Add zrepl role
This commit is contained in:
1
roles/zrepl/defaults/main.yml
Normal file
1
roles/zrepl/defaults/main.yml
Normal file
@@ -0,0 +1 @@
|
||||
zrepl_pkg_hold: true
|
||||
40
roles/zrepl/tasks/install.yml
Normal file
40
roles/zrepl/tasks/install.yml
Normal file
@@ -0,0 +1,40 @@
|
||||
- name: Download zrepl APT signing key
|
||||
ansible.builtin.get_url:
|
||||
url: https://zrepl.cschwarz.com/apt/apt-key.asc
|
||||
dest: /tmp/zrepl-apt-key.asc
|
||||
mode: "600"
|
||||
force: true
|
||||
|
||||
- name: Get fingerprint of downloaded key
|
||||
ansible.builtin.shell: |
|
||||
set -euo pipefail
|
||||
gpg --with-colons --import-options show-only \
|
||||
--import /tmp/zrepl-apt-key.asc | awk -F: '$1=="fpr"{print $10; exit}'
|
||||
args:
|
||||
executable: /bin/bash
|
||||
changed_when: false
|
||||
register: gpg_key_info
|
||||
|
||||
- name: Verify key fingerprint matches expected value
|
||||
ansible.builtin.assert:
|
||||
that: gpg_key_info.stdout == expected_fingerprint
|
||||
vars:
|
||||
expected_fingerprint: "E101418FD3D6FBCB9D65A62D708699FC5F2EBF16"
|
||||
|
||||
- name: Dearmor zrepl key into APT keyring
|
||||
ansible.builtin.command:
|
||||
cmd: >-
|
||||
gpg --dearmor --yes --output /usr/share/keyrings/zrepl-archive-keyring.gpg
|
||||
/tmp/zrepl-apt-key.asc
|
||||
args:
|
||||
creates: /usr/share/keyrings/zrepl-archive-keyring.gpg
|
||||
|
||||
- name: Add zrepl apt repository
|
||||
ansible.builtin.apt_repository:
|
||||
repo: "deb [signed-by={{ zrepl_keyring_path }}] {{ zrepl_url }} {{ zrepl_suite }} main"
|
||||
filename: zrepl
|
||||
state: present
|
||||
vars:
|
||||
zrepl_keyring_path: /usr/share/keyrings/zrepl-archive-keyring.gpg
|
||||
zrepl_url: "https://zrepl.cschwarz.com/apt/debian"
|
||||
zrepl_suite: "{{ ansible_distribution_release }}"
|
||||
24
roles/zrepl/tasks/main.yml
Normal file
24
roles/zrepl/tasks/main.yml
Normal file
@@ -0,0 +1,24 @@
|
||||
- name: Install GnuPG
|
||||
ansible.builtin.apt:
|
||||
name: gnupg
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Check if zrepl repo exists
|
||||
ansible.builtin.stat:
|
||||
path: /etc/apt/sources.list.d/zrepl.list
|
||||
register: zrepl_repo_file
|
||||
|
||||
- name: Install zrepl repo
|
||||
ansible.builtin.include_tasks: install.yml
|
||||
when: not zrepl_repo_file.stat.exists
|
||||
|
||||
- name: Install zrepl
|
||||
ansible.builtin.apt:
|
||||
name: zrepl
|
||||
state: present
|
||||
|
||||
- name: Set zrepl package hold state
|
||||
ansible.builtin.dpkg_selections:
|
||||
name: zrepl
|
||||
selection: "{{ 'hold' if zrepl_pkg_hold else 'install' }}"
|
||||
Reference in New Issue
Block a user