2020-06-30 18:59:53 +02:00
|
|
|
---
|
2020-09-19 17:32:17 +02:00
|
|
|
- name: (Alpine Linux) Set up signing key
|
2020-09-15 21:27:06 +02:00
|
|
|
block:
|
2020-09-19 17:32:17 +02:00
|
|
|
- name: (Alpine Linux) Set up NGINX signing key URL
|
2022-03-22 18:27:11 +01:00
|
|
|
ansible.builtin.set_fact:
|
2020-11-17 16:40:53 +01:00
|
|
|
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_rsa_pub) }}"
|
2020-06-30 18:59:53 +02:00
|
|
|
|
2020-09-19 17:32:17 +02:00
|
|
|
- name: (Alpine Linux) Download NGINX signing key
|
2022-03-22 18:27:11 +01:00
|
|
|
ansible.builtin.get_url:
|
2020-09-15 21:27:06 +02:00
|
|
|
url: "{{ keysite }}"
|
|
|
|
dest: /etc/apk/keys/nginx_signing.rsa.pub
|
|
|
|
mode: 0400
|
|
|
|
when: ansible_facts['os_family'] == "Alpine"
|
|
|
|
|
2020-09-19 17:32:17 +02:00
|
|
|
- name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL
|
2022-03-22 18:27:11 +01:00
|
|
|
ansible.builtin.set_fact:
|
2020-11-17 16:40:53 +01:00
|
|
|
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_pgp) }}"
|
2020-09-15 21:27:06 +02:00
|
|
|
when: ansible_facts['os_family'] != "Alpine"
|
|
|
|
|
2020-09-19 17:32:17 +02:00
|
|
|
- name: (Debian/Ubuntu) Add NGINX signing key
|
2022-03-22 18:27:11 +01:00
|
|
|
ansible.builtin.apt_key:
|
2020-09-15 21:27:06 +02:00
|
|
|
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
2021-12-03 07:59:36 +01:00
|
|
|
keyring: /usr/share/keyrings/nginx-archive-keyring.gpg
|
2020-09-15 21:27:06 +02:00
|
|
|
url: "{{ keysite }}"
|
|
|
|
when: ansible_facts['os_family'] == "Debian"
|
|
|
|
|
2020-09-19 17:32:17 +02:00
|
|
|
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key
|
2022-03-22 18:27:11 +01:00
|
|
|
ansible.builtin.rpm_key:
|
2020-09-15 21:27:06 +02:00
|
|
|
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
|
|
|
|
key: "{{ keysite }}"
|
|
|
|
when: ansible_facts['os_family'] in ['RedHat', 'Suse']
|