Skip to content

Instantly share code, notes, and snippets.

@roib20

roib20/apt-repo-playbook.yaml

Last active December 4, 2025 11:22
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save roib20/27fde10af195cee1c1f8ac5f68be7e9b to your computer and use it in GitHub Desktop.
Download ZIP
Example usages of the new `deb822_repository` Ansible module
Raw
apt-repo-playbook.yaml
---
- hosts: localhost
connection: local
gather_facts: true
tasks:
- name: Add APT repositories
when: ansible_os_family == 'Debian'
become: true
block:
- name: Add VSCode APT repository
ansible.builtin.deb822_repository:
name: vscode
types: [deb]
uris: "https://packages.microsoft.com/repos/code"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: [stable]
components: [main]
state: present
enabled: yes
- name: Add google APT repository
ansible.builtin.deb822_repository:
name: google
types: [deb]
uris:
- "http://dl.google.com/linux/chrome/deb"
- "http://dl.google.com/linux/earth/deb"
signed_by: "https://dl.google.com/linux/linux_signing_key.pub"
suites: [stable]
components: [main]
state: present
enabled: yes
- name: Add Kubernetes APT repository
ansible.builtin.deb822_repository:
name: kubernetes
types: [deb]
uris: "https://apt.kubernetes.io"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [kubernetes-xenial]
components: [main]
state: present
enabled: yes
- name: Add google-cloud-cli APT repository
ansible.builtin.deb822_repository:
name: google-cloud-cli
types: [deb]
uris: "https://packages.cloud.google.com/apt"
signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
suites: [cloud-sdk]
components: [main]
state: present
enabled: yes
- name: Add Microsoft prod APT repository (Debian)
when: ansible_distribution == 'Debian'
ansible.builtin.deb822_repository:
name: packages-microsoft-com-prod
types: [deb]
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_major_version }}/prod"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Microsoft prod APT repository (Ubuntu)
when: ansible_distribution == 'Ubuntu'
ansible.builtin.deb822_repository:
name: packages-microsoft-com-prod
types: [deb]
uris: "https://packages.microsoft.com/{{ ansible_distribution|lower }}/{{ ansible_distribution_version }}/prod"
signed_by: "https://packages.microsoft.com/keys/microsoft.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Tailscale stable APT repository
ansible.builtin.deb822_repository:
name: tailscale-stable
types: [deb]
uris: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}"
signed_by: "https://pkgs.tailscale.com/stable/{{ ansible_distribution|lower }}/{{ ansible_distribution_release|lower }}.asc"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
- name: Add Hashicorp Stable APT repository
ansible.builtin.deb822_repository:
name: hashicorp
types: [deb]
uris: "https://apt.releases.hashicorp.com"
signed_by: "https://apt.releases.hashicorp.com/gpg"
suites: ["{{ ansible_distribution_release|lower }}"]
components: [main]
state: present
enabled: yes
@JohnRDOrazio
Copy link

JohnRDOrazio commented Sep 3, 2024

Note that the deb822_repository module requires the python3-debian package to be installed. This can be installed in a virtual environment with pip install python-debian.

The deb822 format allows signing keys to be included in the same .source file rather than added to the /etc/apt/trusted.gpg.d folder. This is a better approach because the signing key will be associated only with it's own repository, and not with all repositories globally. This will give a result as close as possible to the native add-apt-repository:

- name: Manage PHP PPA repository (deb822_repository)
  become: true
  ansible.builtin.deb822_repository:
    state: present
    name: "ondrej-ubuntu-php-{{ansible_distribution_release}}"
    types: [deb]
    uris: [https://ppa.launchpadcontent.net/ondrej/php/ubuntu]
    suites: ["{{ ansible_facts['distribution_release'] }}"]
    components: [main]
    signed_by: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      .
      mQINBGYo0vEBEAC0Semxy5I2b8exRUxJfTKkHR4f5uyS0dTd9vYgMI5T3gsa7ypH
      HtE+GiZC+T9m/F9h66+XJMxhuNsKRs7T2In5NSeso9H/ytlSTayUaBtCFfRp6y6b
      6ozuRBfqYJGxhjAnIzvNF/Wpp2BvfQm3OrQ7uJJrt5IvzLDC4jPxl/Xs3sTT+Hbk
      bkKKprZ3xmy2enuwBaNWR/CUtAz3hbkzL1kGbhX9m3QidFJagVVdDw3aNEwo8ush
      djWfF+BajNvpDFYJKBGQbCeagB753Baa5yIN62x+THLnLiKTMDS1e7U0ZDiV9671
      noTbtN5TeZeyfsEmeZ8X60x11JIP3yYHYZT70/DyTYX3WC9yQFyIgVOfRlGklMKI
      k3TLMmtq8w5Hz1vovwzV7PzaQnmY+uNP2ZbAP4fJ3iFAj0L+u0i1nOFgTy0Lq058
      O/FjRrQxuceDDCF+9ThspXMw3Puvz8giuBDCdEda84uC7XWMdqgz/maLfFQjAmyP
      Ixi1EMxMlHYyZajpR1cdCfrAIQlnQjHSWmyeCFgXPPfRA71aCcJ7oSrDjogW6Ahd
      HRkQRKf1FF9BFzycgSQotfR+7CKfPQh1kghufM9W/spARzA709nGZjXJzgEJLQd3
      CDB6dIIxT/0YI36h3Qgfmiiw4twO24MMEqEEPIELz2WJKeWGkdQdcekpxQARAQAB
      tB9MYXVuY2hwYWQgUFBBIGZvciBPbmTFmWVqIFN1csO9iQJOBBMBCgA4FiEEuNx+
      U5RmVu+85MHdcdrqq0rUyrYFAmYo0vECGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
      F4AACgkQcdrqq0rUyrYOPQ/+IArA4s1J3op/w7cXek0ieFHWHFDrxPYS+78/LF/J
      LoYZw0nIU5Ovr+LzehFMIQU6esgPXwbeCVgwLwat57augAkAYWT0UzH5dE6RKAGr
      C2vsHWVfPhQn6UndfzwXc0mTLGQni25aQaZ6k60Dbm/vblejrTQrtAUWoMO3Z1cr
      NDGJ3Z9DCxtr2o9gRYUI6HwLHJtobTIeI5xsr5x+GvXiIAVCPa3ZEuRL6jMQfqfS
      C43mpuiS1kGgsnQLs2DbN7EFCfiJoNX1QzZu25zg+IS9PXbCJnheZWnH0rwUSb/N
      hZPcSefGlNlhr824OfT30v79hQnw59XbsfV270O9jPbD4kttN+OiszbU66zsuiOh
      BO46XCckQPqDkBMw56GPFuVrQgGb1thXvn67URJgPyJhwauBWKPNAJ9Ojuo+yVq/
      hdR1VNWThXQbZgaGSWrbjt6FdYtQb9VX88uu5gFDmr180HogHNUDUcqNLLdnjfFs
      4DyJlusQ5I/a7cQ7nlkNgxAmHszwO/mGLBuGljDUYkwZDW9nqP1Q5Q2jMtrhgXvR
      2SOtufvecUbB7+eoRSaOnu7CNMATG6LocFEMzhKUde1uZTfWSqnYEcdqoFJMi46y
      qaNxhiNLsQ5OBMbgSp2zCbQxRBdITMVvBR5YjCetUIGEs6T1yQ5wh5Xpoi34ShHn
      v38=
      =kFlZ
      -----END PGP PUBLIC KEY BLOCK-----

- name: Manage Python PPA repository (deb822_repository)
  become: true
  ansible.builtin.deb822_repository:
    state: present
    name: "deadsnakes-ubuntu-ppa-{{ansible_distribution_release}}"
    types: [deb]
    uris: [https://ppa.launchpadcontent.net/deadsnakes/ppa/ubuntu/]
    suites: ["{{ ansible_facts['distribution_release'] }}"]
    components: [main]
    signed_by: |
      -----BEGIN PGP PUBLIC KEY BLOCK-----
      .
      mQINBFl8fYEBEADQmGZ6pDrwY9iH9DVlwNwTOvOZ7q7lHXPl/TLfMs1tckMc/D9a
      hsdBN9VWtMmo+RySvhkIe8X15r65TFs2HE8ft6j2e/4K472pObM1hB+ajiU/wYX2
      Syq7DBlNm6YMP5/SyQzRxqis4Ja1uUjW4Q5/Csdf5In8uMzXj5D1P7qOiP2aNa0E
      r3w6PXWRTuTihWZOsHv8npyVYDBRR6gEZbd3r86snI/7o8Bfmad3KjbxL7aOdNMw
      AqQFaNKl7Y+UJpv1CNFIf+twcOoC0se1SrsVJlAH9HNHM7XGQsPUwpNvQlcmvr+t
      1vVS2m72lk3gyShDuJpi1TifGw+DoTqu54U0k+0sZm4pnQVeiizNkefU2UqOoGlt
      4oiG9nIhSX04xRlGes3Ya0OjNI5b1xbcYoR+r0c3odI+UCw3VSZtKDX/xlH1o/82
      b8ouXeE7LA1i4DvGNj4VSvoxv4ggIznxMf+PkWXWKwRGsbAAXF52rr4FUaeaKoIU
      DkJqHXAxrB3PQslZ+ZgBEukkQZF76NkqRqP1E7FXzZZMo2eEL7vtnhSzUlanOf42
      ECBoWHVoZQaRFMNbGpqlg9aWedHGyetMStS3nH1sqanr+i4I8VR/UH+ilarPTW3T
      E0apWlsH8+N3IKbRx2wgrRZNoQEuyVtvyewDFYShJB3Zxt7VCy67vKAl1QARAQAB
      tBxMYXVuY2hwYWQgUFBBIGZvciBkZWFkc25ha2VziQI4BBMBAgAiBQJZfH2BAhsD
      BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRC6aTI2anVXdvwhD/4oI3yckeKn
      9aJNNTJsyw4ydMkIAOdG+jbZsYv/rN73UVQF1RA8HC71SDmbd0Nu80koBOX+USuL
      vvhoMIsARlD5dLx5f/zaQcYWJm/BtsMF/eZ4s1xsenwW6PpXd8FpaTn1qtg/8+O9
      99R4uSetAhhyf1vSRb/8U0sgSQd38mpZZFq352UuVisXnmCThj621loQubYJ3lwU
      LSLs8wmgo4XIYH7UgdavV9dfplPh0M19RHQL3wTyQP2KRNRq1rG7/n1XzUwDyqY6
      eMVhdVhvnxAGztvdFCySVzBRr/rCw6quhcYQwBqdqaXhz63np+4mlUNfd8Eu+Vas
      b/tbteF/pDu0yeFMpK4X09Cwn2kYYCpq4XujijW+iRWb4MO3G8LLi8oBAHP/k0CM
      /QvSRbbG8JDQkQDH37Efm8iE/EttJTixjKAIfyugmvEHfcrnxaMoBioa6h6McQrM
      vI8bJirxorJzOVF4kY7xXvMYwjzaDC8G0fTA8SzQRaShksR3USXZjz8vS6tZ+YNa
      mRHPoZ3Ua0bz4t2aCcu/fknVGsXcNBazNIK9WF2665Ut/b7lDbojXsUZ3PpuqOoe
      GQL9LRj7nmCI6ugoKkNp8ZXcGJ8BGw37Wep2ztyzDohXp6f/4mGgy2KYV9R4S8D5
      yBDUU6BS7Su5nhQMStfdfr4FffLmnvFC9w==
      =7hFk
      -----END PGP PUBLIC KEY BLOCK-----

@UnknownPlatypus
Copy link

UnknownPlatypus commented Oct 17, 2024

A few more examples with mozilla, spotify, tableplus and mongoDB 8.0:

- name: Add Mozilla APT repository
  ansible.builtin.deb822_repository:
    name: mozilla
    types: [deb]
    uris: https://packages.mozilla.org/apt
    signed_by: https://packages.mozilla.org/apt/repo-signing-key.gpg
    suites: [mozilla]
    components: [main]
    enabled: true

- name: Add Spotify APT repository
  ansible.builtin.deb822_repository:
    name: spotify
    types: [deb]
    uris: http://repository.spotify.com
    signed_by: https://download.spotify.com/debian/pubkey_6224F9941A8AA6D1.gpg
    suites: [stable]
    components: [non-free]
    enabled: true

- name: Add TablePlus APT repository
  ansible.builtin.deb822_repository:
    name: tableplus
    types: [deb]
    uris: "https://deb.tableplus.com/debian/{{ ansible_distribution_major_version }}"
    signed_by: https://deb.tableplus.com/apt.tableplus.com.gpg.key
    suites: [tableplus]
    components: [main]
    enabled: true

- name: Add MongoDB 8.0 repository
  ansible.builtin.deb822_repository:
    name: mongodb-org-8.0
    types: [deb]
    uris: "https://repo.mongodb.org/apt/{{ ansible_distribution|lower }}"
    signed_by: https://www.mongodb.org/static/pgp/server-8.0.asc
    suites: ["{{ ansible_distribution_release|lower }}/mongodb-org/8.0"]
    components: [multiverse]
    enabled: true

@pjg11
Copy link

pjg11 commented Aug 16, 2025
edited
Loading 

- name: Add Grafana APT repository
  deb822_repository:
    name: grafana
    types: [deb]
    uris: "https://packages.grafana.com/oss/deb"
    signed_by: "https://packages.grafana.com/gpg.key"
    suites: [stable]
    components: [main]
    state: present
    enabled: true

@seevee
Copy link

seevee commented Aug 16, 2025
edited
Loading 

- name: Add nvidia-cuda APT repository (debian)
  ansible.builtin.deb822_repository:
    name: nvidia-cuda
    types: [deb]
    uris: "https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64"
    signed_by: "https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/3bf863cc.pub"
    suites: [/]
    state: present
    enabled: true

- name: Add nvidia-container APT repository
  ansible.builtin.deb822_repository:
    name: nvidia-container
    types: [deb]
    uris: "https://nvidia.github.io/libnvidia-container/stable/deb/amd64"
    signed_by: "https://nvidia.github.io/libnvidia-container/gpgkey"
    suites: [/]
    state: present
    enabled: true

- name: Add coral-edgetpu APT repository
  ansible.builtin.deb822_repository:
    name: coral-edgetpu
    types: [deb]
    uris: "https://packages.cloud.google.com/apt"
    signed_by: "https://packages.cloud.google.com/apt/doc/apt-key.gpg"
    suites: [coral-edgetpu-stable]
    components: [main]
    state: present
    enabled: true

@hegerdes
Copy link

hegerdes commented Aug 29, 2025

For gitlab-runner:

- name: Add gitlab-runner repository
  ansible.builtin.deb822_repository:
    name: gitlab-runner
    types: [deb]
    uris: "https://packages.gitlab.com/runner/gitlab-runner/{{ ansible_distribution | lower }}/"
    signed_by: https://packages.gitlab.com/runner/gitlab-runner/gpgkey
    suites: ["{{ ansible_distribution_release | lower }}"]
    components: [main]
    state: present
    enabled: true

@Halfwalker
Copy link

Halfwalker commented Sep 19, 2025

I dont suppose there's any clean way to force the deb822 module to download keys to /usr/share/keyrings ? They really should not be dropping into /etc/apt/trusted.gpg ...

I really don't want to have to do a few tasks to move the key and update the .sources file :(

@nuBacuk
Copy link

nuBacuk commented Nov 19, 2025
edited
Loading 

- name: Add Helm repo
  ansible.builtin.deb822_repository:
    name: Helm stable
    types: [deb]
    uris: https://packages.buildkite.com/helm-linux/helm-debian/any/
    suites: any
    components:
      - main
    signed_by: https://packages.buildkite.com/helm-linux/helm-debian/gpgkey
    state: present
    enabled: true

@Kimbaras
Copy link

Kimbaras commented Dec 4, 2025

Hi all,

Not sure if this is the right place to ask, if not sorry.

I want to edit the default debian repo provided by proxmox which is as follows:

/etc/apt/sources.list.d/debian.sources

with contents:

Types: deb
URIs: http://deb.debian.org/debian/
Suites: trixie trixie-updates
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Types: deb
URIs: http://security.debian.org/debian-security/
Suites: trixie-security
Components: main contrib non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg

Using the ansible module I can create two separate repos with different names, but I wasn't able to find a way to put multiple configs inside a single fil. Is there something I'm missing from my side or it's not (yet) supported by ansible such configuration?

Sorry again if it's not the right place to ask but this is one of the few results that pops up on the matter...

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment