# Safety check: make sure debian_codename is set.
- name: check that debian_codename is set
  shell: |
    if [ "{{ debian_codename }}" = "" ]
    then
        echo "You MUST set debian_codename" 1>&2
        exit 1
    fi


# First update package lists. The ones that come with the image may be
# badly out of date.
#
# Ignore any error here so that later tasks can fix things such as a badly
# formed sources.list.
- name: update package lists
  ignore_errors: yes
  apt:
    update_cache: yes
    cache_valid_time: 0

# Now install https transport for APT. This is installed before
# changing sources lists, so that if they happen to use https URLs apt
# will still work. apt-transport-https is in the main Debian archive,
# and we assume those are in the sources.list that come with the
# image.
#
# Ignore any error here so that later tasks can fix things such as a badly
# formed sources.list.
- name: install apt-transport-https
  ignore_errors: yes
  apt:
    name: apt-transport-https

- name: configure main sources.list
  template:
    src: sources.list.j2
    dest: /etc/apt/sources.list

- name: additional sources.list.d/*
  with_items: "{{ sources_lists }}"
  apt_repository:
    repo: "{{ item.repo }}"
    update_cache: no

- name: add archive signing keys
  with_items: "{{ sources_lists }}"
  apt_key:
    data: "{{ item.signing_key }}"
    state: present
  when: item.signing_key is defined

- name: update package lists
  apt:
    update_cache: yes
    cache_valid_time: 0

- name: add archive keyrings
  with_items: "{{ sources_lists }}"
  apt:
    name: "{{ item.keyring_package }}"
  when: item.keyring_package is defined

- name: dist-upgrade so everything is up to date
  apt:
    upgrade: dist