Add zrepl role
This commit is contained in:
1
roles/zrepl/defaults/main.yml
Normal file
1
roles/zrepl/defaults/main.yml
Normal file
@@ -0,0 +1 @@
|
|||||||
|
zrepl_pkg_hold: true
|
||||||
40
roles/zrepl/tasks/install.yml
Normal file
40
roles/zrepl/tasks/install.yml
Normal file
@@ -0,0 +1,40 @@
|
|||||||
|
- name: Download zrepl APT signing key
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: https://zrepl.cschwarz.com/apt/apt-key.asc
|
||||||
|
dest: /tmp/zrepl-apt-key.asc
|
||||||
|
mode: "600"
|
||||||
|
force: true
|
||||||
|
|
||||||
|
- name: Get fingerprint of downloaded key
|
||||||
|
ansible.builtin.shell: |
|
||||||
|
set -euo pipefail
|
||||||
|
gpg --with-colons --import-options show-only \
|
||||||
|
--import /tmp/zrepl-apt-key.asc | awk -F: '$1=="fpr"{print $10; exit}'
|
||||||
|
args:
|
||||||
|
executable: /bin/bash
|
||||||
|
changed_when: false
|
||||||
|
register: gpg_key_info
|
||||||
|
|
||||||
|
- name: Verify key fingerprint matches expected value
|
||||||
|
ansible.builtin.assert:
|
||||||
|
that: gpg_key_info.stdout == expected_fingerprint
|
||||||
|
vars:
|
||||||
|
expected_fingerprint: "E101418FD3D6FBCB9D65A62D708699FC5F2EBF16"
|
||||||
|
|
||||||
|
- name: Dearmor zrepl key into APT keyring
|
||||||
|
ansible.builtin.command:
|
||||||
|
cmd: >-
|
||||||
|
gpg --dearmor --yes --output /usr/share/keyrings/zrepl-archive-keyring.gpg
|
||||||
|
/tmp/zrepl-apt-key.asc
|
||||||
|
args:
|
||||||
|
creates: /usr/share/keyrings/zrepl-archive-keyring.gpg
|
||||||
|
|
||||||
|
- name: Add zrepl apt repository
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb [signed-by={{ zrepl_keyring_path }}] {{ zrepl_url }} {{ zrepl_suite }} main"
|
||||||
|
filename: zrepl
|
||||||
|
state: present
|
||||||
|
vars:
|
||||||
|
zrepl_keyring_path: /usr/share/keyrings/zrepl-archive-keyring.gpg
|
||||||
|
zrepl_url: "https://zrepl.cschwarz.com/apt/debian"
|
||||||
|
zrepl_suite: "{{ ansible_distribution_release }}"
|
||||||
24
roles/zrepl/tasks/main.yml
Normal file
24
roles/zrepl/tasks/main.yml
Normal file
@@ -0,0 +1,24 @@
|
|||||||
|
- name: Install GnuPG
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: gnupg
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
|
||||||
|
- name: Check if zrepl repo exists
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/apt/sources.list.d/zrepl.list
|
||||||
|
register: zrepl_repo_file
|
||||||
|
|
||||||
|
- name: Install zrepl repo
|
||||||
|
ansible.builtin.include_tasks: install.yml
|
||||||
|
when: not zrepl_repo_file.stat.exists
|
||||||
|
|
||||||
|
- name: Install zrepl
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: zrepl
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Set zrepl package hold state
|
||||||
|
ansible.builtin.dpkg_selections:
|
||||||
|
name: zrepl
|
||||||
|
selection: "{{ 'hold' if zrepl_pkg_hold else 'install' }}"
|
||||||
Reference in New Issue
Block a user