- name: mastodon | package manager | add gpg keys
  apt_key:
    id: "{{ item.id }}"
    url: "{{ item.url }}"
    state: present
  loop:
    - { id: "72ECF46A56B4AD39C907BBB71646B01B86E50310", url: "https://dl.yarnpkg.com/debian/pubkey.gpg" }
    - { id: "9FD3B784BC1C6FC31A8A0A1C1655A0AB68576280", url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" } 

- name: mastodon | package manager | download gpg keys
  get_url:
    url: "{{ item.url }}"
    dest: "/usr/share/keyrings/{{ item.localkey }}"
  loop:
    - { url: "https://dl.yarnpkg.com/debian/pubkey.gpg", localkey: "yarnkey.gpg" }
    - { url: "https://deb.nodesource.com/gpgkey/nodesource.gpg.key", localkey: "nodesource.gpg.key" }

- name: mastodon | package manager | add repos
  apt_repository:
    repo: "{{ item.repo }}"
    state: present
    mode: 0644 # not required. The octal mode for newly created files in sources.list.d
    update_cache: no
    validate_certs: yes # not required. If C(no), SSL certificates for the target repo will not be validated. This should only be used on personally controlled sites using self-signed certificates.
    filename: "{{ item.filename }}"
  loop:
    - { repo: "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian/ stable main", filename: "yarn"}
    - { repo: "deb [signed-by=/usr/share/keyrings/nodesource.gpg.key] https://deb.nodesource.com/node_{{ node_major_version }}.x {{ ansible_lsb.codename }} main", filename: "nodejs"}
    - { repo: "deb-src [signed-by=/usr/share/keyrings/nodesource.gpg.key] https://deb.nodesource.com/{{ node_major_version }}.x {{ ansible_lsb.codename }} main", filename: "nodejs"}

- name: mastodon | pause
  pause: