47 lines
1.4 KiB
YAML
47 lines
1.4 KiB
YAML
- name: make sure `gnupg` package is installed
|
|
ansible.builtin.apt:
|
|
name: gnupg
|
|
state: present
|
|
update_cache: true
|
|
become: true
|
|
|
|
- name: make sure NGINX signing key is added
|
|
ansible.builtin.get_url:
|
|
url: https://nginx.org/keys/nginx_signing.key
|
|
dest: /etc/apt/trusted.gpg.d/nginx.asc
|
|
mode: "0644"
|
|
owner: root
|
|
group: root
|
|
become: true
|
|
notify: apt-get update
|
|
|
|
- name: make sure NGINX APT repository is added
|
|
ansible.builtin.apt_repository:
|
|
repo: "deb [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
|
|
state: present
|
|
become: true
|
|
notify: apt-get update
|
|
|
|
- name: make sure NGINX APT source repository is added
|
|
ansible.builtin.apt_repository:
|
|
repo: "deb-src [arch=amd64 signed-by=/etc/apt/trusted.gpg.d/nginx.asc] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx"
|
|
state: present
|
|
become: true
|
|
notify: apt-get update
|
|
|
|
- name: set up repository pinning to make sure nginx package gets installed from NGINX repositories
|
|
ansible.builtin.copy:
|
|
content: |
|
|
Package: *
|
|
Pin: origin nginx.org
|
|
Pin: release o=nginx
|
|
Pin-Priority: 900
|
|
dest: /etc/apt/preferences.d/99nginx
|
|
owner: root
|
|
group: root
|
|
mode: "0644"
|
|
become: true
|
|
|
|
- name: Flush handlers to make sure "apt-get update" handler runs, if needed
|
|
ansible.builtin.meta: flush_handlers
|