ansible-role-nginx/tasks/keys/setup-keys.yml

32 lines
1.2 KiB
YAML
Raw Normal View History

---
2020-09-19 17:32:17 +02:00
- name: (Alpine Linux) Set up signing key
2020-09-15 21:27:06 +02:00
block:
2020-09-19 17:32:17 +02:00
- name: (Alpine Linux) Set up NGINX signing key URL
ansible.builtin.set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_rsa_pub) }}"
2020-09-19 17:32:17 +02:00
- name: (Alpine Linux) Download NGINX signing key
ansible.builtin.get_url:
2020-09-15 21:27:06 +02:00
url: "{{ keysite }}"
dest: /etc/apk/keys/nginx_signing.rsa.pub
mode: 0400
when: ansible_facts['os_family'] == "Alpine"
2020-09-19 17:32:17 +02:00
- name: (Debian/Red Hat/SLES OSs) Set up NGINX signing key URL
ansible.builtin.set_fact:
keysite: "{{ nginx_signing_key | default(nginx_default_signing_key_pgp) }}"
2020-09-15 21:27:06 +02:00
when: ansible_facts['os_family'] != "Alpine"
2020-09-19 17:32:17 +02:00
- name: (Debian/Ubuntu) Add NGINX signing key
ansible.builtin.apt_key:
2020-09-15 21:27:06 +02:00
id: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
keyring: /usr/share/keyrings/nginx-archive-keyring.gpg
2020-09-15 21:27:06 +02:00
url: "{{ keysite }}"
when: ansible_facts['os_family'] == "Debian"
2020-09-19 17:32:17 +02:00
- name: (Amazon Linux/CentOS/Oracle Linux/RHEL/SLES) Add NGINX signing key
ansible.builtin.rpm_key:
2020-09-15 21:27:06 +02:00
fingerprint: 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
key: "{{ keysite }}"
when: ansible_facts['os_family'] in ['RedHat', 'Suse']