apt_repo: support keys that must be gpg --dearmor'ed

2 files changed, 6 insertions, 1 deletions

diff --git a/roles/apt_repo/defaults/main.yml b/roles/apt_repo/defaults/main.yml
index 6d09a7b..7394a29 100644
--- a/roles/apt_repo/defaults/main.yml
+++ b/roles/apt_repo/defaults/main.yml
@@ -1 +1,2 @@
 apt_repo_keys_dir: /etc/apt/keyrings
+apt_repo_key_dearmor: false
diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml
index b9baffd..3ad7642 100644
--- a/roles/apt_repo/tasks/main.yml
+++ b/roles/apt_repo/tasks/main.yml
@@ -9,7 +9,11 @@
 
     - name: Set key path
       ansible.builtin.set_fact:
-        key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}.asc'
+        # For some reason, if the key is in a weird format that requires
+        # running `gpg --dearmor`, you must save it with the .gpg extension
+        # instead of .asc. You can then completely skip the gpg step. Source:
+        # https://stackoverflow.com/q/71585303/514684
+        key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
 
     - name: 'Add key: {{ apt_repo_name }}'
       ansible.builtin.get_url: