From 2efdfcad6d27a29c0a5c50aed973f674718598e7 Mon Sep 17 00:00:00 2001
From: julian <julian@jsts.xyz>
Date: Sun, 30 Jul 2023 05:19:22 +0200
Subject: [PATCH] Setup repo pin. to ensure nginx package gets installed from
 NGINX repos

---
 playbooks/roles/nginx/README.md                  |  4 ++++
 playbooks/roles/nginx/tasks/main/repo_setup.yaml | 12 ++++++++++++
 2 files changed, 16 insertions(+)

diff --git a/playbooks/roles/nginx/README.md b/playbooks/roles/nginx/README.md
index c9a452a..9abf2ea 100644
--- a/playbooks/roles/nginx/README.md
+++ b/playbooks/roles/nginx/README.md
@@ -53,3 +53,7 @@ server {
     resolver 127.0.0.1;
 }
 ```
+
+## Links & Resources
+
+- <https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/#installing-prebuilt-debian-packages>
diff --git a/playbooks/roles/nginx/tasks/main/repo_setup.yaml b/playbooks/roles/nginx/tasks/main/repo_setup.yaml
index 4026f28..d389799 100644
--- a/playbooks/roles/nginx/tasks/main/repo_setup.yaml
+++ b/playbooks/roles/nginx/tasks/main/repo_setup.yaml
@@ -29,5 +29,17 @@
   become: true
   notify: apt-get update
 
+- name: set up repository pinning to make sure nginx package gets installed from NGINX repositories
+  ansible.builtin.copy:
+    content: |
+      Package: *
+      Pin: origin nginx.org
+      Pin: release o=nginx
+      Pin-Priority: 900
+    dest: /etc/apt/preferences.d/99nginx
+    owner: root
+    group: root
+    mode: "0644"
+
 - name: Flush handlers to make sure "apt-get update" handler runs, if needed
   ansible.builtin.meta: flush_handlers