- name: Set up repository
  become: true
  block:
    - name: Create keys directory
      ansible.builtin.file:
        path: '{{ apt_repo_keys_dir }}'
        mode: '755'
        state: directory

    - name: Set key path
      ansible.builtin.set_fact:
        # For some reason, if the key is in a weird format that requires
        # running `gpg --dearmor`, you must save it with the .gpg extension
        # instead of .asc. You can then completely skip the gpg step. Source:
        # https://stackoverflow.com/q/71585303/514684
        key_path: '{{ apt_repo_keys_dir }}/{{ apt_repo_name }}{{ apt_repo_key_dearmor | ternary(".gpg", ".asc") }}'

    - name: 'Add key: {{ apt_repo_name }}'
      ansible.builtin.get_url:
        url: '{{ apt_repo_key_url }}'
        dest: '{{ key_path }}'
        mode: '644'

    - name: Get host distribution
      ansible.builtin.setup:
        gather_subset: [distribution_release]

    - name: 'Add repository: {{ apt_repo_name }}'
      ansible.builtin.apt_repository:
        repo: 'deb [signed-by={{ key_path }}] {{ apt_repo_url }} {{ apt_repo_distro | default(ansible_distribution_release) }} {{ apt_repo_component | default("main") }}'
        filename: '{{ apt_repo_name }}'