diff options
author | Egor Tensin <Egor.Tensin@gmail.com> | 2023-08-20 18:38:17 +0200 |
---|---|---|
committer | Egor Tensin <Egor.Tensin@gmail.com> | 2023-08-20 21:43:59 +0200 |
commit | 97b930c6edc7973497f469ae859fa2258cbea4d6 (patch) | |
tree | 822382f2275cc25cb7d6d280cc37a17d0c7e1214 /roles/apt | |
parent | v0.0.16 (diff) | |
download | infra-ansible-97b930c6edc7973497f469ae859fa2258cbea4d6.tar.gz infra-ansible-97b930c6edc7973497f469ae859fa2258cbea4d6.zip |
use variables instead facts mostly everywhere
set_fact is stupid; they persist through multiple role executions; for
example, you cannot do this:
set_fact:
foo: '{{ foo | default("bar") }}'
If somebody calls the role and defines foo, it will always be set to
that value forever, even for subsequent role calls.
Diffstat (limited to '')
-rw-r--r-- | roles/apt_repo/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/apt_repo/tasks/main.yml | 25 |
2 files changed, 12 insertions, 15 deletions
diff --git a/roles/apt_repo/defaults/main.yml b/roles/apt_repo/defaults/main.yml index 7394a29..f4755e5 100644 --- a/roles/apt_repo/defaults/main.yml +++ b/roles/apt_repo/defaults/main.yml @@ -1,2 +1,4 @@ apt_repo_keys_dir: /etc/apt/keyrings apt_repo_key_dearmor: false + +apt_repo_component: main diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml index 4c1d92f..bf9e3ea 100644 --- a/roles/apt_repo/tasks/main.yml +++ b/roles/apt_repo/tasks/main.yml @@ -1,5 +1,11 @@ - name: Set up repository become: true + vars: + # For some reason, if the key is in a weird format that requires + # running `gpg --dearmor`, you must save it with the .gpg extension + # instead of .asc. You can then completely skip the gpg step. Source: + # https://stackoverflow.com/q/71585303/514684 + apt_repo_key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}' block: - name: Create keys directory ansible.builtin.file: @@ -7,30 +13,19 @@ mode: '755' state: directory - - name: Set key path - ansible.builtin.set_fact: - # For some reason, if the key is in a weird format that requires - # running `gpg --dearmor`, you must save it with the .gpg extension - # instead of .asc. You can then completely skip the gpg step. Source: - # https://stackoverflow.com/q/71585303/514684 - key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}' - - name: 'Add key: {{ apt_repo_name }}' ansible.builtin.get_url: url: '{{ apt_repo_key_url }}' - dest: '{{ key_path }}' + dest: '{{ apt_repo_key_path }}' mode: '644' - name: Get host distro ansible.builtin.setup: gather_subset: [distribution_release] - - name: Set repository defaults - ansible.builtin.set_fact: - apt_repo_distro: '{{ apt_repo_distro | default(ansible_distribution_release) }}' - apt_repo_component: '{{ apt_repo_component | default("main") }}' - - name: 'Add repository: {{ apt_repo_name }}' ansible.builtin.apt_repository: - repo: 'deb [signed-by={{ key_path }}] {{ apt_repo_url }} {{ apt_repo_distro }} {{ apt_repo_component }}' + repo: 'deb [signed-by={{ apt_repo_key_path }}] {{ apt_repo_url }} {{ distro }} {{ apt_repo_component }}' filename: '{{ apt_repo_name }}' + vars: + distro: '{{ apt_repo_distro | default(ansible_distribution_release) }}' |