---
# file: roles/haproxy/tasks/install_debian.yml

- name: "remove legacy key from apt-key"
  apt_key:
    id: "AEF2348766F371C689A7360095A42FE8353525F9"
    state: absent

- name: "make sure /etc/apt/keyrings exists"
  file:
    path: "/etc/apt/keyrings"
    state: directory

- name: "download modern signature key"
  get_url:
    url: "https://haproxy.debian.net/bernat.debian.org.gpg"
    dest: "/dev/shm/bernat.debian.org.gpg"
  changed_when: false

- name: "install modern signature key"
  shell:
    cmd: "cat /dev/shm/bernat.debian.org.gpg | gpg --dearmor -o /etc/apt/keyrings/haproxy.debian.net.gpg"
    creates: "/etc/apt/keyrings/haproxy.debian.net.gpg"

- name: "repository file"
  copy:
    content: "deb [arch=amd64 signed-by=/etc/apt/keyrings/haproxy.debian.net.gpg] http://haproxy.debian.net {{ ansible_distribution_release }}-backports-{{ haproxy_version }} main\n"
    dest: "/etc/apt/sources.list.d/haproxy_debian_net.list"
  register: repository

- name: "refresh apt if repo was modified"
  apt:
    update_cache: yes
  when: repository.changed

- name: "set fact to install latest version of software when the repository changed"
  set_fact:
    apt_state: "latest"
  when: repository.changed

- name: "install haproxy"
  apt:
    name:
      - haproxy
    state: "{{ apt_state | default('present') }}"
    default_release: "{{ ansible_distribution_release }}-backports-{{ haproxy_version }}"