ansible_playbook_audiometer/roles/nginx_rtmp/tasks/nginx_download.yml

---
- name: Download NginX
  become: true
  ansible.builtin.get_url:
    url: "{{ nginx_download }}"
    dest: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz"
    owner: root
    group: root
    mode: 0644

- name: Download NginX signature
  become: true
  ansible.builtin.get_url:
    url: "{{ nginx_download }}.asc"
    dest: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz.asc"
    owner: root
    group: root
    mode: 0644

- name: Download NginX GPG Key
  become: true
  ansible.builtin.get_url:
    url: "{{ nginx_gpg_key }}"
    dest: "/srv/checkout/nginx_{{ nginx_version }}_signing.key"
    owner: root
    group: root
    mode: 0644

- name: Download NginX GPG Key 2
  become: true
  ansible.builtin.get_url:
    url: "{{ nginx_gpg_key2 }}"
    dest: "/srv/checkout/nginx_{{ nginx_version }}_2_signing.key"
    owner: root
    group: root
    mode: 0644

- name: Install gpg2
  become: true
  ansible.builtin.package:
    name:
      - gnupg2
    state: present

- name: Import GPG key 2
  ansible.builtin.command: "gpg2 --import /srv/checkout/nginx_{{ nginx_version }}_2_signing.key"
  register: import_key
  ignore_errors: true

- name: Import GPG key
  ansible.builtin.command: "gpg2 --import /srv/checkout/nginx_{{ nginx_version }}_signing.key"
  register: import_key
  ignore_errors: true

- name: Verify GPG signature
  ansible.builtin.command: "gpg2 --verify /srv/checkout/nginx_{{ nginx_version }}.tar.gz.asc /srv/checkout/nginx_{{ nginx_version }}.tar.gz"
  register: verify_gpg
  failed_when: verify_gpg.rc not in [0, 1]

- name: Create compile folder
  become: true
  ansible.builtin.file:
    owner: root
    group: root
    state: directory
    path: "/srv/checkout/nginx_{{ nginx_version }}/"
    mode: 0755

- name: Extract tar.gz file
  become: true
  ansible.builtin.unarchive:
    src: "/srv/checkout/nginx_{{ nginx_version }}.tar.gz"
    dest: "/srv/checkout/nginx_{{ nginx_version }}/"
    remote_src: true
    extra_opts: ['--strip-components=1']
    owner: root
    group: root
    mode: 'u=rwX,g=rX,o='
  when: verify_gpg.rc == 0

- name: Verify failed notification
  ansible.builtin.fail:
    msg: 'GPG Verification failed'
  when: verify_gpg.rc == 1