Skip to content

Instantly share code, notes, and snippets.

@roib20
Last active June 13, 2026 11:48
Show Gist options
  • Select an option

  • Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.

Select an option

Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
Example usages of the new `deb822_repository` Ansible module
---
- hosts: localhost
connection: local
gather_facts: true
tasks:
- name: Add APT repositories
when: ansible_os_family == 'Debian'
become: true
block:
- name: Add VSCode APT repository
ansible.builtin.deb822_repository:
name: vscode
types: [deb]
uris: "https://packages.microsoft.com/repos/code"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: [stable]
components: [main]
state: present
enabled: yes
- name: Add google APT repository
ansible.builtin.deb822_repository:
name: google
types: [deb]
uris:
- "http://dl.google.com/linux/chrome/deb"
- "http://dl.google.com/linux/earth/deb"
signed_by: "https://dl.google.com/linux/linux_signing_key.pub"
suites: [stable]
components: [main]
state: present
enabled: yes
- name: Add Kubernetes APT repository
ansible.builtin.deb822_repository:
name: kubernetes
types: [deb]
uris: "https://apt.kubernetes.io"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [kubernetes-xenial]
components: [main]
state: present
enabled: yes
- name: Add google-cloud-cli APT repository
ansible.builtin.deb822_repository:
name: google-cloud-cli
types: [deb]
uris: "https://packages.cloud.google.com/apt"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [cloud-sdk]
components: [main]
state: present
enabled: yes
- name: Add Microsoft prod APT repository (Debian)
when: ansible_distribution == 'Debian'
ansible.builtin.deb822_repository:
name: packages-microsoft-com-prod
types: [deb]
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_major_version }}/prod"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Microsoft prod APT repository (Ubuntu)
when: ansible_distribution == 'Ubuntu'
ansible.builtin.deb822_repository:
name: packages-microsoft-com-prod
types: [deb]
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_version }}/prod"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Tailscale stable APT repository
ansible.builtin.deb822_repository:
name: tailscale-stable
types: [deb]
uris: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}"
signed_by: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}/{{ ansible_distribution_release|lower }}.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Hashicorp Stable APT repository
ansible.builtin.deb822_repository:
name: hashicorp
types: [deb]
uris: "https://apt.releases.hashicorp.com"
signed_by: "https://apt.releases.hashicorp.com/gpg"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
@orgnizedmess

orgnizedmess commented Aug 16, 2025

Copy link
Copy Markdown
- name: Add Grafana APT repository
  deb822_repository:
    name: grafana
    types: [deb]
    uris: "https://packages.grafana.com/oss/deb"
    signed_by: "https://packages.grafana.com/gpg.key"
    suites: [stable]
    components: [main]
    state: present
    enabled: true

@seevee

seevee commented Aug 16, 2025

Copy link
Copy Markdown
- name: Add nvidia-cuda APT repository (debian)
  ansible.builtin.deb822_repository:
    name: nvidia-cuda
    types: [deb]
    uris: "https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64"
    signed_by: "https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/3bf863cc.pub"
    suites: [/]
    state: present
    enabled: true

- name: Add nvidia-container APT repository
  ansible.builtin.deb822_repository:
    name: nvidia-container
    types: [deb]
    uris: "https://nvidia.github.io/libnvidia-container/stable/deb/amd64"
    signed_by: "https://nvidia.github.io/libnvidia-container/gpgkey"
    suites: [/]
    state: present
    enabled: true

- name: Add coral-edgetpu APT repository
  ansible.builtin.deb822_repository:
    name: coral-edgetpu
    types: [deb]
    uris: "https://packages.cloud.google.com/apt"
    signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
    suites: [coral-edgetpu-stable]
    components: [main]
    state: present
    enabled: true

@hegerdes

Copy link
Copy Markdown

For gitlab-runner:

- name: Add gitlab-runner repository
  ansible.builtin.deb822_repository:
    name: gitlab-runner
    types: [deb]
    uris: "https://packages.gitlab.com/runner/gitlab-runner/{{ ansible_distribution | lower }}/"
    signed_by: https://packages.gitlab.com/runner/gitlab-runner/gpgkey
    suites: ["{{ ansible_distribution_release | lower }}"]
    components: [main]
    state: present
    enabled: true

@Halfwalker

Copy link
Copy Markdown

I dont suppose there's any clean way to force the deb822 module to download keys to /usr/share/keyrings ? They really should not be dropping into /etc/apt/trusted.gpg ...

I really don't want to have to do a few tasks to move the key and update the .sources file :(

@nuBacuk

nuBacuk commented Nov 19, 2025

Copy link
Copy Markdown
- name: Add Helm repo
  ansible.builtin.deb822_repository:
    name: Helm stable
    types: [deb]
    uris: https://packages.buildkite.com/helm-linux/helm-debian/any/
    suites: any
    components:
      - main
    signed_by: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey
    state: present
    enabled: true

@Kimbaras

Kimbaras commented Dec 4, 2025

Copy link
Copy Markdown

Hi all,

Not sure if this is the right place to ask, if not sorry.

I want to edit the default debian repo provided by proxmox which is as follows:

/etc/apt/sources.list.d/debian.sources

with contents:

Types: deb
URIs: http://deb.debian.org/debian/
Suites: trixie trixie-updates
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: http://security.debian.org/debian-security/
Suites: trixie-security
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Using the ansible module I can create two separate repos with different names, but I wasn't able to find a way to put multiple configs inside a single fil. Is there something I'm missing from my side or it's not (yet) supported by ansible such configuration?

Sorry again if it's not the right place to ask but this is one of the few results that pops up on the matter...

Thanks!

@dR3b

dR3b commented Feb 10, 2026

Copy link
Copy Markdown

@Kimbaras This is not possible. Use template if you want one file.

@David2011Hernandez

Copy link
Copy Markdown

docker

Above docker example didn't work for me. Kept getting this error: Malformed entry 1 in sources file /etc/apt/sources.list.d/docker.sources (Component), E:The list of sources could not be read

I tested the Docker task by @Sprout9 above, it works on my test. I would need to see what the output is of /etc/apt/sources.list.d/ to know what issue you faced.

However, make sure you have set gather_facts: true. Your fix does not use facts and instead references "ubuntu" directly. This is valid, however there is an advantage in using facts: the same task can work on multiple different distributions.

For reference, this is the task I use to setup the Docker repository on my personal machines and in production servers (I personally tested it on Debian 11, Debian 12, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS):

- name: Add Docker APT repository
  ansible.builtin.deb822_repository:
    name: docker
    state: present
    types: [deb]
    uris: "https://download.docker.com/linux/{{ ansible_distribution|lower }}"
    suites: ["{{ ansible_distribution_release|lower }}"]
    components: [stable]
    signed_by: "https://download.docker.com/linux/debian/gpg"
    enabled: yes

Thanks for sharing. This worked for me. I had to remove old sources in /etc/apt/sources.list.d that were created by the ansible.builtin.apt_key + ansible.builtin.apt_repository combo.

Also LLM suggested to template signed_by

signed_by: "https://download.docker.com/linux/{{ ansible_facts['distribution'] | lower }}/gpg"

tbh not sure the "correctness" of this change. since you said it worker for several distros. It actually worked for my Ubuntu 24.04 LTS when it was hardcoded to debian

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment