From 172665d23721d0f824fba01324de347af5a33868 Mon Sep 17 00:00:00 2001
From: Bert-Jan Fikse <bert-jan@whatwedo.ch>
Date: Thu, 18 Dec 2025 11:27:35 +0100
Subject: [PATCH 1/2] chore: add motd to base role

---
 roles/base/tasks/main.yml    |  8 ++++++++
 roles/base/templates/motd.j2 | 10 ++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 roles/base/templates/motd.j2

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 8860e9e..63cd09b 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -61,3 +61,11 @@
     state: started
     enabled: true
   when: ansible_virtualization_type != "docker"
+
+- name: Set custom MOTD
+  ansible.builtin.template:
+    src: motd.j2
+    dest: /etc/motd
+    owner: root
+    group: root
+    mode: '0644'
diff --git a/roles/base/templates/motd.j2 b/roles/base/templates/motd.j2
new file mode 100644
index 0000000..cbc0d0f
--- /dev/null
+++ b/roles/base/templates/motd.j2
@@ -0,0 +1,10 @@
+
+▗▄▄▄ ▗▄▄▄▖ ▗▄▄▖▗▄▄▄▖▗▄▄▄▖▗▄▖ ▗▖   ▗▄▄▖  ▗▄▖  ▗▄▖ ▗▄▄▖ ▗▄▄▄
+▐▌  █  █  ▐▌     █    █ ▐▌ ▐▌▐▌   ▐▌ ▐▌▐▌ ▐▌▐▌ ▐▌▐▌ ▐▌▐▌  █
+▐▌  █  █  ▐▌▝▜▌  █    █ ▐▛▀▜▌▐▌   ▐▛▀▚▖▐▌ ▐▌▐▛▀▜▌▐▛▀▚▖▐▌  █
+▐▙▄▄▀▗▄█▄▖▝▚▄▞▘▗▄█▄▖  █ ▐▌ ▐▌▐▙▄▄▖▐▙▄▞▘▝▚▄▞▘▐▌ ▐▌▐▌ ▐▌▐▙▄▄▀
+
+
+Hostname: {{ ansible_hostname }}
+Distribution: {{ ansible_distribution }} {{ ansible_distribution_version }}
+Kernel: {{ ansible_kernel }}
\ No newline at end of file

From 188a6f539fe29b8664e4e1d7b6ef934fde38a184 Mon Sep 17 00:00:00 2001
From: Bert-Jan Fikse <bert-jan@whatwedo.ch>
Date: Thu, 18 Dec 2025 11:28:14 +0100
Subject: [PATCH 2/2] chore: migrate to apt keyring for validation/signing

---
 roles/base/tasks/main.yml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
index 63cd09b..4758d77 100644
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -31,15 +31,23 @@
     state: present
   when: ansible_os_family == "Debian"
 
+- name: Create keyrings directory
+  ansible.builtin.file:
+    path: /etc/apt/keyrings
+    state: directory
+    mode: '0755'
+  when: ansible_os_family == "Debian"
+
 - name: Add Docker GPG key
-  ansible.builtin.apt_key:
+  ansible.builtin.get_url:
     url: https://download.docker.com/linux/debian/gpg
-    state: present
+    dest: /etc/apt/keyrings/docker.asc
+    mode: '0644'
   when: ansible_os_family == "Debian"
 
 - name: Add Docker repository
   ansible.builtin.apt_repository:
-    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+    repo: "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
     state: present
   when: ansible_os_family == "Debian"