aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/roles/apt
diff options
context:
space:
mode:
authorEgor Tensin <Egor.Tensin@gmail.com>2023-08-20 18:38:17 +0200
committerEgor Tensin <Egor.Tensin@gmail.com>2023-08-20 21:43:59 +0200
commit97b930c6edc7973497f469ae859fa2258cbea4d6 (patch)
tree822382f2275cc25cb7d6d280cc37a17d0c7e1214 /roles/apt
parentv0.0.16 (diff)
downloadinfra-ansible-97b930c6edc7973497f469ae859fa2258cbea4d6.tar.gz
infra-ansible-97b930c6edc7973497f469ae859fa2258cbea4d6.zip
use variables instead facts mostly everywhere
set_fact is stupid; they persist through multiple role executions; for example, you cannot do this: set_fact: foo: '{{ foo | default("bar") }}' If somebody calls the role and defines foo, it will always be set to that value forever, even for subsequent role calls.
Diffstat (limited to '')
-rw-r--r--roles/apt_repo/defaults/main.yml2
-rw-r--r--roles/apt_repo/tasks/main.yml25
2 files changed, 12 insertions, 15 deletions
diff --git a/roles/apt_repo/defaults/main.yml b/roles/apt_repo/defaults/main.yml
index 7394a29..f4755e5 100644
--- a/roles/apt_repo/defaults/main.yml
+++ b/roles/apt_repo/defaults/main.yml
@@ -1,2 +1,4 @@
apt_repo_keys_dir: /etc/apt/keyrings
apt_repo_key_dearmor: false
+
+apt_repo_component: main
diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml
index 4c1d92f..bf9e3ea 100644
--- a/roles/apt_repo/tasks/main.yml
+++ b/roles/apt_repo/tasks/main.yml
@@ -1,5 +1,11 @@
- name: Set up repository
become: true
+ vars:
+ # For some reason, if the key is in a weird format that requires
+ # running `gpg --dearmor`, you must save it with the .gpg extension
+ # instead of .asc. You can then completely skip the gpg step. Source:
+ # https://stackoverflow.com/q/71585303/514684
+ apt_repo_key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
block:
- name: Create keys directory
ansible.builtin.file:
@@ -7,30 +13,19 @@
mode: '755'
state: directory
- - name: Set key path
- ansible.builtin.set_fact:
- # For some reason, if the key is in a weird format that requires
- # running `gpg --dearmor`, you must save it with the .gpg extension
- # instead of .asc. You can then completely skip the gpg step. Source:
- # https://stackoverflow.com/q/71585303/514684
- key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
-
- name: 'Add key: {{ apt_repo_name }}'
ansible.builtin.get_url:
url: '{{ apt_repo_key_url }}'
- dest: '{{ key_path }}'
+ dest: '{{ apt_repo_key_path }}'
mode: '644'
- name: Get host distro
ansible.builtin.setup:
gather_subset: [distribution_release]
- - name: Set repository defaults
- ansible.builtin.set_fact:
- apt_repo_distro: '{{ apt_repo_distro | default(ansible_distribution_release) }}'
- apt_repo_component: '{{ apt_repo_component | default("main") }}'
-
- name: 'Add repository: {{ apt_repo_name }}'
ansible.builtin.apt_repository:
- repo: 'deb [signed-by={{ key_path }}] {{ apt_repo_url }} {{ apt_repo_distro }} {{ apt_repo_component }}'
+ repo: 'deb [signed-by={{ apt_repo_key_path }}] {{ apt_repo_url }} {{ distro }} {{ apt_repo_component }}'
filename: '{{ apt_repo_name }}'
+ vars:
+ distro: '{{ apt_repo_distro | default(ansible_distribution_release) }}'