Initial commit

roles/debian/tasks/3rd-party-apt-repository.yml

@@ -0,0 +1,25 @@
+- name: "Download key for {{ item.name }}"
+  become: yes
+  get_url:
+    url: "{{ key.url }}"
+    dest: "/etc/apt/keyrings/{{ key.name | default(item.name) }}.{{ key.format | default('asc') }}"
+    mode: u=rw,g=r,o=r
+  loop: "{{ item.sign_keys }}"
+  loop_control:
+    loop_var: key
+
+- name: "Setup apt repository for {{ item.name }}"
+  become: yes
+  deb822_repository:
+    name: "{{ item.name }}"
+    types: "{{ item.types | default('deb') }}"
+    uris: "{{ item.repositories }}"
+    suites: "{{ item.suites | default('stable') }}"
+    components: "{{ item.components | default('main') }}"
+    architectures: "{{ item.arch | default([ansible_architecture] | map('extract', deb_architecture) | first) }}"
+    # Note, the ugliness is needed since jinja2 makes it invalid otherwise
+    signed_by: "{%- set output = [] %}
+        {%- for result in item.sign_keys %}
+          {{- output.append('/etc/apt/keyrings/' ~ (result.name | default(item.name)) ~ '.' ~ (result.format | default('asc'))) }}
+        {%- endfor %}
+      {{- output | join(',') -}}"

roles/debian/tasks/main.yml

@@ -0,0 +1,23 @@
+- name: Ensure tools to add additional apt sources
+  tags: [repos]
+  become: yes
+  package:
+    name:
+    - ca-certificates
+    - curl
+    - gnupg
+    state: present
+    update_cache: true
+
+- name: Ensure additional apt sources
+  tags: [repos]
+  include_tasks: 3rd-party-apt-repository.yml
+  loop: "{{ apt_repositories }}"
+
+- name: Ensure system packages
+  become: yes
+  tags: [packages]
+  apt:
+    name: "{{ apt_packages }}"
+    state: present
+    update_cache: true

roles/debian/vars/main.yml

@@ -0,0 +1,4 @@
+deb_architecture:
+  aarch64: arm64
+  x86_64: amd64
+

roles/macos/tasks/main.yml

@@ -0,0 +1,12 @@
+- name: "Ensure brew-packages"
+  tags: [packages]
+  homebrew:
+    name: "{{ item }}"
+  loop: "{{ brew_packages }}"
+
+- name: "Ensure brew casks"
+  tags: [packages]
+  homebrew_cask:
+    name: "{{ item }}"
+  loop: "{{ brew_casks }}"
+