Make use of other keyring (#19)

* Make use of other keyring

* Cleanup

* Fix missing variable

* Cleanup

.github/workflows/ci.yml

@@ -45,6 +45,7 @@ jobs:
       matrix:
         include:
           - distro: debian10
+            ansible-version: '>=9, <10'
           - distro: debian11
           - distro: debian12
           - distro: ubuntu1804

README.md

@@ -7,13 +7,13 @@ Set up the latest version of [Docker Engine](https://docs.docker.com/engine/) in
 
 #### Requirements
 
-* `apt-transport-https` (will be installed)
-* `ca-certificates` (will be installed)
-* `curl` (will be installed)
 * `software-properties-common` (will be installed)
+* `dirmngr` (will be installed)
+* `apt-transport-https` (will be installed)
+* `wget` (will be installed)
 * `apparmor` (will be installed)
-* `linux-image-extra-virtual` (will be installed, Ubuntu only)
-* `cgroup-lite` (will be installed, Ubuntu only)
+* `linux-image-extra-virtual` (will be installed, `Ubuntu` only)
+* `cgroup-lite` (will be installed, `Ubuntu` only)
 
 #### Variables
 
@@ -22,8 +22,8 @@ Set up the latest version of [Docker Engine](https://docs.docker.com/engine/) in
 * `docker_etc_default_http_proxy` [optional]: If you need Docker to use an HTTP proxy, it can (also) be specified here (e.g. `http://127.0.0.1:3128/`)
 * `docker_etc_default_tmpdir` [optional]: This is also a handy place to tweak where Docker's temporary files go (e.g. `/mnt/bigdrive/docker-tmp`)
 
-* `docker_manage_ufw` [default: `true`]: Whether or not `ufw` should be managed (change default `FORWARD` policy) by this role
-* `docker_manage_updatedb` [default: `true`]: Whether or not `updatedb` should be managed (disable indexing of `/var/lib/docker`) by this role
+* `docker_manage_ufw` [default: `true`]: Whether `ufw` should be managed (change default `FORWARD` policy) by this role
+* `docker_manage_updatedb` [default: `true`]: Whether `updatedb` should be managed (disable indexing of `/var/lib/docker`) by this role
 
 ## Dependencies
 

tasks/repository.yml

@@ -1,65 +1,38 @@
 # tasks file
 ---
-- name: repository | dependencies
+- name: repository | install dependencies (pre)
   ansible.builtin.apt:
     name: "{{ ' '.join(docker_dependencies_pre).split() }}"
     state: "{{ apt_install_state | default('latest') }}"
     update_cache: true
     cache_valid_time: "{{ apt_update_cache_valid_time | default(3600) }}"
   tags:
-    - docker-repository-dependencies
+    - docker-repository-install-dependencies
 
-# Old python (TLS issues)
-- name: repository | old python
-  when: ansible_python_version is version('2.7.9', '<')
-  block:
-    - name: repository | create (download) directory
-      ansible.builtin.file:
-        path: "{{ docker_downloads_path }}"
-        state: directory
-        owner: root
-        group: root
-        mode: 0755
-      tags:
-        - docker-repository-directory
-        - docker-repository-directory-create
-
-    - name: repository | download public key  # noqa command-instead-of-module
-      ansible.builtin.command: >
-        curl -sSL {{ item.url }} -o {{ docker_downloads_path }}/{{ item.id }}.key
-      args:
-        creates: "{{ docker_downloads_path }}/{{ item.id }}.key"
-      with_items: "{{ docker_apt_keys }}"
-      tags:
-        - docker-repository-public-key
-
-    - name: repository | add public key
-      ansible.builtin.apt_key:
-        id: "{{ item.id }}"
-        file: "{{ docker_downloads_path }}/{{ item.id }}.key"
-        state: present
-      with_items: "{{ docker_apt_keys }}"
-      tags:
-        - docker-repository-public-key
+- name: repository | (keyrings) directory | create
+  ansible.builtin.file:
+    path: "{{ docker_keyring_dst | dirname }}"
+    state: directory
+    owner: root
+    group: root
+    mode: 0755
+  tags:
+    - docker-repository-keyrings-directory-create
 
-# New python
-- name: repository | new python
-  when: ansible_python_version is version('2.7.9', '>=')
-  block:
-    - name: repository | add public key
-      ansible.builtin.apt_key:
-        id: "{{ item.id }}"
-        url: "{{ item.url }}"
-        state: present
-      with_items: "{{ docker_apt_keys }}"
-      tags:
-        - docker-repository-public-key
+- name: repository | (keyring) file | download  # noqa command-instead-of-module risky-shell-pipe
+  ansible.builtin.shell: >
+    wget -O {{ docker_keyring_dst }} {{ docker_keyring_src }}
+  args:
+    creates: "{{ docker_keyring_dst }}"
+  tags:
+    - docker-repository-keyring-file-download
 
 - name: repository | add
   ansible.builtin.apt_repository:
     repo: "{{ item.type }} {{ item.url }} {{ item.component }}"
-    state: present
+    state: "{{ item.state | default('present') }}"
     update_cache: true
+    mode: 0644
   with_items: "{{ docker_apt_repositories }}"
   tags:
     - docker-repository-add

vars/main.yml

@@ -1,25 +1,25 @@
 # vars file
 ---
+docker_keyring_src: https://download.docker.com/linux/ubuntu/gpg
+docker_keyring_dst: /usr/share/keyrings/docker.asc
+docker_apt_repositories:
+  - type: "deb [arch=amd64 signed-by={{ docker_keyring_dst }}]"
+    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }}"
+    component: stable
+  - type: 'deb [arch=amd64]'
+    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }}"
+    component: stable
+    state: absent
+
 docker_dependencies_pre:
   - software-properties-common
   - dirmngr
-  - gpg-agent
   - apt-transport-https
-  - curl
+  - wget
   - apparmor
   - "{{ (ansible_distribution == 'Ubuntu') | ternary('linux-image-extra-virtual', '') }}"
   - "{{ (ansible_distribution == 'Ubuntu') | ternary('cgroup-lite', '') }}"
 
-docker_apt_keys:
-  - id: 8D81803C0EBFCD88
-    url: https://download.docker.com/linux/ubuntu/gpg
-docker_apt_repositories:
-  - type: 'deb [arch=amd64]'
-    url: "https://download.docker.com/linux/{{ ansible_distribution | lower }} {{ ansible_distribution_release }}"
-    component: stable
-
-docker_downloads_path: /var/lib/ansible/docker/downloads
-
 docker_dependencies:
   - docker-ce