diff options
Diffstat (limited to '')
-rw-r--r-- | roles/apt_repo/tasks/main.yml | 72 | ||||
-rw-r--r-- | roles/apt_repo/templates/repo.list.j2 | 2 | ||||
-rw-r--r-- | roles/apt_repo/vars/main.yml | 5 |
3 files changed, 39 insertions, 40 deletions
diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml index ef34bf5..21df05d 100644 --- a/roles/apt_repo/tasks/main.yml +++ b/roles/apt_repo/tasks/main.yml @@ -1,44 +1,38 @@ -- name: Set up repository +- name: Create keys directory become: true - vars: - # For some reason, if the key is in a weird format that requires - # running `gpg --dearmor`, you must save it with the .gpg extension - # instead of .asc. You can then completely skip the gpg step. Source: - # https://stackoverflow.com/q/71585303/514684 - key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}' - block: - - name: Create keys directory - ansible.builtin.file: - path: '{{ apt_repo_keys_dir }}' - state: directory - owner: root - group: root - mode: '755' + ansible.builtin.file: + path: '{{ apt_repo_keys_dir }}' + state: directory + owner: root + group: root + mode: '755' - - name: 'Add key: {{ apt_repo_name }}' - ansible.builtin.get_url: - url: '{{ apt_repo_key_url }}' - dest: '{{ key_path }}' - owner: root - group: root - mode: '644' - notify: apt_repo_update +- name: 'Add key: {{ apt_repo_name }}' + become: true + ansible.builtin.get_url: + url: '{{ apt_repo_key_url }}' + dest: '{{ apt_repo_key_path }}' + owner: root + group: root + mode: '644' + notify: apt_repo_update - - name: Get host distro - ansible.builtin.setup: - gather_subset: [distribution_release] +- name: Get host distro + ansible.builtin.setup: + gather_subset: [distribution_release] - # Not using the apt_repository module, since it _adds_ a new repository - # in the .list file. That way, we can end up with an invalid repository - # line. - - name: 'Add repository: {{ apt_repo_name }}' - ansible.builtin.template: - src: repo.list.j2 - dest: '/etc/apt/sources.list.d/{{ apt_repo_name }}.list' - owner: root - group: root - mode: '644' - notify: apt_repo_update +# Not using the apt_repository module, since it _adds_ a new repository +# in the .list file. That way, we can end up with an invalid repository +# line. +- name: 'Add repository: {{ apt_repo_name }}' + become: true + ansible.builtin.template: + src: repo.list.j2 + dest: '/etc/apt/sources.list.d/{{ apt_repo_name }}.list' + owner: root + group: root + mode: '644' + notify: apt_repo_update - - name: Refresh apt repositories if necessary - ansible.builtin.meta: flush_handlers +- name: Refresh apt repositories if necessary + ansible.builtin.meta: flush_handlers diff --git a/roles/apt_repo/templates/repo.list.j2 b/roles/apt_repo/templates/repo.list.j2 index ffb100c..d7c8138 100644 --- a/roles/apt_repo/templates/repo.list.j2 +++ b/roles/apt_repo/templates/repo.list.j2 @@ -1,3 +1,3 @@ {{ ansible_managed | comment }} -deb [signed-by={{ key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component }} +deb [signed-by={{ apt_repo_key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component }} diff --git a/roles/apt_repo/vars/main.yml b/roles/apt_repo/vars/main.yml new file mode 100644 index 0000000..4265d4b --- /dev/null +++ b/roles/apt_repo/vars/main.yml @@ -0,0 +1,5 @@ +# For some reason, if the key is in a weird format that requires +# running `gpg --dearmor`, you must save it with the .gpg extension +# instead of .asc. You can then completely skip the gpg step. Source: +# https://stackoverflow.com/q/71585303/514684 +apt_repo_key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}' |