Using HTTPS Debian repos with Ansible

Annexe

This originally appeared on the Annexe.

If you use popular third-party Debian repos such as Sury, you need the apt-transport-https package first. If you use Ansible:

- name: Install dependencies
  apt:
    name: apt-transport-https
    state: present
- name: Install sury repo key
  apt_key:
    url: "https://packages.sury.org/php/apt.gpg"
    state: present
- name: Install sury repo
  apt_repository:
    repo: deb https://packages.sury.org/php/ {{ ansible_distribution_release }} main
    update_cache: yes

And naturally you’re also filtering outbound firewall traffic too, because you’re competent. In which case, make sure you’re permitting https traffic too:

- name: Enable outbound https
  ufw:
    rule: allow
    direction: out
    port: https

Author bio and support

Me!

Ruben Schade is a technical writer and IaaS engineer in Sydney, Australia who refers to himself in the third person in bios. Wait, not BIOS… my brain should be EFI by now.

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or buy some silly merch. Thanks!