roles/nginx: minor rework of apt key stuff

This commit is contained in:
Alan Orth 2023-08-22 21:33:19 +03:00
parent cea8529f49
commit e86ccc9979
Signed by: alanorth
GPG Key ID: 0FB860CC9C45B1B9
2 changed files with 30 additions and 11 deletions

View File

@ -1,13 +1,32 @@
--- ---
- name: Add nginx.org apt signing key - name: Remove nginx apt signing key from apt-key
ansible.builtin.apt_key: ansible.builtin.apt_key:
id: 0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62 id: 0x573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
url: https://nginx.org/keys/nginx_signing.key state: absent
state: present
register: add_nginx_apt_key
tags: tags:
- nginx
- packages - packages
- nginx
- name: Check nginx apt signing key
ansible.builtin.stat:
path: /usr/share/keyrings/nginx_signing.key
register: nginx_signing_key_stat
tags:
- packages
- nginx
- name: Download nginx apt signing key
ansible.builtin.get_url:
url: https://nginx.org/keys/nginx_signing.key
dest: /usr/share/keyrings/nginx_signing.key
owner: root
group: root
mode: 0644
register: download_nginx_signing_key
when: not nginx_signing_key_stat.stat.exists
tags:
- packages
- nginx
- name: Add nginx.org repo - name: Add nginx.org repo
ansible.builtin.template: ansible.builtin.template:
@ -22,10 +41,10 @@
- packages - packages
- name: Update apt cache - name: Update apt cache
ansible.builtin.apt: ansible.builtin.apt: # noqa no-handler
update_cache: true update_cache: true
when: when:
add_nginx_apt_key is changed or (download_nginx_signing_key.status_code is defined and download_nginx_signing_key.status_code == 200) or
add_nginx_apt_repository is changed add_nginx_apt_repository is changed
- name: Install nginx - name: Install nginx

View File

@ -3,17 +3,17 @@
{% if ansible_distribution == 'Ubuntu' %} {% if ansible_distribution == 'Ubuntu' %}
{% if nginx_version == "stable" %} {% if nginx_version == "stable" %}
deb [arch=amd64] https://nginx.org/packages/ubuntu/ {{ ansible_distribution_release }} nginx deb [arch=amd64 signed-by=/usr/share/keyrings/nginx_signing.key] https://nginx.org/packages/ubuntu/ {{ ansible_distribution_release }} nginx
{% elif nginx_version == "mainline" %} {% elif nginx_version == "mainline" %}
deb [arch=amd64] https://nginx.org/packages/mainline/ubuntu/ {{ ansible_distribution_release }} nginx deb [arch=amd64 signed-by=/usr/share/keyrings/nginx_signing.key] https://nginx.org/packages/mainline/ubuntu/ {{ ansible_distribution_release }} nginx
{% endif %} {% endif %}
{% elif ansible_distribution == 'Debian' %} {% elif ansible_distribution == 'Debian' %}
{% if nginx_version == "stable" %} {% if nginx_version == "stable" %}
deb [arch=amd64] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx deb [arch=amd64 signed-by=/usr/share/keyrings/nginx_signing.key] https://nginx.org/packages/debian/ {{ ansible_distribution_release }} nginx
{% elif nginx_version == "mainline" %} {% elif nginx_version == "mainline" %}
deb [arch=amd64] https://nginx.org/packages/mainline/debian/ {{ ansible_distribution_release }} nginx deb [arch=amd64 signed-by=/usr/share/keyrings/nginx_signing.key] https://nginx.org/packages/mainline/debian/ {{ ansible_distribution_release }} nginx
{% endif %} {% endif %}
{% endif %} {% endif %}