From 028beb4ea038e7db3656ef3e262d1ec0edde3029 Mon Sep 17 00:00:00 2001
From: "pulsar89.5" <pulsar89.5@ykn.fr>
Date: Mon, 3 Jun 2024 18:05:23 +0200
Subject: [PATCH] fix: Manage repositories

---
 defaults/main.yml                | 19 ++++++++++++++++---
 tasks/main.yml                   |  1 -
 tasks/repositories.yml           | 26 ++++++++++++++++++++++----
 templates/apt.conf.j2            |  2 +-
 templates/debian.sources.list.j2 |  2 +-
 templates/preferences.j2         |  5 +++++
 templates/repository.list.j2     |  3 ---
 templates/repository.sources.j2  |  7 +++++++
 8 files changed, 52 insertions(+), 13 deletions(-)
 create mode 100644 templates/preferences.j2
 delete mode 100644 templates/repository.list.j2
 create mode 100644 templates/repository.sources.j2

diff --git a/defaults/main.yml b/defaults/main.yml
index dd17733..ee0a406 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,11 +7,24 @@ apt_distribution_sections: main
 
 apt_repositories: []
 # Exemple:
+#   - name: sid
+#     url: http://deb.debian.org/debian
+#     suites: sid
+#     components: main
+#     key_path: /usr/share/keyrings/debian-archive-keyring.gpg
 #   - name: incus
-#     key: https://pkgs.zabbly.com/key.asc
 #     url: https://pkgs.zabbly.com/incus/stable
-#     distribution_release: bookworm
-#     distribution_section: main
+#     suites: bookworm
+#     components: main
+#     key_url: https://pkgs.zabbly.com/key.asc
+#     key_path: /etc/apt/keyrings/incus.asc
+
+apt_preferences: []
+# Exemple:
+#   - filename: sid
+#     package: "*"
+#     pin: release n=sid
+#     priority: 100
 
 apt_remove: []
 apt_install: []
diff --git a/tasks/main.yml b/tasks/main.yml
index 12e21c8..bb6b8d7 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,7 +8,6 @@
 - name: Importer les tâches d'ajout de dépôts tiers
   ansible.builtin.import_tasks:
     file: repositories.yml
-  when: apt_repositories | length > 0
 
 - name: Exécuter les handlers
   meta: flush_handlers
diff --git a/tasks/repositories.yml b/tasks/repositories.yml
index aa40b49..145cc1e 100644
--- a/tasks/repositories.yml
+++ b/tasks/repositories.yml
@@ -3,10 +3,13 @@
 
 - name: Télécharger la clef du dépôt
   ansible.builtin.get_url:
-    url: "{{ item.key }}"
-    dest: "/etc/apt/keyrings/{{ item.name }}.asc"
+    url: "{{ item.key_url }}"
+    dest: "{{ item.key_path }}"
     mode: u=rw,g=r,o=r
   become: true
+  when:
+    - apt_repositories | length > 0
+    - item.get('key_url', '') | length > 0
   loop: "{{ apt_repositories }}"
   loop_control:
     label: "{{ item.name }}"
@@ -14,13 +17,28 @@
 
 - name: Ajouter le dépôt
   ansible.builtin.template:
-    src: repository.list.j2
-    dest: /etc/apt/sources.list.d/{{ item.name }}.list
+    src: repository.sources.j2
+    dest: /etc/apt/sources.list.d/{{ item.name }}.sources
     owner: root
     group: root
     mode: u=rw,g=r,o=r
+  when: apt_repositories | length > 0
   become: true
   loop: "{{ apt_repositories }}"
   loop_control:
     label: "{{ item.name }}"
   notify: Mettre à jour le cache
+
+- name: Ajouter le fichier de priorité
+  ansible.builtin.template:
+    src: preferences.j2
+    dest: /etc/apt/preferences.d/{{ item.priority }}-{{ item.name }}
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  when: apt_preferences | length > 0
+  become: true
+  loop: "{{ apt_preferences }}"
+  loop_control:
+    label: "{{ item.name }}"
+  notify: Mettre à jour le cache
diff --git a/templates/apt.conf.j2 b/templates/apt.conf.j2
index 71511ee..e657c4b 100644
--- a/templates/apt.conf.j2
+++ b/templates/apt.conf.j2
@@ -1,6 +1,6 @@
 # {{ ansible_managed }}
 
-APT::Default-Release "{{ apt_distribution_release }}";
+APT::Default-Release "stable";
 APT::Install-Recommends "false";
 APT::Install-Suggests "false";
 APT::Get::Show-Versions "true";
diff --git a/templates/debian.sources.list.j2 b/templates/debian.sources.list.j2
index fc422df..3f717f8 100644
--- a/templates/debian.sources.list.j2
+++ b/templates/debian.sources.list.j2
@@ -3,7 +3,7 @@
 {% if apt_distribution_release == "sid" %}
 Types: deb
 URIs: https://deb.debian.org/debian
-Suites: {{ apt_distribution_release }} {{ apt_distribution_release }}-updates {{ apt_distribution_release }}-backports
+Suites: {{ apt_distribution_release }}
 Components: {{ apt_distribution_sections }}
 Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
 {% else %}
diff --git a/templates/preferences.j2 b/templates/preferences.j2
new file mode 100644
index 0000000..2d29ad2
--- /dev/null
+++ b/templates/preferences.j2
@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+Package: {{ item.package }}
+Pin: {{ item.pin }}
+Pin-Priority: {{ item.priority }}
diff --git a/templates/repository.list.j2 b/templates/repository.list.j2
deleted file mode 100644
index c77d276..0000000
--- a/templates/repository.list.j2
+++ /dev/null
@@ -1,3 +0,0 @@
-# {{ ansible_managed }}
-
-deb [signed-by=/etc/apt/keyrings/{{ item.name }}.asc] {{ item.url }} {{ item.distribution_release }} {{ item.distribution_section }}
diff --git a/templates/repository.sources.j2 b/templates/repository.sources.j2
new file mode 100644
index 0000000..5c45448
--- /dev/null
+++ b/templates/repository.sources.j2
@@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+Types: deb
+URIs: {{ item.url }}
+Suites: {{ item.suites }}
+Components: {{ item.components }}
+Signed-By: {{ item.key_path }}