Add extrepo tasks for managing external repositories in Debian

roles/common/tasks/cron.yml

@@ -1,5 +1,82 @@
 ---
 
+- name: (cron.yml) Define candidate paths for root crontab PATH
+  ansible.builtin.set_fact:
+    cron_root_path_candidates:
+      - /root/bin/admin-stuff
+      - /root/bin
+      - /usr/local/apache2/bin
+      - /usr/local/php/bin
+      - /usr/local/sbin
+      - /usr/local/bin
+      - /usr/sbin
+      - /usr/bin
+      - /sbin
+      - /bin
+  tags:
+    - user_crontab
+
+- name: (cron.yml) Check candidate paths for root crontab PATH
+  ansible.builtin.stat:
+    path: "{{ item }}"
+  loop: "{{ cron_root_path_candidates }}"
+  register: cron_root_path_stats
+  tags:
+    - user_crontab
+
+- name: (cron.yml) Build validated root crontab PATH
+  ansible.builtin.set_fact:
+    cron_root_path: >-
+      {{
+        cron_root_path_stats.results
+        | selectattr('stat.exists')
+        | map(attribute='stat.path')
+        | join(':')
+      }}
+  tags:
+    - user_crontab
+
+- name: (cron.yml) Check if root crontab already exists
+  ansible.builtin.stat:
+    path: /var/spool/cron/crontabs/root
+  register: root_crontab_file
+  tags:
+    - user_crontab
+
+- name: (cron.yml) Initialize root crontab with default header and env vars
+  ansible.builtin.copy:
+    dest: /var/spool/cron/crontabs/root
+    owner: root
+    group: crontab
+    mode: '0600'
+    content: |
+      # Edit this file to introduce tasks to be run by cron.
+      #
+      # Each task to run has to be defined through a single line
+      # indicating with different fields when the task will be run
+      # and what command to run for the task
+      #
+      # To define the time you can provide concrete values for
+      # minute (m), hour (h), day of month (dom), month (mon),
+      # and day of week (dow) or use '*' in these fields (for 'any').
+      #
+      # Notice that tasks will be started based on the cron's system
+      # daemon's notion of time and timezones.
+      #
+      # Output of the crontab jobs (including errors) is sent through
+      # email to the user the crontab file belongs to (unless redirected).
+      #
+      # For example, you can run a backup of all your user accounts
+      # at 5 a.m every week with:
+      # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
+      #
+      PATH={{ cron_root_path }}
+      SHELL=/bin/bash
+  when:
+    - not root_crontab_file.stat.exists
+  tags:
+    - user_crontab
+
 - name: (cron.yml) Set env entries in user crontabs
   cron:
     name: '{{ item.name }}'

roles/common/tasks/extrepo.yml

@@ -0,0 +1,26 @@
+---
+
+- name: (extrepo.yml) Install extrepo package
+  ansible.builtin.apt:
+    name: extrepo
+    state: present
+  tags:
+    - extrepo
+
+- name: (extrepo.yml) Enable contrib policy in /etc/extrepo/config.yaml
+  ansible.builtin.lineinfile:
+    path: /etc/extrepo/config.yaml
+    regexp: '^(#\s*)?-\s*contrib$'
+    insertafter: '^- main$'
+    line: '- contrib'
+  tags:
+    - extrepo
+
+- name: (extrepo.yml) Enable non-free policy in /etc/extrepo/config.yaml
+  ansible.builtin.lineinfile:
+    path: /etc/extrepo/config.yaml
+    regexp: '^(#\s*)?-\s*non-free$'
+    insertafter: '^- contrib$'
+    line: '- non-free'
+  tags:
+    - extrepo

roles/common/tasks/main.yml

@@ -32,6 +32,16 @@
     - ansible_facts['distribution'] == "Debian"
   tags: apt
 
+# tags supported inside extrepo.yml
+#
+#   extrepo
+- import_tasks: extrepo.yml
+  when:
+    - ansible_facts['distribution'] == "Debian"
+    - (ansible_facts['distribution_major_version'] | int) >= 12
+  tags:
+    - extrepo
+
 # tags supported inside apt-gateway.yml:
 #
 #