From 3fb144d02fbfaeb88e1da174320a85e78e4203d1 Mon Sep 17 00:00:00 2001
From: Beta <roberto@numerica.cl>
Date: Thu, 11 Dec 2025 22:32:10 -0300
Subject: [PATCH 1/6] fix: limpiar repositorios Docker antiguos antes de
 configurar deb822
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Soluciona conflicto APT causado por configuraciones de repositorio Docker
duplicadas con valores Signed-By contradictorios. Ahora se eliminan los
archivos de repositorio antiguos antes de agregar la configuración deb822.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 roles/althost/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/althost/tasks/main.yml b/roles/althost/tasks/main.yml
index a01a0e5..cbfa824 100644
--- a/roles/althost/tasks/main.yml
+++ b/roles/althost/tasks/main.yml
@@ -24,6 +24,14 @@
           dest: /etc/apt/keyrings/docker.asc
           mode: '0644'
 
+      - name: remove old docker repository files to avoid conflicts
+        file:
+          path: "{{ item }}"
+          state: absent
+        loop:
+          - /etc/apt/sources.list.d/docker.list
+          - /etc/apt/sources.list.d/download_docker_com_linux_debian.list
+
       - name: add docker repository with deb822 format
         deb822_repository:
           name: docker
-- 
2.49.0


From 11ec613ae930e62df4711f1e18b88a3b1672a51f Mon Sep 17 00:00:00 2001
From: Beta <roberto@numerica.cl>
Date: Fri, 12 Dec 2025 11:09:48 -0300
Subject: [PATCH 2/6] fix: mover limpieza de repos Docker fuera del bloque
 installation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

La limpieza de repositorios Docker antiguos debe ejecutarse SIEMPRE,
incluso cuando se usa --skip-tags=installation, para evitar conflictos
APT antes de que knsupdate u otros roles intenten usar apt.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 roles/althost/tasks/main.yml | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/roles/althost/tasks/main.yml b/roles/althost/tasks/main.yml
index cbfa824..822a7d4 100644
--- a/roles/althost/tasks/main.yml
+++ b/roles/althost/tasks/main.yml
@@ -1,6 +1,16 @@
     # DOCKER CE this is specific for Debian
     # https://docs.docker.com/install/linux/docker-ce/debian/
     # Soporta Debian 12 (bookworm) y Debian 13 (trixie)
+
+    # Clean up conflicting Docker repositories first (always runs, even with --skip-tags=installation)
+    - name: remove old docker repository files to avoid APT conflicts
+      file:
+        path: "{{ item }}"
+        state: absent
+      loop:
+        - /etc/apt/sources.list.d/docker.list
+        - /etc/apt/sources.list.d/download_docker_com_linux_debian.list
+
     - block:
       - name: "unattended upgrades"
         apt:
@@ -24,14 +34,6 @@
           dest: /etc/apt/keyrings/docker.asc
           mode: '0644'
 
-      - name: remove old docker repository files to avoid conflicts
-        file:
-          path: "{{ item }}"
-          state: absent
-        loop:
-          - /etc/apt/sources.list.d/docker.list
-          - /etc/apt/sources.list.d/download_docker_com_linux_debian.list
-
       - name: add docker repository with deb822 format
         deb822_repository:
           name: docker
-- 
2.49.0


From b31a9abcad0619a86baab9c9ea1df6e0c60026cd Mon Sep 17 00:00:00 2001
From: Beta <roberto@numerica.cl>
Date: Fri, 12 Dec 2025 11:35:23 -0300
Subject: [PATCH 3/6] =?UTF-8?q?fix:=20forzar=20conversi=C3=B3n=20a=20bool?=
 =?UTF-8?q?=20en=20condicionales=20de=20certbot?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ansible requiere que las condicionales resulten en booleanos.
Agregado filtro | bool para convertir explícitamente strings a booleanos
en las evaluaciones de needs_cert, needs_vhost y obtain_cert.
---
 roles/certbot/tasks/certbot.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/certbot/tasks/certbot.yml b/roles/certbot/tasks/certbot.yml
index 8b49fa7..4a88539 100644
--- a/roles/certbot/tasks/certbot.yml
+++ b/roles/certbot/tasks/certbot.yml
@@ -10,9 +10,9 @@
       register: vhost_stat
 
     - set_fact:
-        needs_cert: (loop.ssl | default(domains_default_ssl) ) or (loop.force_https | default(domains_default_force_https))
-        needs_vhost: needs_cert and not vhost_stat.stat.exists
-        obtain_cert: needs_cert and not ssl_cert.stat.exists
+        needs_cert: ((loop.ssl | default(domains_default_ssl) | bool) or (loop.force_https | default(domains_default_force_https) | bool))
+        needs_vhost: ((needs_cert | bool) and not vhost_stat.stat.exists)
+        obtain_cert: ((needs_cert | bool) and not ssl_cert.stat.exists)
 
     - name: certificate obtention
       block:
-- 
2.49.0


From 08a3e563d4dae1f4a8808baaa4faf6ca1329eb1e Mon Sep 17 00:00:00 2001
From: Beta <roberto@numerica.cl>
Date: Fri, 12 Dec 2025 12:42:50 -0300
Subject: [PATCH 4/6] fix: envolver expresiones booleanas en templates Jinja2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Aplicar | bool al resultado final de cada expresión y envolver
en sintaxis {{ }} para forzar evaluación correcta como booleanos.
---
 roles/certbot/tasks/certbot.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/certbot/tasks/certbot.yml b/roles/certbot/tasks/certbot.yml
index 4a88539..7414970 100644
--- a/roles/certbot/tasks/certbot.yml
+++ b/roles/certbot/tasks/certbot.yml
@@ -10,9 +10,9 @@
       register: vhost_stat
 
     - set_fact:
-        needs_cert: ((loop.ssl | default(domains_default_ssl) | bool) or (loop.force_https | default(domains_default_force_https) | bool))
-        needs_vhost: ((needs_cert | bool) and not vhost_stat.stat.exists)
-        obtain_cert: ((needs_cert | bool) and not ssl_cert.stat.exists)
+        needs_cert: "{{ ((loop.ssl | default(domains_default_ssl) | bool) or (loop.force_https | default(domains_default_force_https) | bool)) | bool }}"
+        needs_vhost: "{{ ((needs_cert | bool) and not vhost_stat.stat.exists) | bool }}"
+        obtain_cert: "{{ ((needs_cert | bool) and not ssl_cert.stat.exists) | bool }}"
 
     - name: certificate obtention
       block:
-- 
2.49.0


From 54b24af0b5871b640ea548cf11b59fbaee7e959d Mon Sep 17 00:00:00 2001
From: Beta <roberto@numerica.cl>
Date: Fri, 12 Dec 2025 13:34:49 -0300
Subject: [PATCH 5/6] fix: aplicar | bool en when clause de obtain_cert

---
 roles/certbot/tasks/certbot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/certbot/tasks/certbot.yml b/roles/certbot/tasks/certbot.yml
index 7414970..faa5a20 100644
--- a/roles/certbot/tasks/certbot.yml
+++ b/roles/certbot/tasks/certbot.yml
@@ -36,7 +36,7 @@
             - reload proxy
           register: cert_result
 
-      when: obtain_cert
+      when: obtain_cert | bool
 
     # RESET
     - set_fact:
-- 
2.49.0


From ad118402f71fb73bfe196ba536a834e8a8e2a51e Mon Sep 17 00:00:00 2001
From: Beta <roberto@numerica.cl>
Date: Fri, 12 Dec 2025 13:42:05 -0300
Subject: [PATCH 6/6] fix: separar set_fact para compatibilidad con Ansible
 2.15+
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

En Ansible 2.15+ las variables en el mismo set_fact se evalúan
simultáneamente, no secuencialmente. Separar needs_cert en su propio
set_fact antes de usarlo en needs_vhost y obtain_cert.
---
 roles/certbot/tasks/certbot.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/roles/certbot/tasks/certbot.yml b/roles/certbot/tasks/certbot.yml
index faa5a20..8ef5339 100644
--- a/roles/certbot/tasks/certbot.yml
+++ b/roles/certbot/tasks/certbot.yml
@@ -11,8 +11,10 @@
 
     - set_fact:
         needs_cert: "{{ ((loop.ssl | default(domains_default_ssl) | bool) or (loop.force_https | default(domains_default_force_https) | bool)) | bool }}"
-        needs_vhost: "{{ ((needs_cert | bool) and not vhost_stat.stat.exists) | bool }}"
-        obtain_cert: "{{ ((needs_cert | bool) and not ssl_cert.stat.exists) | bool }}"
+
+    - set_fact:
+        needs_vhost: "{{ (needs_cert | bool and not vhost_stat.stat.exists) | bool }}"
+        obtain_cert: "{{ (needs_cert | bool and not ssl_cert.stat.exists) | bool }}"
 
     - name: certificate obtention
       block:
-- 
2.49.0