fix: Manage repositories

defaults/main.yml

@@ -7,11 +7,24 @@ apt_distribution_sections: main
 
 apt_repositories: []
 # Exemple:
+#   - name: sid
+#     url: http://deb.debian.org/debian
+#     suites: sid
+#     components: main
+#     key_path: /usr/share/keyrings/debian-archive-keyring.gpg
 #   - name: incus
-#     key: https://pkgs.zabbly.com/key.asc
 #     url: https://pkgs.zabbly.com/incus/stable
-#     distribution_release: bookworm
-#     distribution_section: main
+#     suites: bookworm
+#     components: main
+#     key_url: https://pkgs.zabbly.com/key.asc
+#     key_path: /etc/apt/keyrings/incus.asc
+
+apt_preferences: []
+# Exemple:
+#   - filename: sid
+#     package: "*"
+#     pin: release n=sid
+#     priority: 100
 
 apt_remove: []
 apt_install: []

tasks/main.yml

@@ -8,7 +8,6 @@
 - name: Importer les tâches d'ajout de dépôts tiers
   ansible.builtin.import_tasks:
     file: repositories.yml
-  when: apt_repositories | length > 0
 
 - name: Exécuter les handlers
   meta: flush_handlers

tasks/repositories.yml

@@ -3,10 +3,13 @@
 
 - name: Télécharger la clef du dépôt
   ansible.builtin.get_url:
-    url: "{{ item.key }}"
-    dest: "/etc/apt/keyrings/{{ item.name }}.asc"
+    url: "{{ item.key_url }}"
+    dest: "{{ item.key_path }}"
     mode: u=rw,g=r,o=r
   become: true
+  when:
+    - apt_repositories | length > 0
+    - item.get('key_url', '') | length > 0
   loop: "{{ apt_repositories }}"
   loop_control:
     label: "{{ item.name }}"
@@ -14,13 +17,28 @@
 
 - name: Ajouter le dépôt
   ansible.builtin.template:
-    src: repository.list.j2
-    dest: /etc/apt/sources.list.d/{{ item.name }}.list
+    src: repository.sources.j2
+    dest: /etc/apt/sources.list.d/{{ item.name }}.sources
     owner: root
     group: root
     mode: u=rw,g=r,o=r
+  when: apt_repositories | length > 0
   become: true
   loop: "{{ apt_repositories }}"
   loop_control:
     label: "{{ item.name }}"
   notify: Mettre à jour le cache
+
+- name: Ajouter le fichier de priorité
+  ansible.builtin.template:
+    src: preferences.j2
+    dest: /etc/apt/preferences.d/{{ item.priority }}-{{ item.name }}
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  when: apt_preferences | length > 0
+  become: true
+  loop: "{{ apt_preferences }}"
+  loop_control:
+    label: "{{ item.name }}"
+  notify: Mettre à jour le cache

templates/apt.conf.j2

@@ -1,6 +1,6 @@
 # {{ ansible_managed }}
 
-APT::Default-Release "{{ apt_distribution_release }}";
+APT::Default-Release "stable";
 APT::Install-Recommends "false";
 APT::Install-Suggests "false";
 APT::Get::Show-Versions "true";

templates/debian.sources.list.j2

@@ -3,7 +3,7 @@
 {% if apt_distribution_release == "sid" %}
 Types: deb
 URIs: https://deb.debian.org/debian
-Suites: {{ apt_distribution_release }} {{ apt_distribution_release }}-updates {{ apt_distribution_release }}-backports
+Suites: {{ apt_distribution_release }}
 Components: {{ apt_distribution_sections }}
 Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
 {% else %}

templates/preferences.j2

@@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+Package: {{ item.package }}
+Pin: {{ item.pin }}
+Pin-Priority: {{ item.priority }}

templates/repository.list.j2

@@ -1,3 +0,0 @@
-# {{ ansible_managed }}
-
-deb [signed-by=/etc/apt/keyrings/{{ item.name }}.asc] {{ item.url }} {{ item.distribution_release }} {{ item.distribution_section }}

templates/repository.sources.j2

@@ -0,0 +1,7 @@
+# {{ ansible_managed }}
+
+Types: deb
+URIs: {{ item.url }}
+Suites: {{ item.suites }}
+Components: {{ item.components }}
+Signed-By: {{ item.key_path }}