- name: make sure `gnupg` package is installed ansible.builtin.apt: name: gnupg state: present update_cache: true become: true - name: make sure NGINX signing key is added ansible.builtin.get_url: url: https://nginx.org/keys/nginx_signing.key dest: /etc/apt/trusted.gpg.d/nginx.asc mode: "0644" owner: root group: root become: true notify: apt-get update - name: make sure NGINX APT repository is added ansible.builtin.apt_repository: repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx" state: present become: true notify: apt-get update - name: make sure NGINX APT source repository is added ansible.builtin.apt_repository: repo: "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx" state: present become: true notify: apt-get update - name: set up repository pinning to make sure nginx package gets installed from NGINX repositories ansible.builtin.copy: content: | Package: * Pin: origin nginx.org Pin: release o=nginx Pin-Priority: 900 dest: /etc/apt/preferences.d/99nginx owner: root group: root mode: "0644" become: true - name: Flush handlers to make sure "apt-get update" handler runs, if needed ansible.builtin.meta: flush_handlers