# Safety check: make sure debian_codename is set.
- name: check that sane_debian_system_codename is set
  shell: |
    if [ "{{ sane_debian_system_codename }}" = "" ]
    then
        echo "You MUST set sane_debian_system_codename" 1>&2
        exit 1
    fi


# First update package lists. The ones that come with the image may be
# badly out of date.
#
# Use shell to run apt-get, rather than the Ansible apt module, so
# that we can pass in the --allow-releaseinfo--change option.
- name: update package lists
  shell: |
    apt-get update --allow-releaseinfo-change
  args:
    warn: false

- name: update package lists
  ignore_errors: yes
  apt:
    update_cache: yes
    cache_valid_time: 0

# Now install https transport for APT. This is installed before
# changing sources lists, so that if they happen to use https URLs apt
# will still work. apt-transport-https is in the main Debian archive,
# and we assume those are in the sources.list that come with the
# image.
- name: install apt-transport-https
  apt:
    name: apt-transport-https

- name: configure main sources.list
  template:
    src: sources.list.j2
    dest: /etc/apt/sources.list

- name: additional sources.list.d/*
  with_items: "{{ sane_debian_system_sources_lists }}"
  apt_repository:
    repo: "{{ item.repo }}"
    update_cache: no

- name: install gnupg and sudo
  apt:
    name:
      - gnupg
      - sudo

- name: add archive signing keys
  with_items: "{{ sane_debian_system_sources_lists }}"
  apt_key:
    data: "{{ item.signing_key }}"
    state: present
  when: item.signing_key is defined

# Use shell to run apt-get to update package lists so that we can pass
# in the --allow-releaseinfo--change option.
- name: update package lists
  shell: |
    apt-get update --allow-releaseinfo-change

- name: add archive keyrings
  with_items: "{{ sane_debian_system_sources_lists }}"
  apt:
    name: "{{ item.keyring_package }}"
  when: item.keyring_package is defined

- name: dist-upgrade so everything is up to date
  apt:
    upgrade: dist