From f56478fa1a90d5fff172ff80562daa8a6dfaa6d3 Mon Sep 17 00:00:00 2001
From: Egor Tensin <Egor.Tensin@gmail.com>
Date: Mon, 4 Sep 2023 13:02:08 +0200
Subject: fix task names, small refactoring, etc.

---
 roles/apt/tasks/unattended_upgrades.yml |  6 +--
 roles/apt_repo/tasks/main.yml           | 72 +++++++++++++++------------------
 roles/apt_repo/templates/repo.list.j2   |  2 +-
 roles/apt_repo/vars/main.yml            |  5 +++
 roles/my_workspace/tasks/project.yml    |  2 +-
 5 files changed, 43 insertions(+), 44 deletions(-)
 create mode 100644 roles/apt_repo/vars/main.yml

diff --git a/roles/apt/tasks/unattended_upgrades.yml b/roles/apt/tasks/unattended_upgrades.yml
index e9fdd05..938c903 100644
--- a/roles/apt/tasks/unattended_upgrades.yml
+++ b/roles/apt/tasks/unattended_upgrades.yml
@@ -5,7 +5,7 @@
     state: present
     install_recommends: false
 
-- name: 50unattended-upgrades
+- name: Configure 50unattended-upgrades
   become: true
   ansible.builtin.template:
     src: 50unattended-upgrades.j2
@@ -17,13 +17,13 @@
 # https://wiki.debian.org/UnattendedUpgrades says that 20auto-upgrades and
 # 02periodic are _alternatives_ (and, presumably, not mechanisms that can be
 # used together).
-- name: 20auto-upgrades
+- name: Configure 20auto-upgrades
   become: true
   ansible.builtin.file:
     path: /etc/apt/apt.conf.d/20auto-upgrades
     state: absent
 
-- name: 02periodic
+- name: Configure 02periodic
   become: true
   ansible.builtin.template:
     src: 02periodic.j2
diff --git a/roles/apt_repo/tasks/main.yml b/roles/apt_repo/tasks/main.yml
index ef34bf5..21df05d 100644
--- a/roles/apt_repo/tasks/main.yml
+++ b/roles/apt_repo/tasks/main.yml
@@ -1,44 +1,38 @@
-- name: Set up repository
+- name: Create keys directory
   become: true
-  vars:
-    # For some reason, if the key is in a weird format that requires
-    # running `gpg --dearmor`, you must save it with the .gpg extension
-    # instead of .asc. You can then completely skip the gpg step. Source:
-    # https://stackoverflow.com/q/71585303/514684
-    key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
-  block:
-    - name: Create keys directory
-      ansible.builtin.file:
-        path: '{{ apt_repo_keys_dir }}'
-        state: directory
-        owner: root
-        group: root
-        mode: '755'
+  ansible.builtin.file:
+    path: '{{ apt_repo_keys_dir }}'
+    state: directory
+    owner: root
+    group: root
+    mode: '755'
 
-    - name: 'Add key: {{ apt_repo_name }}'
-      ansible.builtin.get_url:
-        url: '{{ apt_repo_key_url }}'
-        dest: '{{ key_path }}'
-        owner: root
-        group: root
-        mode: '644'
-      notify: apt_repo_update
+- name: 'Add key: {{ apt_repo_name }}'
+  become: true
+  ansible.builtin.get_url:
+    url: '{{ apt_repo_key_url }}'
+    dest: '{{ apt_repo_key_path }}'
+    owner: root
+    group: root
+    mode: '644'
+  notify: apt_repo_update
 
-    - name: Get host distro
-      ansible.builtin.setup:
-        gather_subset: [distribution_release]
+- name: Get host distro
+  ansible.builtin.setup:
+    gather_subset: [distribution_release]
 
-    # Not using the apt_repository module, since it _adds_ a new repository
-    # in the .list file. That way, we can end up with an invalid repository
-    # line.
-    - name: 'Add repository: {{ apt_repo_name }}'
-      ansible.builtin.template:
-        src: repo.list.j2
-        dest: '/etc/apt/sources.list.d/{{ apt_repo_name }}.list'
-        owner: root
-        group: root
-        mode: '644'
-      notify: apt_repo_update
+# Not using the apt_repository module, since it _adds_ a new repository
+# in the .list file. That way, we can end up with an invalid repository
+# line.
+- name: 'Add repository: {{ apt_repo_name }}'
+  become: true
+  ansible.builtin.template:
+    src: repo.list.j2
+    dest: '/etc/apt/sources.list.d/{{ apt_repo_name }}.list'
+    owner: root
+    group: root
+    mode: '644'
+  notify: apt_repo_update
 
-    - name: Refresh apt repositories if necessary
-      ansible.builtin.meta: flush_handlers
+- name: Refresh apt repositories if necessary
+  ansible.builtin.meta: flush_handlers
diff --git a/roles/apt_repo/templates/repo.list.j2 b/roles/apt_repo/templates/repo.list.j2
index ffb100c..d7c8138 100644
--- a/roles/apt_repo/templates/repo.list.j2
+++ b/roles/apt_repo/templates/repo.list.j2
@@ -1,3 +1,3 @@
 {{ ansible_managed | comment }}
 
-deb [signed-by={{ key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component }}
+deb [signed-by={{ apt_repo_key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component }}
diff --git a/roles/apt_repo/vars/main.yml b/roles/apt_repo/vars/main.yml
new file mode 100644
index 0000000..4265d4b
--- /dev/null
+++ b/roles/apt_repo/vars/main.yml
@@ -0,0 +1,5 @@
+# For some reason, if the key is in a weird format that requires
+# running `gpg --dearmor`, you must save it with the .gpg extension
+# instead of .asc. You can then completely skip the gpg step. Source:
+# https://stackoverflow.com/q/71585303/514684
+apt_repo_key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'
diff --git a/roles/my_workspace/tasks/project.yml b/roles/my_workspace/tasks/project.yml
index 02ca422..cd21ddb 100644
--- a/roles/my_workspace/tasks/project.yml
+++ b/roles/my_workspace/tasks/project.yml
@@ -4,7 +4,7 @@
     project_name: "{{ project.name | default(project_url | urlsplit('path') | basename | regex_replace('\\.git$', '')) }}"
     project_dir: '{{ my_workspace_dir }}/{{ project_name }}'
   block:
-    - name: 'Update repository: {{ project_name }}'
+    - name: Update repository
       ansible.builtin.git: # noqa: latest
         repo: '{{ project_url }}'
         dest: '{{ project_dir }}'
-- 
cgit v1.2.3