Skip to content

Instantly share code, notes, and snippets.

@roib20

roib20/apt-repo-playbook.yaml

Last active October 27, 2024 14:39
Show Gist options
  • Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
Download ZIP
Example usages of the new `deb822_repository` Ansible module
Raw
apt-repo-playbook.yaml
---
- hosts: localhost
connection: local
gather_facts: true
tasks:
- name: Add APT repositories
when: ansible_os_family == 'Debian'
become: true
block:
- name: Add VSCode APT repository
ansible.builtin.deb822_repository:
name: vscode
types: [deb]
uris: "https://packages.microsoft.com/repos/code"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: [stable]
components: [main]
state: present
enabled: yes
- name: Add google APT repository
ansible.builtin.deb822_repository:
name: google
types: [deb]
uris:
- "http://dl.google.com/linux/chrome/deb"
- "http://dl.google.com/linux/earth/deb"
signed_by: "https://dl.google.com/linux/linux_signing_key.pub"
suites: [stable]
components: [main]
state: present
enabled: yes
- name: Add Kubernetes APT repository
ansible.builtin.deb822_repository:
name: kubernetes
types: [deb]
uris: "https://apt.kubernetes.io"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [kubernetes-xenial]
components: [main]
state: present
enabled: yes
- name: Add google-cloud-cli APT repository
ansible.builtin.deb822_repository:
name: google-cloud-cli
types: [deb]
uris: "https://packages.cloud.google.com/apt"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [cloud-sdk]
components: [main]
state: present
enabled: yes
- name: Add Microsoft prod APT repository (Debian)
when: ansible_distribution == 'Debian'
ansible.builtin.deb822_repository:
name: packages-microsoft-com-prod
types: [deb]
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_major_version }}/prod"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Microsoft prod APT repository (Ubuntu)
when: ansible_distribution == 'Ubuntu'
ansible.builtin.deb822_repository:
name: packages-microsoft-com-prod
types: [deb]
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_version }}/prod"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Tailscale stable APT repository
ansible.builtin.deb822_repository:
name: tailscale-stable
types: [deb]
uris: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}"
signed_by: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}/{{ ansible_distribution_release|lower }}.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Hashicorp Stable APT repository
ansible.builtin.deb822_repository:
name: hashicorp
types: [deb]
uris: "https://apt.releases.hashicorp.com"
signed_by: "https://apt.releases.hashicorp.com/gpg"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
@JohnRDOrazio
Copy link

Note that the deb822_repository module requires the python3-debian package to be installed. This can be installed in a virtual environment with pip install python-debian.

The deb822 format allows signing keys to be included in the same .source file rather than added to the /etc/apt/trusted.gpg.d folder. This is a better approach because the signing key will be associated only with it's own repository, and not with all repositories globally. This will give a result as close as possible to the native add-apt-repository:

- name: Manage PHP PPA repository (deb822_repository)
  become: true
  ansible.builtin.deb822_repository:
    state: present
    name: "ondrej-ubuntu-php-{{ansible_distribution_release}}"
    types: [deb]
    uris: [https://ppa.launchpadcontent.net/ondrej/php/ubuntu]
    suites: ["{{ ansible_facts['distribution_release'] }}"]
    components: [main]
    signed_by: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      .
      mQINBGYo0vEBEAC0Semxy5I2b8exRUxJfTKkHR4f5uyS0dTd9vYgMI5T3gsa7ypH
      HtE+GiZC+T9m/F9h66+XJMxhuNsKRs7T2In5NSeso9H/ytlSTayUaBtCFfRp6y6b
      6ozuRBfqYJGxhjAnIzvNF/Wpp2BvfQm3OrQ7uJJrt5IvzLDC4jPxl/Xs3sTT+Hbk
      bkKKprZ3xmy2enuwBaNWR/CUtAz3hbkzL1kGbhX9m3QidFJagVVdDw3aNEwo8ush
      djWfF+BajNvpDFYJKBGQbCeagB753Baa5yIN62x+THLnLiKTMDS1e7U0ZDiV9671
      noTbtN5TeZeyfsEmeZ8X60x11JIP3yYHYZT70/DyTYX3WC9yQFyIgVOfRlGklMKI
      k3TLMmtq8w5Hz1vovwzV7PzaQnmY+uNP2ZbAP4fJ3iFAj0L+u0i1nOFgTy0Lq058
      O/FjRrQxuceDDCF+9ThspXMw3Puvz8giuBDCdEda84uC7XWMdqgz/maLfFQjAmyP
      Ixi1EMxMlHYyZajpR1cdCfrAIQlnQjHSWmyeCFgXPPfRA71aCcJ7oSrDjogW6Ahd
      HRkQRKf1FF9BFzycgSQotfR+7CKfPQh1kghufM9W/spARzA709nGZjXJzgEJLQd3
      CDB6dIIxT/0YI36h3Qgfmiiw4twO24MMEqEEPIELz2WJKeWGkdQdcekpxQARAQAB
      tB9MYXVuY2hwYWQgUFBBIGZvciBPbmTFmWVqIFN1csO9iQJOBBMBCgA4FiEEuNx+
      U5RmVu+85MHdcdrqq0rUyrYFAmYo0vECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
      F4AACgkQcdrqq0rUyrYOPQ/+IArA4s1J3op/w7cXek0ieFHWHFDrxPYS+78/LF/J
      LoYZw0nIU5Ovr+LzehFMIQU6esgPXwbeCVgwLwat57augAkAYWT0UzH5dE6RKAGr
      C2vsHWVfPhQn6UndfzwXc0mTLGQni25aQaZ6k60Dbm/vblejrTQrtAUWoMO3Z1cr
      NDGJ3Z9DCxtr2o9gRYUI6HwLHJtobTIeI5xsr5x+GvXiIAVCPa3ZEuRL6jMQfqfS
      C43mpuiS1kGgsnQLs2DbN7EFCfiJoNX1QzZu25zg+IS9PXbCJnheZWnH0rwUSb/N
      hZPcSefGlNlhr824OfT30v79hQnw59XbsfV270O9jPbD4kttN+OiszbU66zsuiOh
      BO46XCckQPqDkBMw56GPFuVrQgGb1thXvn67URJgPyJhwauBWKPNAJ9Ojuo+yVq/
      hdR1VNWThXQbZgaGSWrbjt6FdYtQb9VX88uu5gFDmr180HogHNUDUcqNLLdnjfFs
      4DyJlusQ5I/a7cQ7nlkNgxAmHszwO/mGLBuGljDUYkwZDW9nqP1Q5Q2jMtrhgXvR
      2SOtufvecUbB7+eoRSaOnu7CNMATG6LocFEMzhKUde1uZTfWSqnYEcdqoFJMi46y
      qaNxhiNLsQ5OBMbgSp2zCbQxRBdITMVvBR5YjCetUIGEs6T1yQ5wh5Xpoi34ShHn
      v38=
      =kFlZ
      -----END PGP PUBLIC KEY BLOCK-----

- name: Manage Python PPA repository (deb822_repository)
  become: true
  ansible.builtin.deb822_repository:
    state: present
    name: "deadsnakes-ubuntu-ppa-{{ansible_distribution_release}}"
    types: [deb]
    uris: [https://ppa.launchpadcontent.net/deadsnakes/ppa/ubuntu/]
    suites: ["{{ ansible_facts['distribution_release'] }}"]
    components: [main]
    signed_by: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      .
      mQINBFl8fYEBEADQmGZ6pDrwY9iH9DVlwNwTOvOZ7q7lHXPl/TLfMs1tckMc/D9a
      hsdBN9VWtMmo+RySvhkIe8X15r65TFs2HE8ft6j2e/4K472pObM1hB+ajiU/wYX2
      Syq7DBlNm6YMP5/SyQzRxqis4Ja1uUjW4Q5/Csdf5In8uMzXj5D1P7qOiP2aNa0E
      r3w6PXWRTuTihWZOsHv8npyVYDBRR6gEZbd3r86snI/7o8Bfmad3KjbxL7aOdNMw
      AqQFaNKl7Y+UJpv1CNFIf+twcOoC0se1SrsVJlAH9HNHM7XGQsPUwpNvQlcmvr+t
      1vVS2m72lk3gyShDuJpi1TifGw+DoTqu54U0k+0sZm4pnQVeiizNkefU2UqOoGlt
      4oiG9nIhSX04xRlGes3Ya0OjNI5b1xbcYoR+r0c3odI+UCw3VSZtKDX/xlH1o/82
      b8ouXeE7LA1i4DvGNj4VSvoxv4ggIznxMf+PkWXWKwRGsbAAXF52rr4FUaeaKoIU
      DkJqHXAxrB3PQslZ+ZgBEukkQZF76NkqRqP1E7FXzZZMo2eEL7vtnhSzUlanOf42
      ECBoWHVoZQaRFMNbGpqlg9aWedHGyetMStS3nH1sqanr+i4I8VR/UH+ilarPTW3T
      E0apWlsH8+N3IKbRx2wgrRZNoQEuyVtvyewDFYShJB3Zxt7VCy67vKAl1QARAQAB
      tBxMYXVuY2hwYWQgUFBBIGZvciBkZWFkc25ha2VziQI4BBMBAgAiBQJZfH2BAhsD
      BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC6aTI2anVXdvwhD/4oI3yckeKn
      9aJNNTJsyw4ydMkIAOdG+jbZsYv/rN73UVQF1RA8HC71SDmbd0Nu80koBOX+USuL
      vvhoMIsARlD5dLx5f/zaQcYWJm/BtsMF/eZ4s1xsenwW6PpXd8FpaTn1qtg/8+O9
      99R4uSetAhhyf1vSRb/8U0sgSQd38mpZZFq352UuVisXnmCThj621loQubYJ3lwU
      LSLs8wmgo4XIYH7UgdavV9dfplPh0M19RHQL3wTyQP2KRNRq1rG7/n1XzUwDyqY6
      eMVhdVhvnxAGztvdFCySVzBRr/rCw6quhcYQwBqdqaXhz63np+4mlUNfd8Eu+Vas
      b/tbteF/pDu0yeFMpK4X09Cwn2kYYCpq4XujijW+iRWb4MO3G8LLi8oBAHP/k0CM
      /QvSRbbG8JDQkQDH37Efm8iE/EttJTixjKAIfyugmvEHfcrnxaMoBioa6h6McQrM
      vI8bJirxorJzOVF4kY7xXvMYwjzaDC8G0fTA8SzQRaShksR3USXZjz8vS6tZ+YNa
      mRHPoZ3Ua0bz4t2aCcu/fknVGsXcNBazNIK9WF2665Ut/b7lDbojXsUZ3PpuqOoe
      GQL9LRj7nmCI6ugoKkNp8ZXcGJ8BGw37Wep2ztyzDohXp6f/4mGgy2KYV9R4S8D5
      yBDUU6BS7Su5nhQMStfdfr4FffLmnvFC9w==
      =7hFk
      -----END PGP PUBLIC KEY BLOCK-----

@UnknownPlatypus
Copy link

A few more examples with mozilla, spotify, tableplus and mongoDB 8.0:

- name: Add Mozilla APT repository
  ansible.builtin.deb822_repository:
    name: mozilla
    types: [deb]
    uris: https://packages.mozilla.org/apt
    signed_by: https://packages.mozilla.org/apt/repo-signing-key.gpg
    suites: [mozilla]
    components: [main]
    enabled: true

- name: Add Spotify APT repository
  ansible.builtin.deb822_repository:
    name: spotify
    types: [deb]
    uris: http://repository.spotify.com
    signed_by: https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg
    suites: [stable]
    components: [non-free]
    enabled: true

- name: Add TablePlus APT repository
  ansible.builtin.deb822_repository:
    name: tableplus
    types: [deb]
    uris: "https://deb.tableplus.com/debian/{{ ansible_distribution_major_version }}"
    signed_by: https://deb.tableplus.com/apt.tableplus.com.gpg.key
    suites: [tableplus]
    components: [main]
    enabled: true

- name: Add MongoDB 8.0 repository
  ansible.builtin.deb822_repository:
    name: mongodb-org-8.0
    types: [deb]
    uris: "https://repo.mongodb.org/apt/{{ ansible_distribution|lower }}"
    signed_by: https://www.mongodb.org/static/pgp/server-8.0.asc
    suites: ["{{ ansible_distribution_release|lower }}/mongodb-org/8.0"]
    components: [multiverse]
    enabled: true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment