kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
19a65cb742170b829e8dc2e9eefa811debf124c0
homelab/roles/zrepl/tasks/install.yml
Kris Lamoureux 19a65cb742 Add zrepl role
2026-02-25 22:36:37 -05:00

41 lines
1.3 KiB
YAML
Raw Blame History

- name: Download zrepl APT signing key
ansible.builtin.get_url:
url: https://zrepl.cschwarz.com/apt/apt-key.asc
dest: /tmp/zrepl-apt-key.asc
mode: "600"
force: true
- name: Get fingerprint of downloaded key
ansible.builtin.shell: |
set -euo pipefail
gpg --with-colons --import-options show-only \
--import /tmp/zrepl-apt-key.asc | awk -F: '$1=="fpr"{print $10; exit}'
args:
executable: /bin/bash
changed_when: false
register: gpg_key_info
- name: Verify key fingerprint matches expected value
ansible.builtin.assert:
that: gpg_key_info.stdout == expected_fingerprint
vars:
expected_fingerprint: "E101418FD3D6FBCB9D65A62D708699FC5F2EBF16"
- name: Dearmor zrepl key into APT keyring
ansible.builtin.command:
cmd: >-
gpg --dearmor --yes --output /usr/share/keyrings/zrepl-archive-keyring.gpg
/tmp/zrepl-apt-key.asc
args:
creates: /usr/share/keyrings/zrepl-archive-keyring.gpg
- name: Add zrepl apt repository
ansible.builtin.apt_repository:
repo: "deb [signed-by={{ zrepl_keyring_path }}] {{ zrepl_url }} {{ zrepl_suite }} main"
filename: zrepl
state: present
vars:
zrepl_keyring_path: /usr/share/keyrings/zrepl-archive-keyring.gpg
zrepl_url: "https://zrepl.cschwarz.com/apt/debian"
zrepl_suite: "{{ ansible_distribution_release }}"
Reference in New Issue View Git Blame Copy Permalink