Added key signing for apt repos.
authorLuke Hoersten <luke@hoersten.org>
Fri, 21 Oct 2022 21:58:58 -0500
changeset 197 1cc658995a70
parent 196 e07868e39791
child 198 e1f873a07ea2
Added key signing for apt repos.
homebridge/tasks/main.yaml
plex/tasks/main.yaml
prometheus/server/tasks/main.yaml
rpi-base/tasks/main.yaml
--- a/homebridge/tasks/main.yaml	Wed Oct 19 09:17:03 2022 -0500
+++ b/homebridge/tasks/main.yaml	Fri Oct 21 21:58:58 2022 -0500
@@ -4,12 +4,12 @@
   become: yes
   get_url:
     url: "https://repo.homebridge.io/KEY.gpg"
-    dest: /etc/apt/trusted.gpg.d/homebridge.asc
+    dest: "/etc/apt/trusted.gpg.d/homebridge.asc"
     mode: "0644"
 
 - name: add homebridge apt repo
   become: yes
-  apt_repository: repo="deb https://repo.homebridge.io stable main"
+  apt_repository: repo="deb [signed-by=/etc/apt/trusted.gpg.d/homebridge.asc] https://repo.homebridge.io stable main"
 
 - name: apt install homebridge
   become: yes
--- a/plex/tasks/main.yaml	Wed Oct 19 09:17:03 2022 -0500
+++ b/plex/tasks/main.yaml	Fri Oct 21 21:58:58 2022 -0500
@@ -6,12 +6,12 @@
   become: yes
   get_url:
     url: "https://downloads.plex.tv/plex-keys/PlexSign.key"
-    dest: /etc/apt/trusted.gpg.d/plex.asc
+    dest: "/etc/apt/trusted.gpg.d/plex.asc"
     mode: "0644"
 
 - name: add plex apt repo
   become: yes
-  apt_repository: repo="deb http://downloads.plex.tv/repo/deb public main"
+  apt_repository: repo="deb [signed-by=/etc/apt/trusted.gpg.d/plex.asc] http://downloads.plex.tv/repo/deb public main"
   notify: restart plex service
 
 - name: update apt package cache
--- a/prometheus/server/tasks/main.yaml	Wed Oct 19 09:17:03 2022 -0500
+++ b/prometheus/server/tasks/main.yaml	Fri Oct 21 21:58:58 2022 -0500
@@ -4,12 +4,12 @@
   become: yes
   get_url:
     url: "https://packages.grafana.com/gpg.key"
-    dest: /etc/apt/trusted.gpg.d/grafana.asc
+    dest: "/etc/apt/trusted.gpg.d/grafana.asc"
     mode: "0644"
 
 - name: add grafana apt repo
   become: yes
-  apt_repository: repo="deb https://packages.grafana.com/oss/deb stable main"
+  apt_repository: repo="deb [signed-by=/etc/apt/trusted.gpg.d/grafana.asc] https://packages.grafana.com/oss/deb stable main"
 
 - name: install prometheus and grafana
   become: yes
--- a/rpi-base/tasks/main.yaml	Wed Oct 19 09:17:03 2022 -0500
+++ b/rpi-base/tasks/main.yaml	Fri Oct 21 21:58:58 2022 -0500
@@ -13,12 +13,12 @@
   become: yes
   get_url:
     url: "https://azlux.fr/repo.gpg.key"
-    dest: /etc/apt/trusted.gpg.d/log2ram.asc
+    dest: "/etc/apt/trusted.gpg.d/log2ram.asc"
     mode: "0644"
 
 - name: add log2ram apt repo
   become: yes
-  apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main"
+  apt_repository: repo="deb [signed-by=/etc/apt/trusted.gpg.d/log2ram.asc] http://packages.azlux.fr/debian/ buster main"
 
 - name: set timezone
   become: yes