Skip to content

Commit 5b1d90e

Browse files
ildocildoc
committed
opentofu
1 parent d994544 commit 5b1d90e

File tree

2 files changed

+82
-1
lines changed

2 files changed

+82
-1
lines changed

.gitlab/ci/invidious.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ update_invidious:
1616
name: registry.gitlab.local.ildoc.it/devops/ansible-vault:92eaccbb67b7fa59dce7de1a69887132bee8fe51
1717
entrypoint: [""]
1818
extends:
19-
# - .rules_update_invidious
19+
- .rules_update_invidious
2020
- .ssh_setup
2121
variables:
2222
SERVER_IP: $INVIDIOUS_SSH_SERVER_IP

ansible/roles/opentofu/templates/main.yaml

Lines changed: 81 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
---
2+
- name: Install required packages
3+
ansible.builtin.apt:
4+
name:
5+
- apt-transport-https
6+
- ca-certificates
7+
- curl
8+
- gnupg
9+
state: present
10+
update_cache: yes
11+
cache_valid_time: 3600
12+
13+
- name: Ensure /etc/apt/keyrings directory exists
14+
ansible.builtin.file:
15+
path: /etc/apt/keyrings
16+
state: directory
17+
mode: '0755'
18+
19+
- name: Download OpenTofu GPG key if not present
20+
ansible.builtin.get_url:
21+
url: https://get.opentofu.org/opentofu.gpg
22+
dest: /etc/apt/keyrings/opentofu.gpg
23+
mode: '0644'
24+
force: no
25+
register: gpg_downloaded
26+
27+
- name: Check if opentofu-repo.gpg exists
28+
ansible.builtin.stat:
29+
path: /etc/apt/keyrings/opentofu-repo.gpg
30+
register: repo_gpg_check
31+
32+
- name: Download and dearmor OpenTofu repo GPG key
33+
ansible.builtin.shell: |
34+
curl -fsSL https://packages.opentofu.org/opentofu/tofu/gpgkey | \
35+
gpg --no-tty --batch --dearmor -o /etc/apt/keyrings/opentofu-repo.gpg
36+
args:
37+
creates: /etc/apt/keyrings/opentofu-repo.gpg
38+
when: not repo_gpg_check.stat.exists
39+
register: repo_gpg_downloaded
40+
41+
- name: Ensure correct permissions on GPG key files
42+
ansible.builtin.file:
43+
path: "{{ item }}"
44+
mode: '0644'
45+
loop:
46+
- /etc/apt/keyrings/opentofu.gpg
47+
- /etc/apt/keyrings/opentofu-repo.gpg
48+
when: gpg_downloaded.changed or repo_gpg_downloaded.changed or repo_gpg_check.stat.exists
49+
50+
- name: Add OpenTofu binary apt repository
51+
ansible.builtin.apt_repository:
52+
repo: "deb [signed-by=/etc/apt/keyrings/opentofu.gpg,/etc/apt/keyrings/opentofu-repo.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main"
53+
filename: opentofu
54+
state: present
55+
update_cache: no
56+
register: repo_added
57+
58+
- name: Add OpenTofu source apt repository
59+
ansible.builtin.apt_repository:
60+
repo: "deb-src [signed-by=/etc/apt/keyrings/opentofu.gpg,/etc/apt/keyrings/opentofu-repo.gpg] https://packages.opentofu.org/opentofu/tofu/any/ any main"
61+
filename: opentofu-src
62+
state: present
63+
update_cache: no
64+
register: src_repo_added
65+
66+
- name: Update apt cache if any repository or GPG changed
67+
ansible.builtin.apt:
68+
update_cache: yes
69+
when: gpg_downloaded.changed or repo_gpg_downloaded.changed or repo_added.changed or src_repo_added.changed
70+
71+
- name: Check if OpenTofu is already installed
72+
ansible.builtin.command: dpkg-query -W -f='${Status}' tofu
73+
register: tofu_check
74+
changed_when: false
75+
failed_when: false
76+
77+
- name: Install OpenTofu
78+
ansible.builtin.apt:
79+
name: tofu
80+
state: present
81+
when: tofu_check.rc != 0 or "'install ok installed'" not in tofu_check.stdout

0 commit comments

Comments
 (0)