-
-
Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
| --- | |
| - hosts: localhost | |
| connection: local | |
| gather_facts: true | |
| tasks: | |
| - name: Add APT repositories | |
| when: ansible_os_family == 'Debian' | |
| become: true | |
| block: | |
| - name: Add VSCode APT repository | |
| ansible.builtin.deb822_repository: | |
| name: vscode | |
| types: [deb] | |
| uris: "https://packages.microsoft.com/repos/code" | |
| signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
| suites: [stable] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add google APT repository | |
| ansible.builtin.deb822_repository: | |
| name: google | |
| types: [deb] | |
| uris: | |
| - "http://dl.google.com/linux/chrome/deb" | |
| - "http://dl.google.com/linux/earth/deb" | |
| signed_by: "https://dl.google.com/linux/linux_signing_key.pub" | |
| suites: [stable] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Kubernetes APT repository | |
| ansible.builtin.deb822_repository: | |
| name: kubernetes | |
| types: [deb] | |
| uris: "https://apt.kubernetes.io" | |
| signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | |
| suites: [kubernetes-xenial] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add google-cloud-cli APT repository | |
| ansible.builtin.deb822_repository: | |
| name: google-cloud-cli | |
| types: [deb] | |
| uris: "https://packages.cloud.google.com/apt" | |
| signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg" | |
| suites: [cloud-sdk] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Microsoft prod APT repository (Debian) | |
| when: ansible_distribution == 'Debian' | |
| ansible.builtin.deb822_repository: | |
| name: packages-microsoft-com-prod | |
| types: [deb] | |
| uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_major_version }}/prod" | |
| signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
| suites: ["{{ ansible_distribution_release|lower }}"] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Microsoft prod APT repository (Ubuntu) | |
| when: ansible_distribution == 'Ubuntu' | |
| ansible.builtin.deb822_repository: | |
| name: packages-microsoft-com-prod | |
| types: [deb] | |
| uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_version }}/prod" | |
| signed_by: "https://packages.microsoft.com/keys/microsoft.asc" | |
| suites: ["{{ ansible_distribution_release|lower }}"] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Tailscale stable APT repository | |
| ansible.builtin.deb822_repository: | |
| name: tailscale-stable | |
| types: [deb] | |
| uris: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}" | |
| signed_by: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}/{{ ansible_distribution_release|lower }}.asc" | |
| suites: ["{{ ansible_distribution_release|lower }}"] | |
| components: [main] | |
| state: present | |
| enabled: yes | |
| - name: Add Hashicorp Stable APT repository | |
| ansible.builtin.deb822_repository: | |
| name: hashicorp | |
| types: [deb] | |
| uris: "https://apt.releases.hashicorp.com" | |
| signed_by: "https://apt.releases.hashicorp.com/gpg" | |
| suites: ["{{ ansible_distribution_release|lower }}"] | |
| components: [main] | |
| state: present | |
| enabled: yes |
- name: Add Grafana APT repository
deb822_repository:
name: grafana
types: [deb]
uris: "https://packages.grafana.com/oss/deb"
signed_by: "https://packages.grafana.com/gpg.key"
suites: [stable]
components: [main]
state: present
enabled: true- name: Add nvidia-cuda APT repository (debian)
ansible.builtin.deb822_repository:
name: nvidia-cuda
types: [deb]
uris: "https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64"
signed_by: "https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/3bf863cc.pub"
suites: [/]
state: present
enabled: true
- name: Add nvidia-container APT repository
ansible.builtin.deb822_repository:
name: nvidia-container
types: [deb]
uris: "https://nvidia.github.io/libnvidia-container/stable/deb/amd64"
signed_by: "https://nvidia.github.io/libnvidia-container/gpgkey"
suites: [/]
state: present
enabled: true
- name: Add coral-edgetpu APT repository
ansible.builtin.deb822_repository:
name: coral-edgetpu
types: [deb]
uris: "https://packages.cloud.google.com/apt"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [coral-edgetpu-stable]
components: [main]
state: present
enabled: trueFor gitlab-runner:
- name: Add gitlab-runner repository
ansible.builtin.deb822_repository:
name: gitlab-runner
types: [deb]
uris: "https://packages.gitlab.com/runner/gitlab-runner/{{ ansible_distribution | lower }}/"
signed_by: https://packages.gitlab.com/runner/gitlab-runner/gpgkey
suites: ["{{ ansible_distribution_release | lower }}"]
components: [main]
state: present
enabled: trueI dont suppose there's any clean way to force the deb822 module to download keys to /usr/share/keyrings ? They really should not be dropping into /etc/apt/trusted.gpg ...
I really don't want to have to do a few tasks to move the key and update the .sources file :(
- name: Add Helm repo
ansible.builtin.deb822_repository:
name: Helm stable
types: [deb]
uris: https://packages.buildkite.com/helm-linux/helm-debian/any/
suites: any
components:
- main
signed_by: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey
state: present
enabled: true
Hi all,
Not sure if this is the right place to ask, if not sorry.
I want to edit the default debian repo provided by proxmox which is as follows:
/etc/apt/sources.list.d/debian.sources
with contents:
Types: deb
URIs: http://deb.debian.org/debian/
Suites: trixie trixie-updates
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb
URIs: http://security.debian.org/debian-security/
Suites: trixie-security
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Using the ansible module I can create two separate repos with different names, but I wasn't able to find a way to put multiple configs inside a single fil. Is there something I'm missing from my side or it's not (yet) supported by ansible such configuration?
Sorry again if it's not the right place to ask but this is one of the few results that pops up on the matter...
Thanks!
@Kimbaras This is not possible. Use template if you want one file.
docker
Above docker example didn't work for me. Kept getting this error:
Malformed entry 1 in sources file /etc/apt/sources.list.d/docker.sources (Component), E:The list of sources could not be readI tested the Docker task by @Sprout9 above, it works on my test. I would need to see what the output is of
/etc/apt/sources.list.d/to know what issue you faced.However, make sure you have set
gather_facts: true. Your fix does not use facts and instead references "ubuntu" directly. This is valid, however there is an advantage in using facts: the same task can work on multiple different distributions.For reference, this is the task I use to setup the Docker repository on my personal machines and in production servers (I personally tested it on Debian 11, Debian 12, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS):
- name: Add Docker APT repository ansible.builtin.deb822_repository: name: docker state: present types: [deb] uris: "https://download.docker.com/linux/{{ ansible_distribution|lower }}" suites: ["{{ ansible_distribution_release|lower }}"] components: [stable] signed_by: "https://download.docker.com/linux/debian/gpg" enabled: yes
Thanks for sharing. This worked for me. I had to remove old sources in /etc/apt/sources.list.d that were created by the ansible.builtin.apt_key + ansible.builtin.apt_repository combo.
Also LLM suggested to template signed_by
signed_by: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg"
tbh not sure the "correctness" of this change. since you said it worker for several distros. It actually worked for my Ubuntu 24.04 LTS when it was hardcoded to debian
A few more examples with mozilla, spotify, tableplus and mongoDB 8.0: