nginx(role): split up repo setup and install task lists to estab. conv.

Split up repo setup and package installation after all to establish this as a convention (its already done this way in the docker role and was done this way in the nginx role before) to highlight that an external repo is used.
2025-02-18 05:43:39 +01:00 · 2025-02-18 05:43:39 +01:00 · 7420ed6010
commit 7420ed6010
parent 89f3e55eac
5 changed files with 20 additions and 12 deletions
--- a/roles/nginx/tasks/main/02_repo_setup.yaml
+++ b/roles/nginx/tasks/main/02_repo_setup.yaml
@ -0,0 +1,39 @@
+- name: Ensure gnupg is installed
+  ansible.builtin.apt:
+    name: gnupg
+    state: present
+  become: true
+
+- name: Ensure NGINX signing key is added
+  ansible.builtin.get_url:
+    url: https://nginx.org/keys/nginx_signing.key
+    dest: /etc/apt/trusted.gpg.d/nginx.asc
+    mode: "0644"
+    owner: root
+    group: root
+  become: true
+
+- name: Ensure NGINX APT repository is added
+  ansible.builtin.apt_repository:
+    repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
+    state: present
+  become: true
+
+- name: Ensure NGINX APT source repository is added
+  ansible.builtin.apt_repository:
+    repo: "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
+    state: present
+  become: true
+
+- name: Ensure repository pinning to make sure nginx package gets installed from NGINX repositories is set up
+  ansible.builtin.copy:
+    content: |
+      Package: *
+      Pin: origin nginx.org
+      Pin: release o=nginx
+      Pin-Priority: 900
+    dest: /etc/apt/preferences.d/99nginx
+    owner: root
+    group: root
+    mode: "0644"
+  become: true