'etc/sysconfig/{{ tomcat__installed_version }}-tomcat.j2'
       dest: '/etc/sysconfig/tomcat'
       owner: 'root'
@@ -69,6 +71,7 @@
 
   - name: 'Deploy /etc/tomcat/context.xml'
     ansible.builtin.template:
+      backup: true
       src: 'etc/tomcat/{{ tomcat__installed_version }}-context.xml.j2'
       dest: '/etc/tomcat/context.xml'
       owner: 'root'
@@ -78,6 +81,7 @@
 
   - name: 'Deploy /etc/tomcat/logging.properties'
     ansible.builtin.template:
+      backup: true
       src: 'etc/tomcat/{{ tomcat__installed_version }}-logging.properties.j2'
       dest: '/etc/tomcat/logging.properties'
       owner: 'root'
@@ -87,6 +91,7 @@
 
   - name: 'Copy tomcat logrotate template to /etc/logrotate.d'
     ansible.builtin.template:
+      backup: true
       src: 'etc/logrotate.d/tomcat.j2'
       dest: '/etc/logrotate.d/tomcat'
       owner: 'root'
@@ -104,6 +109,7 @@
 
   - name: 'Deploy /var/lib/tomcat/webapps/docs/META-INF/context.xml'
     ansible.builtin.template:
+      backup: true
       src: 'var/lib/tomcat/webapps/docs/META-INF/context.xml.j2'
       dest: '/var/lib/tomcat/webapps/docs/META-INF/context.xml'
       owner: 'root'
@@ -115,6 +121,7 @@
 
   - name: 'Deploy /var/lib/tomcat/webapps/host-manager/META-INF/context.xml'
     ansible.builtin.template:
+      backup: true
       src: 'var/lib/tomcat/webapps/host-manager/META-INF/context.xml.j2'
       dest: '/var/lib/tomcat/webapps/host-manager/META-INF/context.xml'
       owner: 'root'
@@ -126,6 +133,7 @@
 
   - name: 'Deploy /var/lib/tomcat/webapps/manager/META-INF/context.xml'
     ansible.builtin.template:
+      backup: true
       src: 'var/lib/tomcat/webapps/manager/META-INF/context.xml.j2'
       dest: '/var/lib/tomcat/webapps/manager/META-INF/context.xml'
       owner: 'root'
@@ -137,6 +145,7 @@
 
   - name: 'Deploy /var/lib/tomcat/webapps/manager/WEB-INF/web.xml'
     ansible.builtin.template:
+      backup: true
       src: 'var/lib/tomcat/webapps/manager/WEB-INF/web.xml.j2'
       dest: '/var/lib/tomcat/webapps/manager/WEB-INF/web.xml'
       owner: 'root'
@@ -159,6 +168,7 @@
 
   - name: 'Deploy /etc/tomcat/tomcat-users.xml'
     ansible.builtin.template:
+      backup: true
       src: 'etc/tomcat/{{ tomcat__installed_version }}-tomcat-users.xml.j2'
       dest: '/etc/tomcat/tomcat-users.xml'
       owner: 'root'
 
@@ -9,6 +9,7 @@
 
   - name: 'Deploy /etc/audit/auditd.conf'
     ansible.builtin.template:
+      backup: true
       src: 'etc/audit/auditd.conf.j2'
       dest: '/etc/audit/auditd.conf'
       owner: 'root'